Commit Graph

1672 Commits (184ec08160885873b510bf1c306458db8226264a)

Author SHA1 Message Date
jvazquez-r7 67367092b7 Solve conflicts 2014-02-13 08:42:53 -06:00
William Vu a4035252d6 Land #1910, DISCLAIMER for firefox_creds
Fixed conflict in Author.
2014-02-12 16:32:08 -06:00
sinn3r ce2de8f3bf Different way to write this 2014-02-12 15:08:20 -06:00
sinn3r 0f620f5aba Fix Uninitialized Constant RequestError
[SeeRM #8765] NameError uninitialized constant
2014-02-12 00:23:23 -06:00
William Vu c67c0dde8f Land #2972, enum_system find/save logs/S[UG]ID 2014-02-11 15:45:27 -06:00
Roberto Soares Espreto 68578c15a3 find command modified 2014-02-11 10:08:12 -02:00
Roberto Soares Espreto f181134ef8 Removed hard tabs 2014-02-10 23:16:04 -02:00
Roberto Soares Espreto 2e720f8f0f Post::Linux - Added to search for files with setuid/setgid and logfiles 2014-02-10 19:24:51 -02:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
sinn3r 63305025aa
Land #2615 - Add Windows Gather Active Directory User Comments 2014-02-07 12:23:43 -06:00
sinn3r 9c76e7fb00 Handle multiple exceptions 2014-02-07 12:23:10 -06:00
sinn3r 40188e1eda
RuntimeError exception should be handled. 2014-02-07 12:16:15 -06:00
sinn3r 89e1bcc0ca Deprecate modules with date 2013-something
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
sinn3r e54abb4274
Add support for shell session type 2014-02-02 23:37:56 -06:00
sinn3r ae84e354e8
Be consistent with get_smartermail_creds method's return value 2014-02-02 22:06:14 -06:00
sinn3r 662fbf53b6
Update check_smartermail method
Instead of using exception handling to determine the right path,
the new method simply uses the file? method. It's also renamed as
"get_mail_config_path" to properly describe its functionality.
2014-02-02 22:01:38 -06:00
sinn3r 2b2194cee8
Modify prints 2014-02-02 21:58:10 -06:00
bcoles 62dca111f8 Conform to style 2014-02-02 08:07:18 +10:30
bcoles e30195348e Add Windows Gather SmarterMail Password Extraction post module 2014-02-02 05:51:21 +10:30
Meatballs 09b70d1574
Remove max search 2014-01-24 00:27:46 +00:00
Meatballs 0a15e07473
Merge remote-tracking branch 'upstream/master' into service_principle_name 2014-01-24 00:26:52 +00:00
Meatballs 5880f7ebf2
Remove max search 2014-01-24 00:25:03 +00:00
Meatballs f6054e6581
Merge remote-tracking branch 'upstream/master' into enum_ad_users 2014-01-24 00:24:31 +00:00
Meatballs1 982795ee5d Merge pull request #32 from todb-r7/saner-ifs-pr1473
Clean up the if.nils?
2014-01-23 15:50:25 -08:00
Meatballs 790e4d7559
Move options to mixin 2014-01-23 23:47:46 +00:00
Tod Beardsley e066d86d41
Clean up the if.nils? 2014-01-23 17:36:10 -06:00
Meatballs c190a1b630
Fix field order 2014-01-22 09:29:18 +00:00
Meatballs 720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-21 21:00:51 +00:00
Meatballs f571d63088
Merge remote-tracking branch 'upstream/master' into enum_ad_users 2014-01-21 21:00:09 +00:00
Meatballs eee716a6b3
Grab comments and descriptions ftw 2014-01-21 20:59:31 +00:00
Meatballs cd989e5dc0 Initial commit 2014-01-21 17:08:31 +00:00
Meatballs 6cd4c66d85 Merge remote-tracking branch 'oj/updated_meterpreter_binaries' into service_principle_name 2014-01-21 15:47:04 +00:00
William Vu 61b30e8b60
Land #2869, pre-release title/desc fixes 2014-01-13 14:29:27 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
Joe Vennix f11322b29f Oh right, msftidy. 2014-01-13 13:44:34 -06:00
sinn3r bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits 2014-01-13 11:17:36 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
Joe Vennix f78ec1eeb2 Make sure we unwrap the SecurityWrapper. 2014-01-12 10:46:23 -06:00
jvazquez-r7 bd91e36e06
Land #2851, @wchen-r7's virustotal integration 2014-01-10 19:12:56 -06:00
