Skip to content

Commit d1a7ea1

Browse files
mdaemon_cred_collector Doc
1 parent ce7d4cf commit d1a7ea1

File tree

1 file changed

+332
-0
lines changed

1 file changed

+332
-0
lines changed
Lines changed: 332 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,332 @@
1+
<html><head>
2+
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
3+
4+
<style>
5+
h1, h2, h3, h4, h5, h6, p, blockquote {
6+
margin: 0;
7+
padding: 0;
8+
}
9+
body {
10+
font-family: Arial, "Helvetica Neue", Helvetica, "Hiragino Sans GB", sans-serif;
11+
font-size: 16px;
12+
line-height: 18px;
13+
color: #737373;
14+
margin: 10px 13px 10px 13px;
15+
}
16+
a {
17+
color: #0069d6;
18+
}
19+
a:hover {
20+
color: #0050a3;
21+
text-decoration: none;
22+
}
23+
a img {
24+
border: none;
25+
}
26+
p {
27+
margin-bottom: 16px;
28+
}
29+
h1, h2, h3, h4, h5, h6 {
30+
color: #404040;
31+
line-height: 36px;
32+
}
33+
h1 {
34+
margin-bottom: 18px;
35+
font-size: 30px;
36+
}
37+
h2 {
38+
font-size: 24px;
39+
margin-bottom: 16px;
40+
}
41+
h3 {
42+
font-size: 18px;
43+
margin-bottom: 16px;
44+
}
45+
h4 {
46+
font-size: 16px;
47+
margin-bottom: 16px;
48+
}
49+
h5 {
50+
font-size: 16px;
51+
margin-bottom: 16px;
52+
}
53+
h6 {
54+
font-size: 13px;
55+
margin-bottom: 16px;
56+
}
57+
hr {
58+
margin: 0 0 19px;
59+
border: 0;
60+
border-bottom: 1px solid #eee;
61+
}
62+
blockquote {
63+
padding: 13px 13px 21px 15px;
64+
margin-bottom: 18px;
65+
font-family:georgia,serif;
66+
font-style: italic;
67+
}
68+
blockquote:before {
69+
content:"\201C";
70+
font-size:40px;
71+
margin-left:-10px;
72+
font-family:georgia,serif;
73+
color:#eee;
74+
}
75+
blockquote p {
76+
font-size: 16px;
77+
font-weight: 300;
78+
line-height: 18px;
79+
margin-bottom: 0;
80+
font-style: italic;
81+
}
82+
code, pre {
83+
font-family: Monaco, Andale Mono, Courier New, monospace;
84+
}
85+
code {
86+
background-color: #eee;
87+
color: rgba(0, 0, 0, 0.75);
88+
padding: 1px 3px;
89+
font-size: 13px;
90+
-webkit-border-radius: 3px;
91+
-moz-border-radius: 3px;
92+
border-radius: 3px;
93+
}
94+
pre {
95+
display: block;
96+
margin: 0 0 18px;
97+
line-height: 16px;
98+
font-size: 13px;
99+
border: 1px solid #d9d9d9;
100+
white-space: pre-wrap;
101+
word-wrap: break-word;
102+
}
103+
pre code {
104+
background-color: #fff;
105+
color:#737373;
106+
font-size: 13px;
107+
padding: 0;
108+
}
109+
@media screen and (min-width: 768px) {
110+
body {
111+
width: 748px;
112+
margin:10px auto;
113+
}
114+
}
115+
#overview_info_button {
116+
font-family:Arial, sans-serif;
117+
font-size:16px;
118+
padding:10px 5px;
119+
border-style:solid;
120+
border-width:1px;
121+
border-color:#EEEEEE;
122+
color:#C4C4C4;
123+
}
124+
#knowledge_base_button {
125+
font-family:Arial, sans-serif;
126+
font-size:16px;
127+
padding:10px 5px;
128+
border-style:solid;
129+
border-width:1px;
130+
border-color:#ccc;
131+
color:#333;
132+
}
133+
#overview_info_button:hover, #knowledge_base_button:hover {
134+
cursor: pointer;
135+
}
136+
#long_list {
137+
height:280px;
138+
overflow:auto;
139+
border-style: solid;
140+
border-width: 1px;
141+
border-color: #ccc;
142+
}
143+
144+
145+
/*
146+
Description: Foundation 4 docs style for highlight.js
147+
Author: Dan Allen <[email protected]>
148+
Website: http://foundation.zurb.com/docs/
149+
Version: 1.0
150+
Date: 2013-04-02
151+
*/
152+
153+
pre code {
154+
display: block; padding: 0.5em;
155+
background: #eee;
156+
}
157+
158+
pre .decorator,
159+
pre .annotation {
160+
color: #000077;
161+
}
162+
163+
pre .attribute {
164+
color: #070;
165+
}
166+
167+
pre .value,
168+
pre .string,
169+
pre .scss .value .string {
170+
color: #d14;
171+
}
172+
173+
pre .comment {
174+
color: #998;
175+
font-style: italic;
176+
}
177+
178+
pre .function .title {
179+
color: #900;
180+
}
181+
182+
pre .class {
183+
color: #458;
184+
}
185+
186+
pre .id,
187+
pre .pseudo,
188+
pre .constant,
189+
pre .hexcolor {
190+
color: teal;
191+
}
192+
193+
pre .variable {
194+
color: #336699;
195+
}
196+
197+
pre .javadoc {
198+
color: #997700;
199+
}
200+
201+
pre .pi,
202+
pre .doctype {
203+
color: #3344bb;
204+
}
205+
206+
pre .number {
207+
color: #099;
208+
}
209+
210+
pre .important {
211+
color: #f00;
212+
}
213+
214+
pre .label {
215+
color: #970;
216+
}
217+
218+
