Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upAdd Windows Gather SmarterMail Password Extraction post module #2934
Conversation
This comment has been minimized.
This comment has been minimized.
|
Checking it with rubocop for compliance with the Ruby Style guide and some mods I have seen @jvazquez-r7 I have seen request: infidel02:Meterpreter-Scripts carlos$ rubocop -c rubocop-todo.yml post/windows/gather/smartermail.rb
Inspecting 1 file
C
Offences:
post/windows/gather/smartermail.rb:1:1: C: Missing utf-8 encoding comment.
##
^
post/windows/gather/smartermail.rb:14:22: C: Surrounding space missing in default value assignment.
def initialize(info={})
^
post/windows/gather/smartermail.rb:15:11: C: Space inside parentheses detected.
super( update_info( info,
^
post/windows/gather/smartermail.rb:15:24: C: Space inside parentheses detected.
super( update_info( info,
^
post/windows/gather/smartermail.rb:16:9: C: Align the parameters of a method call if they span more than one line.
'Name' => 'Windows Gather SmarterMail Password Extraction',
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
post/windows/gather/smartermail.rb:31:14: C: Space inside square brackets detected.
[ 'URL', 'http://www.gironsec.com/blog/tag/cracking-smartermail/']
^
post/windows/gather/smartermail.rb:33:29: C: Space inside square brackets detected.
'Platform' => [ 'win' ],
^
post/windows/gather/smartermail.rb:33:35: C: Space inside square brackets detected.
'Platform' => [ 'win' ],
^
post/windows/gather/smartermail.rb:34:29: C: Space inside square brackets detected.
'SessionTypes' => [ 'meterpreter' ]
^
post/windows/gather/smartermail.rb:34:43: C: Space inside square brackets detected.
'SessionTypes' => [ 'meterpreter' ]
^
post/windows/gather/smartermail.rb:36:1: C: Extra empty line detected at body end.
post/windows/gather/smartermail.rb:42:19: C: Use def with parentheses when there are parameters.
def decrypt_des encrypted
^^^^^^^^^
post/windows/gather/smartermail.rb:48:5: C: Redundant `return` detected.
return decipher.update(encrypted) + decipher.final
^^^^^^
post/windows/gather/smartermail.rb:55:41: C: Prefer single-quoted strings when you don't need string interpolation or special symbols.
drive = session.fs.file.expand_path("%SystemDrive%")
^^^^^^^^^^^^^^^
post/windows/gather/smartermail.rb:83:20: C: Avoid the use of Perl-style backrefs.
@username = "#{$1}" if data =~ /(.+)<\/sysAdminUserName>/
^^
post/windows/gather/smartermail.rb:84:56: C: Avoid the use of Perl-style backrefs.
@password = decrypt_des(Rex::Text.decode_base64("#{$1}")) if data =~ /(.+)<\/sysAdminPassword>/
^^
post/windows/gather/smartermail.rb:84:101: C: Line is too long. [117/100]
@password = decrypt_des(Rex::Text.decode_base64("#{$1}")) if data =~ /(.+)<\/sysAdminPassword>/
^^^^^^^^^^^^^^^^^
post/windows/gather/smartermail.rb:93:24: C: Prefer single-quoted strings when you don't need string interpolation or special symbols.
if session.type != "meterpreter"
^^^^^^^^^^^^^
post/windows/gather/smartermail.rb:94:101: C: Line is too long. [101/100]
print_error "#{@host} (#{@comp}) - Only meterpreter sessions are supported by this post module"
^
post/windows/gather/smartermail.rb:115:101: C: Line is too long. [107/100]
print_good "#{@host} (#{@comp}) - Found credentials. Username: '#{@username}' Password: '#{@password}'"
^^^^^^^
post/windows/gather/smartermail.rb:124:3: C: Source files should end with a newline (\n).
end
^
1 file inspected, 21 offences detected
|
| # | ||
| # Retrieve username and decrypt encrypted password string from the config file | ||
| # | ||
| def get_smartermail_creds(path) |
This comment has been minimized.
This comment has been minimized.
darkoperator
Feb 1, 2014
Contributor
You are using Class variables, I believe they should be avoided, try modifying the method to return a hash maybe with the values and check the returned values.
+ def get_smartermail_creds(path)
+ vprint_status "#{@host} (#{@comp}) - Retrieving SmarterMail sysadmin password"
+ begin
+ data = read_file("#{path}") || ''
+ rescue Rex::Post::Meterpreter::RequestError => e
+ print_error "#{@host} (#{@comp}) - Failed to download #{path} - #{e}"
+ return
+ end
+ if data.nil?
+ print_error "#{@host} (#{@comp}) - Configuration file is empty."
+ return
+ end
+ @username = "#{$1}" if data =~ /(.+)<\/sysAdminUserName>/
+ @password = decrypt_des(Rex::Text.decode_base64("#{$1}")) if data =~ /(.+)<\/sysAdminPassword>/
+ end
This comment has been minimized.
This comment has been minimized.
bcoles
Feb 1, 2014
Author
Contributor
Yeah makes sense. I was just being lazy. I'll change it to a hash.
| def run | ||
| @host = "#{session.sock.peerhost}" | ||
| @comp = "#{sysinfo['Computer']}" | ||
| if session.type != "meterpreter" |
This comment has been minimized.
This comment has been minimized.
darkoperator
Feb 1, 2014
Contributor
You already specified in SessionTypes Meterpreter why check here for it again?
This comment has been minimized.
This comment has been minimized.
bcoles
Feb 1, 2014
Author
Contributor
Just copied and pasted for consistency. This is used by 9 other post modules. I'll remove it.
This comment has been minimized.
This comment has been minimized.
darkoperator
Feb 1, 2014
Contributor
Yeah I have done the same but have noticed that some of the *-r7 guys are following more and more the Ruby Style guide that is why I mentioned it, could be a non issue but @jvazquez-r7 should point us in the right direction he is the one that introduced me to it :)
| # Find the config file, extract the encrypted password and decrypt it | ||
| # | ||
| def run | ||
| @host = "#{session.sock.peerhost}" |
This comment has been minimized.
This comment has been minimized.
darkoperator
Feb 1, 2014
Contributor
Again no need to use class variables should be avoided, sysinfo is available to all module methods so there is no need to save the information in one.
This comment has been minimized.
This comment has been minimized.
bcoles
Feb 1, 2014
Author
Contributor
That's true. The class variable makes it easier to read. I'll change it.
This comment has been minimized.
This comment has been minimized.
|
link to rubocop https://github.com/bbatsov/rubocop and the yml file can be found here for reference https://www.dropbox.com/s/9pbuy35ggodus1v/rubocop-jv-style.yml |
This comment has been minimized.
This comment has been minimized.
|
Made suggested changes in commit 62dca11:
|
This comment has been minimized.
This comment has been minimized.
|
I'll be processing this before Monday comes, thanks. |
This comment has been minimized.
This comment has been minimized.
|
Made some changes to make sure it supports shell sessions. Will be merged in a bit. Demos (for both shell & meterpreter session types): |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
bcoles commentedFeb 1, 2014
Add Windows Gather SmarterMail Password Extraction post module.
Homepage: http://www.smartertools.com/smartermail/mail-server-software.aspx
Source: http://www.smartertools.com/smartermail/mail-server-download.aspx
Tested on: SmarterMail versions 10.7.4842 and 11.7.5136 (Windows 7)
Example Output
Example Verbose Output