Commit Graph

756 Commits (06de47ce685dade80304b7dd94d71d6e239fa5e7)

Author SHA1 Message Date
William Vu 1b8b3bbb95 Update nc -j check in cups_root_file_read 2018-12-18 17:38:33 -06:00
Brendan Coles c3080d69f2 Use writable? method for local modules 2018-11-04 05:28:32 +00:00
Spencer McIntyre c71bbc1019 Remove spaces that msftidy caught 2018-10-23 10:13:44 -04:00
Spencer McIntyre 15e67de8fc Add the EMBED option for play_youtube.rb 2018-10-22 19:51:41 -04:00
Spencer McIntyre 65d26d3a1e Use the DISPLAY environment variable when available 2018-10-19 14:35:35 -04:00
Brent Cook ff0ee51da1
Land #10686, ARGS, TIMEOUT, and output to upload_exec module
Merge remote-tracking branch 'upstream/pr/10686' into upstream-master
2018-10-04 04:28:02 -05:00
William Vu e0a664c0cd Improve prints, use FileDropper, and bump TIMEOUT 2018-10-02 21:53:18 -05:00
Tim W b993d74f6c minor tweak 2018-10-02 11:41:58 +08:00
Tim W 5cfc19b804 fix post/multi/gather/wlan_geolocate on Android 2018-10-02 11:35:47 +08:00
William Vu 3bda794f00 Update upload_exec with chmod 2018-09-26 18:46:43 -05:00
Tim W 4adca52103 create chmod helper function 2018-09-26 18:46:42 -05:00
William Vu 81d020f810 Add a couple more Unix platforms
This is so we don't trigger the session compatibility warning. These
platforms have been worked on most recently.
2018-09-26 18:46:42 -05:00
William Vu a119465495 Tell the user when there's blank output 2018-09-26 18:46:42 -05:00
William Vu 6dd6e8abcb Change vprint to print because we test output
Fewer surprises this way when people don't set VERBOSE.
2018-09-26 18:46:42 -05:00
William Vu 42fab6266d Prefer vprint_line for better formatting 2018-09-26 18:46:42 -05:00
William Vu 40f19efe2c Don't use cmd.exe /c start so we can fetch output 2018-09-26 18:46:42 -05:00
William Vu dc1fddd31e Move chmod so Windows doesn't do it 2018-09-26 18:46:42 -05:00
William Vu d5f5ef103f Refactor everything and add command output 2018-09-26 18:46:42 -05:00
William Vu 410abdca80 Tweak TIMEOUT to match cmd_exec's default 2018-09-26 18:46:42 -05:00
William Vu 1df6c43b12 Add ARGS and TIMEOUT options to upload_exec
Credit to @bcoles for the initial patch.
2018-09-26 18:46:42 -05:00
William Vu 87eb600510
Land #10611, mRemote creds gather module fixes
Also update #10612 to align with these changes.
2018-09-10 15:25:09 -05:00
William Vu 3ec4d2f22b Normalize loot type OID
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported

Can we get some sort of standard on the OID?
2018-09-10 15:06:07 -05:00
h00die 39a2d9d2a8 save xml files as xml 2018-09-09 21:24:39 -04:00
Tim W b7da75d860 fix #10576, fix session upgrade HANDLE_TIMEOUT 2018-09-04 16:46:33 +08:00
Adam Cammack 79736406b2
Land #10394, Cleanup aws_ec2_instance_metadata 2018-08-15 14:51:12 -05:00
reka193 d60aa55e07
Modified regex
Based on the comment: https://github.com/rapid7/metasploit-framework/pull/10394#discussion_r207042496
2018-08-02 15:55:24 +02:00
reka193 ece9a72d13
Removed tabs 2018-07-30 15:07:55 +02:00
reka193 5962fa752e
Fixes in aws_ec2_instance_metadata
@@ -36,7 +36,7 @@ def initialize(info = {})

    - unless resp =~ /^instance-id.$/m
    + unless resp =~ /^instance-id$/m
The original regex requires one character after 'instance-id' which is not present in the instance.