pre .preprocessor {
219+
color: #579;
220+
}
221+
222+
pre .reserved,
223+
pre .keyword,
224+
pre .scss .value {
225+
color: #000;
226+
}
227+
228+
pre .regexp {
229+
background-color: #fff0ff;
230+
color: #880088;
231+
}
232+
233+
pre .symbol {
234+
color: #990073;
235+
}
236+
237+
pre .symbol .string {
238+
color: #a60;
239+
}
240+
241+
pre .tag {
242+
color: #007700;
243+
}
244+
245+
pre .at_rule,
246+
pre .at_rule .keyword {
247+
color: #088;
248+
}
249+
250+
pre .at_rule .preprocessor {
251+
color: #808;
252+
}
253+
254+
pre .scss .tag,
255+
pre .scss .attribute {
256+
color: #339;
257+
}
258+
</style>
259+
</head>
260+
<body onload="initDoc()">
261+
262+
<div id="overview_info">
263+
<h2>Windows Gather MDaemonEmailServer Credential Cracking</h2><hr>
264+
<p>
265+
Finds and cracks the stored passwords of MDaemon Email
266+
Server.
267+
268+
</p>
269+
<h2>Module Name</h2><hr>
270+
<p>post/windows/gather/credentials/mdaemon_cred_collector</p>
271+
<h2>Authors</h2><hr><ul><li>Manuel Nader @AgoraSecurity</li>
272+
</ul><h2>Required Options</h2><hr><ul><li>SESSION - The session to run this module on.</li>
273+
</ul><h2>Vulnerable Applications</h2><hr>
274+
<ul><li>MDaemon e-Mail Server Software for Windows</li>
275+
</ul><h2>Platforms</h2><hr><ul><li>win</li>
276+
</ul><h2>Reliability</h2><hr>
277+
<p><a href="https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking">Excellent</a></p>
278+
<h2>References</h2><hr><ul>
279+
<li><a href="http://www.securityfocus.com/bid/4686">http://www.securityfocus.com/bid/4686</a></li>
280+
<li><a href="https://github.com/AgoraSecurity/MdaemonCrack">https://github.com/AgoraSecurity/MdaemonCrack</a></li>
281+
</ul><h2>Required Options</h2><hr><ul><li>SESSION - The session to run this module on.</li>
282+
</ul><h2>Options</h2><hr><ul>
283+
<li>RPATH - The remote path of the MDaemon installation.</li>
284+
<li>Verbose - Will display more information of the module while running.</li>
285+
</ul><h2>Verification Steps</h2><hr>
286+
<p>1 - Get a meterpreter on a windows machine that has MDaemon installed.</p>
287+
288+
<p>2 - Load the module:</p>
289+
<pre><code>msf &gt; use post/windows/gather/credentials/mdaemon_cred_collector</code></pre>
290+
291+
<p>3 - Set the correct session on the module. Optional: you can add the remote path of the installation, especially if the software is installed on a strange path and the module can't find it..</p>
292+
293+
<p>4 - Run the module and enjoy the loot.</p>
294+
295+
296+
</ul><h2>Basic Usage</h2><hr>
297+
<p><strong>From the msf prompt</strong></p>
298+
299+
<p>By using the "use" command at the msf prompt. You will have to figure out which
300+
session ID to set manually. To list all session IDs, you can use the "sessions" command.</p>
301+
<pre><code>msf &gt; use post/windows/gather/credentials/mdaemon_cred_collector
302+
msf post(mdaemon_cred_collector) &gt; show options
303+
... show and set options ...
304+
msf post(mdaemon_cred_collector) &gt; set SESSION session-id
305+
msf post(mdaemon_cred_collector) &gt; exploit
306+
</code></pre>
307+
<p>If you wish to run the post against all sessions from framework, here is how:</p>
308+
309+
<p>1 - Create the following resource script:</p>
310+
<pre><code><ruby>
311+
framework.sessions.each_pair do |sid, session|
312+
run_single("use post/windows/gather/credentials/mdaemon_cred_collector")
313+
run_single("set SESSION #{sid}")
314+
run_single("run")
315+
end
316+
</ruby>
317+
</code></pre>
318+
<p>2 - At the msf prompt, execute the above resource script:</p>
319+
<pre><code>msf &gt; resource path-to-resource-script
320+
</code></pre>
321+
322+
</ul><h2>Scenarios</h2><hr>
323+
<p><strong>Meterpreter on email server</strong></p>
324+
325+
<p>If you have a meterpreter running on a server that has MDaemon installed, run the module and you will get all the users and passwords of the email server. Quite useful for trying password reuse and/or checking the strength of the passwords.</p>
326+
327+
<p>Note: MDaemon can store the passwords on a database, in that case the module won't work, but you can search for the database location, username and password and still get them :)</p>
328+
329+
</div>
330+
331+
332+
</body></html>

0 commit comments

Comments
 (0)