Joe Vennix
b9c46cde47
Refactor runCmd, allow js exec.
...
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
Tod Beardsley
cd38f1ec5d
Minor touchups to recent modules.
2014-01-03 13:39:14 -06:00
jvazquez-r7
3f0ee081d9
Beautify description
2014-01-02 15:37:58 -06:00
jvazquez-r7
d5e196707d
Include Msf::Post::Windows::Error
2014-01-02 13:41:37 -06:00
jvazquez-r7
ec8d24c376
Update against upstream
2014-01-02 12:55:46 -06:00
jvazquez-r7
3bccaa407f
Beautify use of Regexp
2014-01-02 12:54:54 -06:00
bmerinofe
832b0455f1
Class constants and Regex added
2013-12-31 03:20:12 +01:00
jvazquez-r7
4366d4da20
Delete comma
2013-12-30 11:45:52 -06:00
jvazquez-r7
54a6a4aafa
Land #2807 , @todb-r7's armory support for bitcoin_jaker
2013-12-30 11:44:51 -06:00
bmerinofe
e3d918a8a3
Applying changes
2013-12-30 01:49:13 +01:00
Tod Beardsley
88cf1e4843
Default false KILL_PROCESSES for bitcoin_jacker
...
I seem to able to read associated wallet files while these processes are
running with the greatest of ease. Maybe there was a file locking
concern, but I haven't run into it. Feel free to avoid landing this
particular commit if you disagree.
2013-12-29 14:12:00 -06:00
Tod Beardsley
5e0c7e4741
DRY up bitcoin_jacker.rb, support Armory
...
Also, make the process killing optional.
2013-12-29 13:07:43 -06:00
TabAssassin
9384a466c1
Retab bitcoin_jacker.rb
2013-12-29 10:59:15 -06:00
Tod Beardsley
6fcd12e36c
Refactor for clearer syntax and variables
...
This was done on a barely configured Windows machine, so mind the tabs.
2013-12-29 10:15:48 -06:00
Tod Beardsley
ef73ca537f
First, clean up the original a little
2013-12-28 18:57:04 -06:00
sinn3r
f2335b5145
Land #2792 - SSO/Mimikatz module overwrites password with N/A
2013-12-27 17:25:44 -06:00
Tod Beardsley
d6a63433a6
Space at EOL
2013-12-26 10:37:18 -06:00
sinn3r
78db7429d0
Turns out the latest Safari is still vulnerable.
...
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
2013-12-24 19:27:45 -06:00
sinn3r
a26e12b746
Updates descriiption and improves regex for safari_lastsession.rb
...
This updates two things for the safari_lastsession post module:
1. The description is updated: More information is added to describe
how Safari would end up storing the Gmail credential in the last
session state, and what it means to you as an attacker.
2. Regex update for the domain to search for: Before the module starts
extract the session data, it needs to know which domain to extract from.
Originally I only added mail.google.com, but turns out the sensitive info
can be found in accounts.google.com, so I added that one.
2013-12-24 14:00:55 -06:00
Meatballs
bf8c0b10fa
Dont store n/a creds
2013-12-21 09:04:02 +00:00
jvazquez-r7
a043d384d4
Land #2738 , @jiuweigui update to enum_prefetch
2013-12-20 10:26:54 -06:00
Meatballs
f99a5b8b47
Update for extapi
2013-12-20 13:18:01 +00:00
Meatballs
4ca25d5d89
Merge branch 'enum_ad_perf' into enum_ad_users
2013-12-20 12:54:24 +00:00
Meatballs
62ef810e7c
Use Extapi if available
2013-12-19 18:18:47 +00:00
Meatballs
737154c2fe
Update to use extapi
2013-12-19 16:46:09 +00:00
William Vu
9434d60021
Remove EOL whitespace from OS X hashdump
2013-12-19 10:39:49 -06:00
Meatballs
3ef1c0ecd6
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2013-12-19 14:25:07 +00:00
Meatballs
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
sinn3r
8dfa2e6963
Land #2734 - OSX Gather Autologin Password as Root
2013-12-18 15:37:45 -06:00
sinn3r
5011c4d928
The "unless" Ruby nazi is in town
2013-12-18 15:28:31 -06:00
sinn3r
5ec3d5f3f6
Raise specific exceptions
2013-12-18 15:27:49 -06:00
Tod Beardsley
c4b8178663
Correct camelCase of YouTube
2013-12-18 14:06:45 -06:00
sinn3r
10e16673a7
There must be read_file
2013-12-17 16:42:49 -06:00
sinn3r
21feae0bbc
Make sure the file path is readable when it's ~/
2013-12-17 16:38:58 -06:00
jvazquez-r7
7ec96876d9
Delete unnecessary includes
2013-12-17 15:57:09 -06:00
sinn3r
374ef71c12
Favor read_file instead
2013-12-17 15:34:52 -06:00
sinn3r
ea6ba2b159
Add post module to get LastSession.plist
...