sinn3r d1d45059f2 use session_host instead 2014-01-10 18:27:03 -06:00
sinn3r 8534f7948a Change the post module's default api key as well (to Metasploit's) 2014-01-10 17:59:51 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
sinn3r 238d052073 Update description
key is no longer required.
2014-01-10 04:02:01 -06:00
sinn3r da273f1440 Update the use of report_note 2014-01-10 01:49:07 -06:00
sinn3r 807d8c12c7 Have a default API key
Modules now should have a default API key. See the following for
details:
http://blog.virustotal.com/2012/12/public-api-request-rate-limits-and-tool.html
2014-01-10 01:26:42 -06:00
sinn3r a99e2eb567 Update the post module 2014-01-08 18:41:22 -06:00
sinn3r 130a99f52b Add a post module that checks with VirusTotal with a checksum
This post module will submit a SHA1 checksum to VirusTotal to see
if it's a malicious file.
2014-01-08 18:26:40 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases.
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Niel Nielsen 266b040457 Update cachedump.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:14:10 +01:00
Meatballs e75d87327f
Merge branch 'enum_ad_perf' into enum_ad_users 2014-01-07 12:21:39 +00:00
Meatballs 3bf728da61
Dont store in DB by default 2014-01-07 12:20:44 +00:00
Joe Vennix 49d1285d1b Add explicit json require. 2014-01-06 11:15:10 -06:00
Joe Vennix 723c0480ab Fix description to be accurate. 2014-01-04 19:06:01 -06:00
Joe Vennix f2f68a61aa Use shell primitives instead of resorting to
echo hacks.
2014-01-04 19:00:36 -06:00
Joe Vennix b9c46cde47 Refactor runCmd, allow js exec.
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
Tod Beardsley cd38f1ec5d
Minor touchups to recent modules. 2014-01-03 13:39:14 -06:00
OJ 1cb671b02e
Merge branch 'adjust_getenv_api' into stop_abusing_expand_path 2014-01-03 08:14:02 +10:00
jvazquez-r7 3f0ee081d9 Beautify description 2014-01-02 15:37:58 -06:00
jvazquez-r7 d5e196707d Include Msf::Post::Windows::Error 2014-01-02 13:41:37 -06:00
jvazquez-r7 ec8d24c376 Update against upstream 2014-01-02 12:55:46 -06:00
jvazquez-r7 3bccaa407f Beautify use of Regexp 2014-01-02 12:54:54 -06:00
bmerinofe 832b0455f1 Class constants and Regex added 2013-12-31 03:20:12 +01:00
jvazquez-r7 4366d4da20 Delete comma 2013-12-30 11:45:52 -06:00
jvazquez-r7 54a6a4aafa
Land #2807, @todb-r7's armory support for bitcoin_jaker 2013-12-30 11:44:51 -06:00
bmerinofe e3d918a8a3 Applying changes 2013-12-30 01:49:13 +01:00
Tod Beardsley 88cf1e4843
Default false KILL_PROCESSES for bitcoin_jacker
I seem to able to read associated wallet files while these processes are
running with the greatest of ease. Maybe there was a file locking
concern, but I haven't run into it. Feel free to avoid landing this
particular commit if you disagree.
2013-12-29 14:12:00 -06:00
Tod Beardsley 5e0c7e4741
DRY up bitcoin_jacker.rb, support Armory
Also, make the process killing optional.
2013-12-29 13:07:43 -06:00
TabAssassin 9384a466c1
Retab bitcoin_jacker.rb 2013-12-29 10:59:15 -06:00
Tod Beardsley 6fcd12e36c Refactor for clearer syntax and variables
This was done on a barely configured Windows machine, so mind the tabs.
2013-12-29 10:15:48 -06:00
Tod Beardsley ef73ca537f First, clean up the original a little 2013-12-28 18:57:04 -06:00
sinn3r f2335b5145
Land #2792 - SSO/Mimikatz module overwrites password with N/A 2013-12-27 17:25:44 -06:00
Tod Beardsley d6a63433a6
Space at EOL 2013-12-26 10:37:18 -06:00
sinn3r 78db7429d0 Turns out the latest Safari is still vulnerable.
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
2013-12-24 19:27:45 -06:00
sinn3r a26e12b746 Updates descriiption and improves regex for safari_lastsession.rb
This updates two things for the safari_lastsession post module:

