497e02955b
Fixed checking for access keys being retrieved
2016-11-29 11:08:55 -08:00
cb0313642b
Fixed setting IAM_USERNAME
2016-11-29 00:54:49 +00:00
46ce1dfaab
Now using random string as IAM_USERNAME unless specified
2016-11-28 16:32:53 -08:00
f8789fef38
Moved METADATA_IP to advanced options
2016-11-28 16:32:26 -08:00
b4add59a3d
Moved metadata_creds() so Client can be included in Aux/Post modules
2016-11-24 21:03:38 -08:00
c48587066d
Added reference and minor fixes
2016-11-23 10:58:37 -08:00
43e1b5bdd1
Adds module to create an AWS IAM user from a pwned AWS host
2016-11-22 14:55:03 -08:00
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
8e3888f20c
the template ref in this module was missed
...
when we cleaned up all the other powershell template refs
we missed the one in this module which seems to e replicating
large ammounts of library code
7533
2016-11-11 14:24:33 -06:00
2b5517f597
Land #7506 , Add gather AWS keys post module
2016-11-11 13:56:12 -06:00
47ec362148
Small fixes for dbvis enum
2016-11-01 07:35:36 +10:00
557424d2ec
Small tidy of the multiport_egress_traffic module
2016-11-01 01:46:58 +10:00
ec8536f7e9
Fix firefox module to use symbols where appopriate
2016-11-01 01:43:25 +10:00
b9bbb5e857
Replace regex use with direct string checks in dbvis module
2016-11-01 01:35:01 +10:00
f754adad0c
Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE
2016-10-29 11:20:32 +01:00
640827c24b
Final pass of regex -> string checks
2016-10-29 14:59:05 +10:00
57eabda5dc
Merge upstream/master
2016-10-29 13:54:31 +10:00
8b97183924
Update UUID to match detected platform, fail exploit on invalid session
2016-10-29 13:45:28 +10:00
0737d7ca12
Tidy code, remove regex and use comparison for platform checks
2016-10-29 13:41:20 +10:00
8173e87756
Add references
2016-10-28 16:12:46 -07:00
96c204d1ea
Add aws_keys docs; correct description
2016-10-28 15:27:47 -07:00
1ca2fe1398
More platform/arch/session fixes
2016-10-29 08:11:20 +10:00
7dea613507
Initial commit of module for snagging AWS key material from shell/meterpreter sessions
2016-10-28 14:48:55 -07:00
6b77f509ba
fixes bad file refs for cmdstagers
...
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced
Fixes #7466
2016-10-21 12:31:18 -05:00
022830634b
Rejig platform to use windows instead of win32/win64
2016-10-14 10:10:04 +10:00
b77a910205
Land #7355 , allwinner post to local exploit conversion
2016-10-08 21:38:54 -05:00
b3c6ec09a0
Show status when gathering, which can take a bit
2016-09-30 06:42:22 -07:00
abed3bf6c2
Rename
2016-09-30 06:35:26 -07:00
2272e15ca2
Remove some anti-patterns, in the same spirit than #7372
2016-09-29 00:15:01 +02:00
cba297644e
post to local conversion
2016-09-22 22:08:24 -04:00
83160b7e49
Land #7173 , Add post module to compress (zip) a file or directory
2016-08-24 09:38:04 -05:00
89c3b6f399
Remove the -d flag for Linux machines
2016-08-23 18:43:50 -05:00
b081dbf703
Make destination required
2016-08-18 15:56:16 -05:00
60937ec5e9
If user is SYSTEM, then steal a token before decompression
2016-08-17 16:56:09 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
ae59c4ae74
Land #6687 , Fix meterpreter platform to include OS in the tuple for all meterpreters
2016-08-07 05:00:24 -05:00
45801bc44e
get_env
2016-08-03 11:11:34 -05:00
bddf5edcf1
Fix typo
2016-08-03 11:04:53 -05:00
8f7d0eae0c
Fix #7155 - Add post module to compress (zip) a file or directory
...