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
2013-12-17 13:07:30 -06:00
bmerinofe
89ffafad0e
Changes to Service mixin
2013-12-17 13:10:27 +01:00
Tod Beardsley
040619c373
Minor description changes
...
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
jiuweigui
446db78818
Minor fix to gather_pf_info function
2013-12-16 21:33:07 +02:00
bmerinofe
f185c2deb1
added driver_loaded post meterpreter module
2013-12-14 00:07:04 +01:00
jvazquez-r7
7ab1369515
Land #2757 , @wchen-r7's youtube post module
2013-12-12 16:36:42 -06:00
sinn3r
1bcaffccc8
Make sure profile name is random
2013-12-12 16:19:06 -06:00
sinn3r
036955983d
Add support for Linux, thanks @jvennix-r7!
2013-12-12 16:12:36 -06:00
sinn3r
7d12ced66e
Remove unnecessary require statements
2013-12-12 13:49:54 -06:00
sinn3r
ce18ac4c62
fix comment
2013-12-12 12:49:46 -06:00
sinn3r
97e9daaa6a
Change title
2013-12-12 12:42:07 -06:00
sinn3r
de087d134a
Account for error
2013-12-12 12:41:05 -06:00
sinn3r
7ff0f4a2e7
move to multi for real
2013-12-12 12:35:58 -06:00
sinn3r
4d1a07bdfc
Move to multi
2013-12-12 12:34:45 -06:00
sinn3r
17b5d3c375
Add support for OSX
2013-12-12 12:33:59 -06:00
sinn3r
509ebddb87
Turns out there's -k, that's easier
2013-12-12 10:09:02 -06:00
sinn3r
54a5dfc344
This module allows you to broadcast a Youtube video on compromised machines
2013-12-12 02:34:00 -06:00
jvazquez-r7
374e40c815
Add requires
2013-12-11 12:05:12 -06:00
jvazquez-r7
572ddacdd6
Clean ie_proxypac
2013-12-11 11:49:29 -06:00
jvazquez-r7
7589b4c4d5
Merge for retab
2013-12-11 11:47:30 -06:00
bmerinofe
e6eeb4a26d
rescue RuntimeError added
2013-12-11 03:00:13 +01:00
jvazquez-r7
2ef3caa9d7
Land #2735 , @jvennix-r7 support of 10.8+ on osx hashdump
2013-12-10 09:39:04 -06:00
Tod Beardsley
1b3bc878f8
Unscrew the author name
2013-12-09 21:32:03 -06:00
bmerinofe
e9edce10ac
Applying changes
2013-12-10 03:07:40 +01:00
Joe Vennix
06b651de7b
Revert read_file to cat so that pipe will work.
2013-12-09 19:30:08 -06:00
Joe Vennix
450716c788
Remove meterpreter support from osx autologin gather.
2013-12-09 19:19:20 -06:00
Tod Beardsley
e737b136cc
Minor grammar/caps fixup for release
2013-12-09 14:01:27 -06:00
Joe Vennix
6d1d45c691
Add user param to nt_hash call.
2013-12-09 10:28:06 -06:00
sinn3r
9c5991980a
Land #2733 - Disable meterpreter support because they're not stable
2013-12-09 02:50:36 -06:00
Joe Vennix
dea35252af
Kill unused method.
