Commit Graph

1950 Commits (0c792798a764249b84835b5bdaf0dfb25aca9151)

Author SHA1 Message Date
Meatballs f8628e3438
Merge remote-tracking branch 'upstream/master' into wdigest_enable 2016-03-30 15:44:21 +01:00
Meatballs 9e45f0c104
Minor tidies 2016-03-30 15:29:03 +01:00
Hans-Martin Münch (h0ng10) 976932ed43 Initial commit 2016-03-26 12:00:25 +01:00
James Lee d54bbdf9a3
Land #6566, filezilla xml file locations 2016-03-17 16:27:24 -05:00
James Lee 115a033036
Fix parsing the Last Server xml 2016-03-17 16:27:02 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Brent Cook cd84ac37d6
Land #6569, check if USERNAME env var exists before using in enum_chrome post module 2016-03-13 15:12:51 -05:00
Brent Cook c89e53d0a3
Land #6666, fix filezilla_server display bug showing the session ID 2016-03-13 13:56:44 -05:00
wchen-r7 51cdb57d42 Fix #6569, Add a check for USERNAME env var in enum_chrome post mod
Fix #6569

Depending on the context, the USERNAME environment variable might
not always be there.
2016-03-11 15:36:44 -06:00
James Lee 8217d55e25
Fix display issue when SESSION is -1 2016-03-11 11:37:22 -06:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names"
This reverts commit 3da9535e22.
2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Meatballs c7f9fbcdfa Change to enable/disable 2016-03-06 04:31:24 +00:00
Meatballs 6b510005da Reverse os checks 2016-03-06 04:31:23 +00:00
Meatballs 0e52fda708 Initial tidy 2016-03-06 04:31:23 +00:00
William Vu 8a15c36770
Land #6563, VNC creds scraper uninstall location 2016-02-19 15:01:23 -06:00
William Vu bfd204ac50 Fix some cosmetic issues 2016-02-19 15:00:56 -06:00
nk bc74ceb8c5 Handle errors when parsing interfaces.xml, add check for several locations 2016-02-11 15:56:58 +01:00
Nicolas Devillers 8118198628 Add vprint of the exception message 2016-02-10 22:47:51 +01:00
nk 1637891ece Add check for the uninstall location in vnc post module 2016-02-10 20:30:41 +01:00
Josh Hale 62dd82e653 Make fix easier to read 2016-02-10 11:24:45 -06:00
Josh Hale 4653c27167 Fix minor grammar error in description 2016-02-09 21:24:40 -06:00
Josh Hale 08a41b0a31 Fix issue when target PID not owned by session 2016-02-09 21:22:50 -06:00
Josh Hale 3d4b7af6bb Update description 2016-01-30 14:35:03 -06:00
Josh Hale 413ea53984 Add found flag and touchup code 2016-01-30 14:31:45 -06:00
Josh Hale 3abb6feb3f Add autoadd feature to autoroute.rb 2016-01-29 21:34:22 -06:00
wchen-r7 315d079ae8
Land #6402, Add Post Module for Windows Priv Based Meterpreter Migration
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
wchen-r7 6deb57dca3 Deprecate post/windows/manage/smart_migrate and other things
This includes:

* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
Meatballs 7128c408c8
Land #6375, Active Directory Managed Groups Enumeration 2016-01-12 11:21:31 +00:00
Meatballs 4ba2d56f49
Just search on DN for samaccountname 2016-01-12 11:20:20 +00:00
David Maloney 5e6620f2cf
add yard doc and lexical sorting
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
David Maloney 536378e023
move datastore kill check to kill method
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
David Maloney 9716b97e1c
split up the migration efforts
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney ad50f9a047
move default targets to constants
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Josh 4e99c873c8 Fix issue when target_pid == current_pid 2016-01-06 19:58:07 -06:00
Josh 60c506d7fb Replace error handling methods 2016-01-06 18:53:54 -06:00
Vincent Yiu 30a866a85b Update enable_rdp.rb
Fixed some typos.