@@ -50,15 +50,16 @@ def check_curl

    - base_resp.split(/\r\n/).each do |l|
    -    new_uri = base_uri.merge("./#{l}")
    + base_resp.split(/\r?\n/).each do |l|
    +   new_uri = "#{base_uri}#{l}"

    - key_uri = new_uri.merge("./#{key_id}/")
    - key_resp = simple_get(key_uri)
    + new_uri = new_uri.slice(0..(new_uri.index(%r{/public-keys/})+'/public-keys'.length))
    + key_uri = "#{new_uri}#{key_id}/"
    + key_resp = simple_get(key_uri)

1. merge function was causing 'rescue in merge' errors
2. the split function could not succeed, there were no '\r\n' between the lines but '\n' only
3. the special case was not handled correctly 
was trying to curl http://169.254.169.254/latest/meta-data/public-keys/0=Key0/ instead of http://169.254.169.254/latest/meta-data/public-keys/0/

@@ -94,6 +95,6 @@ def setup

    - cmd_exec("curl #{url}")
    + cmd_exec("curl -s #{url}")
Curl was causing issues when not in silent mode.
2018-07-30 14:02:15 +02:00
reka193 6790ac1998
Reset to original 2018-07-30 10:48:32 +02:00
William Vu 0433cb92ba Fix upload_exec for absolute paths
Also prefer chmod 700 over 755, since it's our file.
2018-07-26 19:48:12 -05:00
reka193 408dc7793f
Update aws_ec2_instance_metadata.rb 2018-07-23 10:00:12 +02:00
reka193 4c4f0c1d3e
Update
Fixes for Kali linux 4.14 with ruby 2.3.
2018-07-18 10:42:51 +00:00
Brent Cook b4b7bf03da
Land #10171, Implement desktop shell and screensaver post modules 2018-07-05 17:33:06 -05:00
thesubtlety 970c164e06 fix undefined method capitalize error for array 2018-07-05 14:33:51 -07:00
Eliott Teissonniere c4632f44aa Fix windows 2018-06-21 16:46:15 +00:00
Eliott Teissonniere 2008de4080 Support Windows screensaver and locking 2018-06-21 16:46:00 +00:00
Eliott Teissonniere a8e9c20d6c Make open works on windows 2018-06-20 09:23:57 +00:00
Eliott Teissonniere 4c0ac00f38 Make screensaver works on OSX 2018-06-20 09:13:51 +00:00
Eliott Teissonniere 351a0bd37f Cleanup command execution code 2018-06-18 07:24:54 +00:00
Eliott Teissonniere a750aedb6b Move xdg_screensaver to multi module 2018-06-18 07:19:52 +00:00
Eliott Teissonniere 1f6b9a51ea Remove useless import 2018-06-18 06:56:39 +00:00
Eliott Teissonniere 8342751b05 Move xdg_open to multi module 2018-06-18 06:54:13 +00:00
William Vu b733b79533
Land #10021, post/multi/recon/sudo_commands module 2018-06-14 16:33:50 -05:00
Brendan Coles 4df01da49a Add GTFOBins 2018-05-25 04:20:25 +00:00
Brendan Coles 7ebe0d6dc5 Use sudo -l rather than sudo -l -l 2018-05-15 18:53:52 +00:00
Brendan Coles 17bd9aafb3 Add post/multi/recon/sudo_commands 2018-05-14 18:31:24 +00:00
Brendan Coles cb29b4cf7a Update Local Exploit Suggester - Fix #9974 2018-05-05 04:41:58 +00:00
Brent Cook cd728defed Merge branch 'master' into land-9607- 2018-02-23 11:09:20 -06:00
Tim W f10d58bc2d upgrade osx shells to osx meterpreter 2018-02-21 02:54:38 +08:00
UnaPibaGeek eae9c60430 Disclaimer and wget support added and syntax errors fixed. 2018-02-03 02:18:30 -03:00