As mentioned here https://community.rapid7.com/thread/3788 the metsvc
script was still looking for the old file name for metsrv.dll, which
was causing the script to fail.
This commit fixes this issue. A hash is used to indicate local and remote
file names so that the remote can continue to use metsrv.dll, but it
is correctly located on disk locally.
Added -x parameter to the script which indicates that the underlying
meterpreter session should be terminated when the execution has
finished.
Added -s parameter which takes a floating point number as an arg
which indicates the number of seconds to sleep between uploading
and executing. This helps in the case where http(s) payloads are
used for meterpreter and a time delay is needed to make sure that
the file has been written to disk and the lock released prior to
attempting to executing it.
While testing stuff earlier today I had to use this script and I made the
mistake of not passing in the -rc flag to the script. I was confused for ages!
This change prints the usage message in the case where you don't pass proper
parameters to the script.
We use system %PATH% for notepad executable instead of the absolute
path, because it caused a problem with the migrate script in a 64-bit
meterpreter session. By default the wordpad binary is not in the
%PATH%, so the condition in hp_nnm_ovbuildpath_textfile.rb was not
changed.
Added new -c option for value 2, which will start the keylogger in the current process instead of attempting to migrate. I also made this setting the default.
Added -k option which, if provided, will attempt to kill the old pid after a successful migration.
Fixed a bug where a blank line would get added to the log file every polling interval if no keystrokes had been detected during that interval.
1.) Now grabs clear-text user hint from XP systems in addition to
Win7/Win8 systems
2.) Changes output so it's no longer inline with hashes as not to
affect copy/paste of hashes output
3.) Adding alternate text in cases when no user hints are available
* UserPasswordHint, a key that is used to store the users password
hint, can be easily decoded to clear-text to get the users hint
(Example: "My Favorite Color")
* Added decode_windows_hint() method to perform the decode process
* Added decoded hint output for hashdump.rb and smart_hashdump.rb
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.
If you have questions, please let us know.
-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
Modified from #561. It has gone through a lot of changes, including:
* It now relies mainly on arguments instead of datastore options.
This is because when an user uses datadatore options, the rc
script cannot really start automatically without some config
in advance, which is a hassle.
* We no longer have to manually connect to a database before being
able to use the rc script. It can automtaically connect to it
if the necessary arguments are supplied (user/pass/workspace)
* Better error handling
* Actually exits msfconsole when something fails or not ready
* The older script does not select a payload. This one will
automatically select one based on compatible payloads.
* Instead of manually specifying an "identifier" for reference
matching, this is now automatic.
* Lots of cleanup
* Update help_me
OJ
William Vu
sinn3r
Henrik Kentsson
Norbert Szetei
Meatballs
Tab Assassin
James Lee
g0tmi1k
Garret Picchioni
shellster
sinn3r
CG
Dhiru Kholia
Jonathan Claudius
m-1-k-3
HD Moore