2016-01-04 09:52:57 +00:00
Kyle Gray 47f9880690
Land #6395, grammar fixes for recovery_files.rb
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
William Vu cf0e982e83
Land #6386, VNC creds module fix 2015-12-28 02:32:26 -06:00
William Vu 6b9c74eec7 Prefer gsub and nix the return 2015-12-28 02:31:47 -06:00
Josh 0de69a9d40 Add post Windows privilege based migrate 2015-12-27 19:26:21 -06:00
Jon Hart f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
karllll 431c6001a8 Fix recovery_files.rb Description grammar errors 2015-12-24 10:10:39 -05:00
Stuart Morgan 391145a4af Checking if group_filter is empty 2015-12-23 15:14:37 +00:00
g0tmi1k 2f71730484 Gather VNC null byte fix + formatting 2015-12-22 17:30:37 +00:00
Stuart Morgan f950633d32 renamed 2015-12-21 18:16:06 +00:00
Stuart Morgan e09c2944cf Renamed module to be more descriptive 2015-12-21 18:15:39 +00:00
Stuart Morgan 4c27f381dc rubocop & msftidy 2015-12-21 18:15:19 +00:00
Stuart Morgan 8438774077 Bug 2015-12-21 18:13:58 +00:00
Stuart Morgan 0b6969afbc Rubocop. This encoding mess was the only way I could find to deal with a number of parsing errors when testing this against a multilingual domain. 2015-12-21 17:30:32 +00:00
Stuart Morgan 30e283b0ae fixup 2015-12-21 17:28:36 +00:00
Stuart Morgan 751a0708bf rubocop 2015-12-21 13:32:29 +00:00
Stuart Morgan 0c8aa0bd5c msftidy - fixed module name 2015-12-21 13:32:11 +00:00
Stuart Morgan 0081c79f39 Added comments 2015-12-21 13:31:26 +00:00
Stuart Morgan 03b904cc4e Initial version 2015-12-21 13:29:47 +00:00
Stuart Morgan 16cf3c6207 Further messing about with unicode conversions 2015-12-21 13:28:27 +00:00
Stuart Morgan e8c8c54cb0 Use a regex with a negative lookbehind to cope with CNs that contain commas 2015-12-21 11:44:37 +00:00
Stuart Morgan d8b3b15da6 Trying to fix encoding errors 2015-12-21 11:43:12 +00:00
Stuart Morgan 76f99cbc7f Fixing UTF-8 encoding errors with some strangely named groups 2015-12-21 11:11:01 +00:00
Stuart Morgan b0fca769d7 capitalisation 2015-12-21 10:39:30 +00:00
Stuart Morgan 4ed32ad3e8 Add manager user attribute 2015-12-20 22:51:37 +00:00
Stuart Morgan 9493b333df rubocop 2015-12-20 21:22:03 +00:00
Stuart Morgan c394caad27 actually made the securitygroups only option do something 2015-12-20 21:19:24 +00:00
Stuart Morgan 07caaf352b made comment match purpose 2015-12-20 21:18:21 +00:00
Stuart Morgan c0a93433af msftidy 2015-12-20 21:16:42 +00:00
Stuart Morgan 89728fd8fe Working version 2015-12-20 21:16:17 +00:00
Stuart Morgan ae09549057 New module, strating with managedby_groups 2015-12-20 20:17:06 +00:00
Stuart Morgan 28e563659f Added managedBy to group acquisition 2015-12-20 20:16:18 +00:00
Stuart Morgan d79fd9a9f3 Renamed the comments attribute to comment 2015-12-20 19:53:36 +00:00
Stuart Morgan 924017e606 Moved trust enumeration to separate PR 2015-12-20 19:46:20 +00:00
Stuart Morgan 43f8a35b12 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_filter_to_ad_tools 2015-12-20 19:43:04 +00:00
Stuart Morgan 3a89d3cc70 Turns out that we dont need the report or accounts includes in there, so removing them for tidyness 2015-12-20 02:37:25 +00:00
Stuart Morgan c11c0ca7e0 Added comment about the UTF-8 encoding. This is an issue which is documented at https://github.com/rails/rails/issues/1965; namely that SQLite seems to treat ASCII text as a blob meaning that the text searches break. Encoding to UTF-8 seems to fix this. 2015-12-20 02:35:19 +00:00
Stuart Morgan 2301658611 Working 2015-12-20 02:20:59 +00:00
Stuart Morgan 7ce24969bb rubocop fixes 2015-12-20 02:02:44 +00:00
Stuart Morgan d5436c6fae msftidy is now silent 2015-12-20 02:01:11 +00:00