1. The description is updated: More information is added to describe
how Safari would end up storing the Gmail credential in the last
session state, and what it means to you as an attacker.

2. Regex update for the domain to search for: Before the module starts
extract the session data, it needs to know which domain to extract from.
Originally I only added mail.google.com, but turns out the sensitive info
can be found in accounts.google.com, so I added that one.
2013-12-24 14:00:55 -06:00
Meatballs bf8c0b10fa
Dont store n/a creds 2013-12-21 09:04:02 +00:00
jvazquez-r7 a043d384d4
Land #2738, @jiuweigui update to enum_prefetch 2013-12-20 10:26:54 -06:00
Meatballs 71ba78c2f0
Direct to correct module 2013-12-20 16:09:57 +00:00
Meatballs f99a5b8b47
Update for extapi 2013-12-20 13:18:01 +00:00
Meatballs 4ca25d5d89
Merge branch 'enum_ad_perf' into enum_ad_users 2013-12-20 12:54:24 +00:00
Meatballs 62ef810e7c
Use Extapi if available 2013-12-19 18:18:47 +00:00
Meatballs 737154c2fe
Update to use extapi 2013-12-19 16:46:09 +00:00
William Vu 9434d60021 Remove EOL whitespace from OS X hashdump 2013-12-19 10:39:49 -06:00
Meatballs 3ef1c0ecd6 Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2013-12-19 14:25:07 +00:00
Meatballs 244cf3b3f6 Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf 2013-12-19 13:59:57 +00:00
OJ a77daa0902 Fix download_exec to better handle spaces
It was just wrong. Now it actually works.
2013-12-19 13:00:26 +10:00
OJ 9fb081cb2d Add getenvs, update getenv, change extract_path use
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.

Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.

The meterpreter console `getenv` command now uses `getenvs`
2013-12-19 11:54:34 +10:00
sinn3r 8dfa2e6963
Land #2734 - OSX Gather Autologin Password as Root 2013-12-18 15:37:45 -06:00
sinn3r 5011c4d928 The "unless" Ruby nazi is in town 2013-12-18 15:28:31 -06:00
sinn3r 5ec3d5f3f6 Raise specific exceptions 2013-12-18 15:27:49 -06:00
Tod Beardsley c4b8178663
Correct camelCase of YouTube 2013-12-18 14:06:45 -06:00
Meatballs 3e54379b0e
Merge remote-tracking branch 'upstream/master' into wmic_post
Conflicts:
	lib/msf/core/post/windows.rb
2013-12-18 13:40:54 +00:00
sinn3r 10e16673a7 There must be read_file 2013-12-17 16:42:49 -06:00
sinn3r 21feae0bbc Make sure the file path is readable when it's ~/ 2013-12-17 16:38:58 -06:00
jvazquez-r7 7ec96876d9 Delete unnecessary includes 2013-12-17 15:57:09 -06:00
sinn3r 374ef71c12 Favor read_file instead 2013-12-17 15:34:52 -06:00
sinn3r ea6ba2b159 Add post module to get LastSession.plist
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
2013-12-17 13:07:30 -06:00
bmerinofe 89ffafad0e Changes to Service mixin 2013-12-17 13:10:27 +01:00
Tod Beardsley 040619c373
Minor description changes
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
jiuweigui 446db78818 Minor fix to gather_pf_info function 2013-12-16 21:33:07 +02:00