Fix #7155
2016-08-02 14:44:58 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
d5d0b9e9b8
Revert "Land #6729 , Speed up the datastore"
...
This reverts commit c6b1955a5a4fb7472391
2016-06-28 13:39:52 -05:00
c6b1955a5a
Land #6729 , Speed up the datastore
2016-06-15 17:55:42 -05:00
eaaa9177d5
Fix "username" key to add login in creds database
2016-06-08 10:38:38 +02:00
ca76e8f290
Update allwinner_backdoor report_vuln hash
2016-05-24 00:57:37 -05:00
928a706135
Land #6890 , Allwinner CPU kernel module local privilege escalation
2016-05-23 22:00:52 -05:00
2f8562fba4
added documentation and minor style tweaks
2016-05-23 21:59:44 -05:00
4242bbdf55
change report_note to report_vuln per note
2016-05-23 17:36:50 -04:00
c621f689b2
more descriptive note per @sempervictus
2016-05-18 19:08:01 -04:00
815a2600a8
additional description
2016-05-17 22:07:33 -04:00
640e0b9ff7
working ready for pr
2016-05-17 21:58:32 -04:00
2e3e4f0069
Land #6296 , Added a multi-platform post module to generate TCP & UDP egress traffic
2016-05-14 00:03:00 -05:00
3542d907f7
simplify description, move the bulk of documentation to documentation/
2016-05-14 00:01:51 -05:00
314d73546c
additional details, not working on tablet via malicious apk meterpreter
2016-05-13 23:12:44 -04:00
5099124f3d
module compiles, fails correctly but cant yet verify it works
2016-05-12 22:18:43 -04:00
a69432abe5
update module class and move to recon from manage
2016-05-12 12:42:04 -05:00
9f923cdb00
Merge branch 'master' into land-6296-egress
2016-05-12 12:36:47 -05:00
57a3a2871b
remove various session manipulation hacks since session.platform should always contain an os identifier
2016-05-08 22:39:41 -05:00
2f66442f1d
Fix #5191 , bad LHOST format causes shell_to_meterpreter to backtrace
...
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.
Fix #5191
2016-04-28 23:03:54 -05:00
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
3da451795c
Fix potential case issue
...
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
f83cb4ee32
fix set_wallpaper
2016-03-16 13:07:41 +00:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
a1190f4344
Land #6598 , add post module for setting wallpaper
2016-03-06 15:00:10 -06:00
86845222ef
add meterpreter platform workaround
2016-03-06 14:51:34 -06:00
d955c6a8f6
style fixes
2016-02-29 14:06:49 -06:00
f3cf5a8a41
Resolve merge conflict with upstream-master
...