Stuart Morgan b8274cca01 Tested 2015-12-20 01:59:31 +00:00
Stuart Morgan b0eba24c5f Fixed verbosity bug and tidied up 2015-12-20 01:55:44 +00:00
Stuart Morgan 86294a869e No longer need the sAMAccountType lookup table 2015-12-20 01:45:10 +00:00
Stuart Morgan cdf430e689 Fixed bug relating to forgetting to add columns to the schema 2015-12-20 01:44:26 +00:00
Stuart Morgan 14f71eabdb Completing processing the sAMAccountType value 2015-12-20 01:42:25 +00:00
Stuart Morgan 5f5a297324 Adding u_, g_ and c_ parameters to the tables directly avoids most of the views 2015-12-20 01:30:24 +00:00
Stuart Morgan bb25c7606c Restructuring to add SAM_ (userAccountControl) variables as fields directly 2015-12-20 01:28:25 +00:00
Stuart Morgan 872aeccbb6 Significant simplified the hex-to-SID parsing code because we only want the RID out of it 2015-12-19 02:02:40 +00:00
Stuart Morgan 07e5f03aba Fixed 2015-12-19 01:58:29 +00:00
Stuart Morgan c7f8450775 Appears to work correctly 2015-12-19 01:11:20 +00:00
Stuart Morgan 36392ac0cd All works 2015-12-19 00:48:41 +00:00
Stuart Morgan 82c3ec5f4b Added views for users and groups table 2015-12-19 00:26:31 +00:00
Stuart Morgan ba9845818e Appears to work for the computers table (tables and view) 2015-12-18 23:22:22 +00:00
Stuart Morgan cf8f0e2483 Added userAccountControl to the computer table. Note that computer and user LDAP entries are more or less the same (user is the parent for computer), but it makes sense just for sanity and ease of use to keep them separate. 2015-12-18 22:22:56 +00:00
Stuart Morgan eade245a9e Added groupType attribute interpretation 2015-12-18 22:06:20 +00:00
Stuart Morgan e716cd79e3 Needed to use .zero? in the ? : if shorthand for the UAC variables 2015-12-18 21:55:55 +00:00
Stuart Morgan 838f74ff74 Added table creation for userAccoutControl 2015-12-18 21:45:07 +00:00
William Vu 6afcc13774 Requote file path 2015-12-18 15:41:38 -06:00
Stuart Morgan a065fc803c fixed spacing 2015-12-18 21:38:54 +00:00
Stuart Morgan 8821caa199 Added UserAccountControl constants 2015-12-18 21:37:31 +00:00
William Vu 06a2bb53bd Clean up module 2015-12-18 15:29:15 -06:00
Stuart Morgan 6d6306f6e7 Added sAMAccountType constants from MSDN 2015-12-18 21:14:39 +00:00
Stuart Morgan 5b07a35cef Added LDAP filter to identify groups of interest 2015-12-18 14:10:00 +00:00
Stuart Morgan 662010fce7 Added thread capability 2015-12-18 14:06:50 +00:00
Stuart Morgan 0a75fa333c msftidy 2015-12-18 12:14:22 +00:00
Stuart Morgan 91c8c2b9dd Trying to fix threads 2015-12-18 12:14:08 +00:00
Stuart Morgan 6f50635ab2 Strange bug with memberOf param and trying to fix up threads 2015-12-18 11:49:17 +00:00
Stuart Morgan 39bc23629a Getting ready to add thread support 2015-12-18 10:56:41 +00:00
Stuart Morgan 3c8ac89ba8 Added options to dump user membership and group membership to screen 2015-12-18 10:29:53 +00:00
Stuart Morgan 8f95ad315e Added extra user fields to database schema 2015-12-18 10:02:18 +00:00
Stuart Morgan fc45d70d25 Added extra user fields 2015-12-18 09:59:21 +00:00
Stuart Morgan b186aaa08d Added extra computer fields 2015-12-18 09:55:13 +00:00
Stuart Morgan f8b402165c Added extra computer fields 2015-12-18 09:51:04 +00:00
Stuart Morgan 805ba1d7dd Enumerate computers 2015-12-18 08:28:40 +00:00
Stuart Morgan 98c6b56494 Added computer recon 2015-12-18 08:14:30 +00:00
Stuart Morgan f13ca17de0 rubocop 2015-12-18 02:01:38 +00:00
Stuart Morgan 38b6ad4dbf msftidy 2015-12-18 02:00:57 +00:00
Stuart Morgan 36adbadb11 Tidied up SQL searching and added file size indicator 2015-12-18 01:59:19 +00:00
Stuart Morgan eb38859ecc Finally worked out how to use .map to make the SQL stuff far more elegant 2015-12-18 01:40:37 +00:00