2013-12-08 14:35:49 -06:00
Joe Vennix
df76651834
Make sure loot is named correctly.
2013-12-08 14:31:18 -06:00
Joe Vennix
7f3ab14179
Make pipe part of /bin/bash cmd.
2013-12-08 14:27:28 -06:00
Joe Vennix
9b34a8f1ad
Supports 10.3
2013-12-08 14:26:16 -06:00
Joe Vennix
f981a04918
Fix MATCHUSER bug.
...
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
2013-12-08 14:21:48 -06:00
jiuweigui
2a0b503f06
Minor fix
2013-12-08 18:17:22 +02:00
Joe Vennix
eacab1b2ad
Fix description, kill dead constant.
2013-12-07 22:28:16 -06:00
Joe Vennix
969f45fd32
Refactor OSX hashdump post module.
...
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
2013-12-07 22:22:23 -06:00
Joe Vennix
3066e62711
Fix typo, fix no-autologin users bug.
2013-12-07 19:27:36 -06:00
Joe Vennix
4cb788b9de
Adds osx autologin password post module.
2013-12-07 19:01:35 -06:00
Joe Vennix
c6eac67ab5
Kill meterpreter support for osx media modules.
...
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
bmerinofe
5e5fd6b01a
Unless replaced
2013-12-06 15:01:35 +01:00
Meatballs
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
OJ
73d3ea699f
Remove the last redundant error check
2013-12-06 09:32:21 +10:00
OJ
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
William Vu
79e23a1e13
Land #2675 , @JonValt's forensics/browser_history
...
Great job!
2013-12-05 09:35:53 -06:00
Joshua Harper PI GCFE GCFA GSEC
cd5172384f
Rename gather_browser_history.rb to browser_history.rb
2013-12-05 08:43:19 -06:00
Joshua Harper
3957bbc710
capitalization ("skype")
...
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120307 )
Removed some Chrome artifacts and renamed one to reflect "Archived History."
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120314 )
((Will include other doxxes in another module.))
2013-12-05 08:33:47 -06:00
jiuweigui
717f45ac09
Minor modification
2013-12-05 09:07:28 +02:00
jiuweigui
902d48efab
Delete debug prints
2013-12-05 09:03:42 +02:00
jiuweigui
492cd1ca07
Modifications how info is collected from pf files.
2013-12-05 08:56:26 +02:00
OJ
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
bmerinofe
1833b6fd95
More changes. No admin privs check
2013-12-04 14:51:46 +01:00
OJ
7e8db8662e
Update name of the mixin
...
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
bmerinofe
05479b2a19
Added new options
2013-12-04 11:45:37 +01:00
OJ
f79af4c30e
Add RDI mixin module
...
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
bmerinofe
5c266adfd7
added ie_proxypac post meterpreter module
2013-12-03 22:23:09 +01:00
sinn3r
19293d89dd
Land #2704 - rm script launcher and fix file_exists?
2013-12-02 15:05:01 -06:00
Peter Toth
44e37f1b98
Improved meterpreter compatibility
2013-12-02 21:43:58 +01:00
Joshua Harper
d1dd7c291b
cosmetic (indentation)
...
https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7977962
2013-12-02 13:16:48 -06:00
jvazquez-r7
7e379376dc
Land #2635 , @peto01 and @jvennix-r7's osx post module to manage volumes
2013-12-02 09:22:23 -06:00
jvazquez-r7
cc2b7950bf
Do minor cleanup to mount_share
2013-12-02 09:21:36 -06:00
joev
040a629f34
Kill meterpreter support.
...
* Meterpreter seems to fall over on the cmd escaping, and dies if you
try to pass it an array of args (python/java meterpreter on various versions
of osx).
2013-12-01 20:17:43 -06:00
joev
2de9a4f3c1
Add support for 10.5 shares.
2013-12-01 20:13:54 -06:00
Joshua Harper
cdf6ffa70d
Complete refactor with lots of help from @kernelsmith and @OJ. Thank you guys so much.
2013-11-27 21:02:48 -06:00