Out of date author field
2016-02-25 14:49:53 -06:00
27af59ea7c
minor tweaks
2016-02-20 08:35:56 +00:00
b58166a9a8
add android platform to the hash
2016-02-18 20:13:39 -06:00
5c92076a1e
more cleanup
2016-02-14 09:15:25 +00:00
e738b5922d
fix play_youtube to work on Android
2016-02-11 07:16:40 +00:00
a93f200851
cosmetic fixes
2016-02-10 07:51:13 +00:00
d544bf9311
android set wallpaper
2016-02-01 01:16:17 +00:00
96ab598835
set wallpaper
2016-02-01 01:01:24 +00:00
6fb27a3da9
Undo path and move the out of bound check
2016-01-28 23:49:50 -06:00
d515e4db64
Unwanted comment
2016-01-21 00:55:08 -06:00
bda76c7340
Update lastpass_creds module
2016-01-21 00:53:16 -06:00
348ae586a7
Handle vault parsing exceptions
2016-01-15 14:54:59 -08:00
3bee2fff70
Use native method dir
2016-01-08 16:06:24 -08:00
8c6bdd532b
Use ? for SQL queries
2016-01-07 22:50:23 -08:00
b46095f3d6
Remove custom method checking file exists
2016-01-07 22:21:10 -08:00
e7701b6d5f
Fix incoherent method to always return a list
2016-01-07 22:17:04 -08:00
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb
2015-12-24 07:57:16 -08:00
d6dacd1580
Fixed bug when generating native traffic with one thread
2015-12-23 15:28:33 +00:00
45b9230efb
Redirect python stderr to stdout, darwin python platform
2015-12-22 11:32:31 +00:00
be9197fc97
quick fix for issues #6359
2015-12-22 03:26:31 +00:00
f9d74143c3
fix typo
2015-12-22 03:25:34 +00:00
2ddac42be7
Perform Rubocop cleanup
2015-12-19 23:33:32 -08:00
2fc940cc3e
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 22:19:20 -08:00
ab630166bb
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 21:40:30 -08:00
ccb13a2ca6
Add full IE support and bug fixes
2015-12-17 20:29:50 -08:00
b085989923
Land #6266 , rsync creds scraper
2015-12-14 11:37:30 -06:00
db788d1b7c
Land #6238 , CmdStager BOURNE_{PATH,FILE} options
2015-12-07 12:34:42 -06:00
fc9d818837
change youtube url
2015-12-04 10:15:56 +01:00
b4ade1989a
Add IE support for stored passwords
2015-12-04 00:13:42 -08:00
78d391fa10
Rubocop
2015-12-02 14:54:30 +00:00
99dceb33ac
Added 'ALL' support (to do TCP and UDP in one go)
2015-12-02 14:50:16 +00:00
15dd18dc4b
use single quotes, remove explicit nil
2015-12-02 09:36:07 +00:00
366b92a79e
Store rsync creds as creds, not loot
2015-12-01 15:30:39 -08:00
b66be85ccb
Rubocop
2015-12-01 22:32:04 +00:00
d5c0da5e19
Added 33434-33534 because this is the default udp range for traceroute (might be enabled by sysadmins to enbale traceroutes to work)
2015-12-01 22:31:12 +00:00
74a07709b8
Use the Comm param instead of adding a route as suggested by @jlee-r7 and hdm
2015-12-01 21:42:27 +00:00
c744b14a8a
Exclude python meterpreter, doesn't seem to work
2015-11-29 20:40:42 +00:00
6a3172268e
Fixed module metadata
2015-11-29 19:32:55 +00:00
2bc5b98d6e
Rubocop fixing alignment of ifs and ends
2015-11-29 19:17:49 +00:00
8b4649e75c
Working through rubocop issues
2015-11-29 19:11:10 +00:00
9267afc18b
Rubocop
2015-11-29 19:06:24 +00:00
9a6f0d6734
Reducing complexity (rubocop)
2015-11-29 19:06:07 +00:00
b5909852a9
Rubocop
2015-11-29 19:02:33 +00:00
d4bb5537b2
Fixed stupid paste error
2015-11-29 19:02:15 +00:00
fd7a6465c6
Attemping to simplify code
2015-11-29 19:01:34 +00:00
10f89239a5
rubocop
2015-11-29 18:59:40 +00:00
6a567845e0
Tidy up error messages
2015-11-29 18:54:46 +00:00
12dbe31bee
Apparently adding .close causes it to hang
2015-11-29 18:49:51 +00:00
41d963eeb1
Debugging
2015-11-29 18:34:26 +00:00
b6dfafaeb7
Stabilised code, still giving errors on threads>1 in native mode though
2015-11-29 18:14:19 +00:00
e18f8b5e21
Now works for both TCP and UDP
...
However, it gives 'interrupted by console user' as an error message for no reason (?timeouts?)