Stuart Morgan 1ba6b91968 More accurate description 2015-12-18 01:24:43 +00:00
Stuart Morgan 0ddb40b55e Added UNIQUE and FOREIGN KEY constraints to SQLite DB 2015-12-18 01:23:29 +00:00
Stuart Morgan 15dc542544 Initial module works 2015-12-18 01:13:44 +00:00
Stuart Morgan f31c1c24db Added schema and code to populate SQLite db 2015-12-18 01:01:20 +00:00
Stuart Morgan e3483a2ac3 Getting RIDs from hex mess to decimal. Needs fixing 2015-12-18 00:20:16 +00:00
Stuart Morgan 460778738d Initial version works 2015-12-18 00:00:21 +00:00
Stuart Morgan 41c2d12e0c Tidy up initial print 2015-12-17 23:41:18 +00:00
Stuart Morgan 09fb37db6b Add status updates (useful if there are a large number of groups) 2015-12-17 23:07:02 +00:00
Stuart Morgan 2bcea91b15 Differentiate between user and group errors 2015-12-17 22:57:30 +00:00
Stuart Morgan 85c4e89526 Process user levels 2015-12-17 22:55:02 +00:00
Stuart Morgan 7c145c45e8 add LDAP_MATCHING_RULE_IN_CHAIN oid (from my adsi rework earlier) 2015-12-17 22:44:35 +00:00
Stuart Morgan f2b038f4b3 Begin loop to grab effective users of each group 2015-12-17 22:39:56 +00:00
Stuart Morgan c98519e0b9 Get groups using ADSI 2015-12-17 22:35:51 +00:00
Stuart Morgan 7b019bddf4 Initial version, just basing it on the ad_users module 2015-12-17 22:14:14 +00:00
Stuart Morgan e17a7a5d8c Fix attributes 2015-12-17 21:38:42 +00:00
Stuart Morgan 59d5626ef7 Bugfix 2015-12-17 21:36:19 +00:00
Stuart Morgan cba1ddbdc2 rubocop 2015-12-16 22:38:05 +00:00
Stuart Morgan 47e484408f rubocop 2015-12-16 22:31:54 +00:00
Stuart Morgan 9eef27e4c1 Removed snake case and added SID translation call 2015-12-16 22:31:22 +00:00
Stuart Morgan cc3ac3ad95 Removed trailing line spaces 2015-12-16 22:28:27 +00:00
Stuart Morgan 58635be237 Try to unpack the SID from hex to normal cut/paste format. Its a mess. 2015-12-16 22:27:52 +00:00
Stuart Morgan 421a29d998 Added the trust types from MSDN 2015-12-16 22:18:28 +00:00
Stuart Morgan fbe0cfde8f Fixed URL for trustDirection reference 2015-12-16 22:16:33 +00:00
Stuart Morgan fd8405f52d added trustDirection 2015-12-16 22:15:10 +00:00
Stuart Morgan 4da8859e57 added trustAttributes 2015-12-16 22:13:00 +00:00
Stuart Morgan 207a964117 Loop through results 2015-12-16 21:52:30 +00:00
Stuart Morgan 087a01f27f Templated table 2015-12-16 21:40:49 +00:00
Stuart Morgan fdf1a8c235 Updated with the LDAP fields to retrieve 2015-12-16 21:39:33 +00:00
Stuart Morgan ed4cf71ca8 Initial add (templated from Ben's bitlocker module) 2015-12-16 21:26:02 +00:00
Stuart Morgan c9c1dd22ee Added custom LDAP filter to ad_groups and ad_users to save having to use meterpreter's adsi interface 2015-12-16 10:38:38 +00:00
Stuart Morgan 2c29298485 undoing this, put in a separate module 2015-12-15 23:16:21 +00:00
Stuart Morgan 5dd8cb7648 proper type conversions 2015-12-15 23:13:02 +00:00
Stuart Morgan fef9a84548 rubocop 2015-12-15 23:12:14 +00:00
Stuart Morgan a2b30ff16e msftidy 2015-12-15 23:11:40 +00:00
Stuart Morgan 281966023c Final version 2015-12-15 23:10:06 +00:00
Stuart Morgan 7fa453b7ff Added module 2015-12-15 22:31:00 +00:00
Stuart Morgan 059de62400 Editing an existing module rather than adding a new one 2015-12-15 21:36:39 +00:00
Stuart Morgan 4a66b487de Based on putty enum module 2015-12-15 21:28:13 +00:00
Jon Hart 39da306b1d
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
Jon Hart ed8076f361
Merge branch 'master' into pr/6197 2015-12-08 12:08:15 -08:00
Jon Hart 2177b979fd
Update SessionTypes command to describe why shell is not listed 2015-12-08 12:06:47 -08:00
Jon Hart 3890961155
Correct SEP client exclusion enumeration 2015-12-08 10:16:25 -08:00