2015-11-29 17:53:04 +00:00
98e0050e8c
Fixed 'end' bugs (mismatched blocks)
2015-11-29 16:20:33 +00:00
af106737b9
Adding both native and winapi options, split out to functions & fix up
2015-11-29 16:17:07 +00:00
5ffeaddf1e
Added help
2015-11-26 14:01:40 +00:00
1ce0386d01
Reusing port array generation code
2015-11-26 13:59:15 +00:00
9d747e67a3
Fix bugs in new Firefox creds storage
2015-11-25 21:28:07 -08:00
a692a5d36c
Remove Platform, this should work everywhere; correct grammar
2015-11-25 11:23:18 -08:00
09d4bd8175
Added basic function definition for non-Win32API egress
2015-11-24 15:38:06 +00:00
4ea732716a
Added file
2015-11-24 15:37:44 +00:00
718e928fe3
Control per-user config file
2015-11-23 11:11:03 -08:00
93bb31dfa0
Make path to rsyncd configuration file configurable
2015-11-21 19:50:33 -08:00
f34c7a8594
Support for new Firefox method to store credentials
2015-11-20 23:42:59 -08:00
aa962f30a9
Minor style/usability cleanup
2015-11-20 13:51:31 -08:00
a96102c20a
Minor cleanup
2015-11-20 13:19:38 -08:00
c75e3c8e84
Initial commit of a post module for looting rsync credentials
2015-11-20 12:57:33 -08:00
811167442c
Re-disable debugging nodelete
2015-11-17 13:10:03 +00:00
2b99969f9a
quote paths to allow spaces
2015-11-15 00:14:30 +00:00
e3f25fd6e2
Add support for specifying path, file in bourne dropper
2015-11-14 18:31:11 +00:00
38ca943219
Remove unneeded width arg
2015-11-13 11:49:50 -08:00
4604f8cd83
Move cowsay to Rex::Text so that everyone can enjoy it ;)
2015-11-13 08:57:48 -08:00
211da2746e
Support cookie auth key decryption
2015-11-11 16:26:07 -08:00
15cfa925c8
Document the cloud mess
2015-11-11 12:06:53 -08:00
a328675f77
Add simulated cowsay support to wall
2015-11-11 11:54:46 -08:00
8d21a91f3e
Add initial wall module
2015-11-11 09:15:32 -08:00
43229c16e7
Correct some authors with unbalanced angle brackets
2015-11-06 13:24:58 -08:00
20679ea6c6
Land #5720 , @g0tmi1k's changes to firefox_creds post module
2015-11-05 15:36:08 -06:00
b0f92b49a2
Print vault passwords
2015-11-01 21:47:00 -08:00
e67065a7e9
Fix Firefox/Opera bugs
2015-10-26 22:40:47 -07:00
da9420a915
Retrieve randkey from LastPass
2015-10-26 19:17:09 -07:00
6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions
2015-10-02 15:26:42 -05:00
8bfa5bcd09
Do some more minor code cleaning
2015-09-04 13:08:27 -05:00
ac49c80367
Do minor code cleanup
2015-09-04 12:46:21 -05:00
60d2856444
Use id instead of whoami
2015-09-04 12:02:21 -05:00
4fa58efaa0
Allow to configure the DOWNLOAD_TIMEOUT
2015-09-04 11:54:22 -05:00
eb43241425
Firefox_creds more stable/bug fixs (Linux/OSX)
2015-08-27 11:43:53 +01:00
d264802ce0
Consistency and API conformance changes to LES
2015-08-21 12:38:58 -05:00
4a91dfdcf5
Land #5873 , report_note for local_exploit_suggester
2015-08-20 17:52:33 -05:00
b20a283617
Added report_note to suggester
2015-08-20 13:57:16 -05:00
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
9720e8e081
normalize osx to darwin so python meterp works
2015-08-15 19:49:55 -05:00
422bba87d3
style fixes, moved google_geolocate to google/geolocate
2015-08-15 19:49:32 -05:00
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
7f0d992914
Fixed name typo
2015-08-11 11:51:52 -05:00
34279776a6
Minor edit
2015-07-30 18:40:41 -05:00
fc4fdba482
Merge branch 'suggestor' of https://github.com/MSadek-r7/metasploit-framework into pr5788
2015-07-30 18:31:49 -05:00
08338b73b2
Add get_target_arch and get_target_os
...