BAZIN-HSC be5f648969 manage-bde.exe path test if in System32 or sysnative 2015-12-08 16:14:13 +01:00
Jon Hart f6417df9ba
Update enum_av_excluded to work properly under wow64 2015-12-04 17:13:43 -08:00
Jon Hart ad60a4118e
Put admin and client exclusions in different tables 2015-12-04 13:01:28 -08:00
Jon Hart c92365090f
Simpler 2015-12-04 12:38:25 -08:00
Jon Hart e7d2eb6ad9
Wire in support for showing process and file extension exclusions 2015-12-04 12:35:42 -08:00
Jon Hart 78a303974f
Handle empty exclusions better 2015-12-04 12:19:17 -08:00
Jon Hart 81ee01a93e
Simplify exclusion extraction and printing 2015-12-04 11:42:03 -08:00
Jon Hart 1968a76863
Simplify AV enumeration code 2015-12-04 10:27:14 -08:00
Jon Hart 28ee056c32
Make enumeration of each individual AV optional 2015-12-03 16:07:49 -08:00
Jon Hart c007fffbce
Style cleanup 2015-12-03 15:55:12 -08:00
Andrew Smith 59bd88ff70 msftidy 2015-11-27 16:45:52 -05:00
Andrew Smith 9c016343c7 Update to logic and reliability
Included support for Windows Defender

Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
Louis Sato 55b3e10390
Land #6258, smart_migrate enhancement 2015-11-24 11:30:29 -06:00
Louis Sato 493e476a43
Land #6243, check nil for sock.read 2015-11-23 11:15:51 -06:00
BAZIN-HSC 5592e4e4ea seek_relative suppression (use seek instead) 2015-11-20 18:30:51 +01:00
BAZIN-HSC dd027982ae if recovery_key specified, only method that is tried 2015-11-20 18:30:50 +01:00
BAZIN-HSC f49d6905a6 Fix comments by @jhart-r7 2015-11-20 18:30:50 +01:00
BAZIN-HSC 8f135c07aa Remove hard coded C:\Windows and use %SYSTEMROOT% 2015-11-20 18:30:49 +01:00
BAZIN-HSC 7d9d74f609 msftidy... 2015-11-20 18:30:49 +01:00
BAZIN-HSC c8847182d7 Add module to dump Bitlocker master key (FVEK) 2015-11-20 18:30:48 +01:00
sammbertram f1675f9ae4 Minor enhancement to smart_migrate
Adding a check to see if the user is currently already migrated to the "explorer.exe" and "winlogon.exe" processes prior to attempting migration.
2015-11-19 13:30:12 +00:00
wchen-r7 17a1f2ee8a Fix #6242, Check nil for sock.read
Fix #6242
2015-11-16 14:24:46 -06:00
David Maloney a1ab8f1dc7
added Session info display to module output
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action

MS-706
2015-11-16 12:13:26 -06:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
Andrew Smith c44ecfeb15 Spacing 2015-11-06 10:55:29 -05:00
jakxx e4d8909815 Initial Commit 2015-11-05 20:43:30 -05:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
Brent Cook 0784370b98 more typo and whitespace fixes 2015-10-20 13:09:17 -05:00
Rob Fuller 2f1406e1c8 fix typo
not sure how this got in there
2015-10-20 13:48:00 -04:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
Brent Cook f3451eef75
Land #5380, pageantjacker, an SSH agent proxy 2015-09-26 10:52:44 -04:00
Stuart 853d822992 Merge pull request #1 from bcook-r7/land-5380-pageantjacker
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
jvazquez-r7 415fa3a244
Fix #5968, some modules not handling Rex::Post::Meterpreter::RequestError exceptions
* Related to the usage of ADSI on unsupported OSes
2015-09-21 14:33:00 -05:00
Stuart Morgan cdd39f52b1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension 2015-09-21 14:34:56 +02:00
Stuart Morgan e8e4f66aaa Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension 2015-09-21 14:34:38 +02:00
Brent Cook 61e7e1d094 update pageantjacker to run as part of extapi 2015-09-20 20:25:00 -05:00
William Vu 5f9f66cc1f Fix nil bug in SSO gather module 2015-09-11 02:21:01 -05:00
Stuart Morgan b59bc30160 Fixed stupid bracket error 2015-08-28 16:13:22 +01:00
Stuart Morgan 8bf815c4bb rubocop 2015-08-28 15:39:02 +01:00