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
af55ef7352
Added session.present?
2015-07-30 10:10:42 -05:00
7aa78dfd4e
Revamped os, platform, arch detection. Added count for exploits being tried
2015-07-30 09:36:02 -05:00
1521c8f87e
Reworded to no suggestions available
2015-07-29 17:40:27 -05:00
66489202fc
Added error message if no exploits are found
2015-07-29 17:31:23 -05:00
b58c6248fe
Fixed ShowDescription bug
2015-07-29 16:52:06 -05:00
2cddfda0a0
wchen-r7's fixes, fixed indentation, removed newlines, added desc.
2015-07-29 16:13:50 -05:00
c725f74d46
Add Local Exploit Suggestor
...
Resolve #5647
2015-07-29 13:19:51 -05:00
a3365a9c7f
Add key, 2fa, iterations and otp support
2015-07-28 00:15:08 -07:00
7c3e79f72d
Smarter way to download via meterpreter
...
...less chance of data crupterion
2015-07-27 19:49:06 +01:00
52e4f45ecd
Use the new thing in wlan_geolocate
2015-07-20 20:24:07 -05:00
d6e12d431f
Style and whitespace
2015-07-20 19:40:25 -05:00
d5c57d9d6e
Use creds API
2015-07-16 16:05:59 +01:00
074ed20f1c
Fix Firefox_Creds
...
...isn't perfect.
2015-07-14 13:33:48 +01:00
d795b2f831
Module cleanup
2015-07-11 19:40:21 +01:00
0e5e8032ad
Add Firefox 2FA support
2015-06-30 21:02:10 -07:00
5b0647a1f2
Add support to steal 2FA token
2015-06-29 22:20:38 -07:00
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
f216841d01
Update enum_vbox
2015-06-22 17:54:17 -05:00
c20d2a1dd9
Update post/multi/gather/env
...
* Use cmd_exec
2015-06-22 16:20:46 -05:00
5a548c3792
Land #5453 , Update dbvis_enum to use the new cred API
2015-06-19 11:35:07 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
ef825fb4bf
Land #5530 , shell_to_meterpreter improvements
2015-06-16 14:29:15 -05:00
33139c4ecd
shell_to_meterpreter minor improvements
2015-06-16 20:42:47 +01:00
a53ca53a6a
Fix inconstancy - multi/handler
2015-06-12 21:23:51 +01:00
e43163135b
Add module_fullname: fullname,
2015-06-02 12:33:34 -05:00
7485cf776e
Remove unnecessary spaces
2015-06-02 14:18:36 +05:00
b4cfe93977
Add creds API
2015-06-02 14:16:16 +05:00
b98cc89f0c
Update filezilla_client_cred to use the new cred API
2015-06-02 00:22:17 -05:00
17c0af6380
Consistent column names
2015-05-29 11:08:24 +05:00
101f12b9d2
Remove base64 require
2015-05-29 10:38:06 +05:00
3ac5088a9a
Add decryption.final for proper padding
2015-05-29 10:33:55 +05:00
2756c7375e
Add datastore options
2015-05-28 10:58:36 +05:00
Javier Godinez
Brent Cook
David Maloney
dmohanty-r7
OJ
Konrads Smelkovs
Jon Hart
jvoisin
h00die
Brendan
wchen-r7
Pearce Barry
Louis Sato
Crypt0-M3lon
William Vu
h00die
Adam Cammack
Tim
Christian Mehlmauer
Martin Vigo
Stuart Morgan
Rory McNamara
PsychoMario
jvazquez-r7
g0tmi1k
HD Moore
Mo Sadek
Tod Beardsley
James Lee
root