18ffd36409
storing config file, changed regex
2018-09-07 08:13:10 -05:00
6c3b1081ea
added function to grab and store user and passwd
2018-09-06 12:03:00 -05:00
e1ec0ec899
hash_dump now working properly up to Mac OS X High Sierra (10.13.6 included)
2018-09-06 12:00:36 +02:00
b7da75d860
fix #10576 , fix session upgrade HANDLE_TIMEOUT
2018-09-04 16:46:33 +08:00
a9376266bc
Land #10484 , Add PhpMyAdmin password extractor
2018-08-30 12:16:17 -05:00
924e61c5c1
Added check and removed register_options
2018-08-30 12:13:39 -05:00
0aac9a4881
unmarshal
2018-08-30 20:49:09 +05:30
25145004b2
Removing arch
2018-08-29 22:05:57 +05:30
c486dab574
Updating
...
Thank you bcoles :)
2018-08-29 11:45:08 +05:30
20daba6e2d
fix line endings
2018-08-28 11:33:17 -05:00
f1e4079641
move add_thread code to lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb
2018-08-28 09:02:21 -05:00
015abca8af
MSFTidy module
2018-08-28 09:02:21 -05:00
bb151bb727
MSFTidy module
2018-08-28 09:02:21 -05:00
2251c4a712
Add peinjector post module
2018-08-28 09:02:21 -05:00
107baee0a2
Updating store_loot?
2018-08-20 16:57:09 +05:30
a018d24df4
Fixing some more spaces at EOL
2018-08-20 12:56:59 +05:30
71f8a66f8d
Spaces EOL
2018-08-20 12:45:15 +05:30
0ae5a16c8e
Adding store_loot
2018-08-20 12:24:31 +05:30
a926e0f7a6
Root privilege is required
2018-08-20 11:38:02 +05:30
6684e5d0eb
PhpMyAdmin creds extractor
2018-08-19 23:40:19 +05:30
79736406b2
Land #10394 , Cleanup aws_ec2_instance_metadata
2018-08-15 14:51:12 -05:00
bb24c3114a
Minor code style fixes made
2018-08-15 04:49:17 +02:00
e43798b148
minor fix
2018-08-14 19:21:43 +02:00
75ef8e8097
enum_commands.rb module added
2018-08-14 18:31:16 +02:00
259b92a64b
iptables_removal.rb module added
2018-08-14 18:24:15 +02:00
41dd8a62cb
rename class name
...
rename for snake case
2018-08-10 17:27:19 +02:00
bb208118c3
Ruby decrypt
...
The decryption of the key in the msf has been added
2018-08-10 16:25:33 +02:00
0e8180f263
delete space
...
delete bad spaces
2018-08-06 19:01:32 +02:00
5e7a77dea8
add new functiom
...
added checking directory of VNC
2018-08-06 18:45:24 +02:00
d6a60bd10e
remove dependencies
...
removed not necessary dependencies
2018-08-06 17:20:25 +02:00
e194922855
Add vnc password osx
...
This module show Apple VNC Password from Mac OS X High Sierra.
2018-08-06 17:11:42 +02:00
d60aa55e07
Modified regex
...
Based on the comment: https://github.com/rapid7/metasploit-framework/pull/10394#discussion_r207042496
2018-08-02 15:55:24 +02:00
ce9f447a29
Land #10384 , upload_exec fixes
2018-07-30 13:55:40 -05:00
7c8190573c
remove unused juniper options
2018-07-30 14:20:01 -04:00
ece9a72d13
Removed tabs
2018-07-30 15:07:55 +02:00
5962fa752e
Fixes in aws_ec2_instance_metadata
...
@@ -36,7 +36,7 @@ def initialize(info = {})
- unless resp =~ /^instance-id.$/m
+ unless resp =~ /^instance-id$/m
The original regex requires one character after 'instance-id' which is not present in the instance.
@@ -50,15 +50,16 @@ def check_curl
- base_resp.split(/\r\n/).each do |l|
- new_uri = base_uri.merge("./#{l}")
+ base_resp.split(/\r?\n/).each do |l|
+ new_uri = "#{base_uri}#{l}"
- key_uri = new_uri.merge("./#{key_id}/")
- key_resp = simple_get(key_uri)
+ new_uri = new_uri.slice(0..(new_uri.index(%r{/public-keys/})+'/public-keys'.length))
+ key_uri = "#{new_uri}#{key_id}/"
+ key_resp = simple_get(key_uri)
1. merge function was causing 'rescue in merge' errors
2. the split function could not succeed, there were no '\r\n' between the lines but '\n' only
3. the special case was not handled correctly
was trying to curl http://169.254.169.254/latest/meta-data/public-keys/0=Key0/ instead of http://169.254.169.254/latest/meta-data/public-keys/0/
@@ -94,6 +95,6 @@ def setup
- cmd_exec("curl #{url}")
+ cmd_exec("curl -s #{url}")
Curl was causing issues when not in silent mode.
2018-07-30 14:02:15 +02:00
6790ac1998
Reset to original
2018-07-30 10:48:32 +02:00
0433cb92ba
Fix upload_exec for absolute paths
...
Also prefer chmod 700 over 755, since it's our file.
2018-07-26 19:48:12 -05:00
32d6344e6b
Land #9964 , android post module to extract subscriber info
2018-07-26 16:58:27 -05:00
71646da97f
fix error handling
2018-07-26 16:48:34 -05:00
408dc7793f
Update aws_ec2_instance_metadata.rb
2018-07-23 10:00:12 +02:00
4c4f0c1d3e
Update
...
Fixes for Kali linux 4.14 with ruby 2.3.
2018-07-18 10:42:51 +00:00
a020d48caf
Move module documentation to documentation directory
2018-07-13 04:46:25 +00:00
93413481e8
IPTABLES rules removal module added
2018-07-12 14:16:22 +02:00
60becc272a
Native DNS Spoofing module added
2018-07-12 14:06:41 +02:00
5b60a91b66
Style and code optimization changes
2018-07-12 13:54:47 +02:00
5b36515947
Merge remote-tracking branch 'origin/master' into vpef
2018-07-12 13:23:44 +02:00
b4b7bf03da
Land #10171 , Implement desktop shell and screensaver post modules
2018-07-05 17:33:06 -05:00
970c164e06
fix undefined method capitalize error for array
2018-07-05 14:33:51 -07:00
dbb0748c1c
Land #9998 , customizable golden ticket duration
2018-06-27 15:51:56 -05:00
d7770a98b2
s/Seperated/Separated/
2018-06-27 15:36:41 -05:00
c4bf12cbe0
ntds_grabber msftidy fixes
2018-06-26 08:22:11 -05:00
c4632f44aa
Fix windows
2018-06-21 16:46:15 +00:00
2008de4080
Support Windows screensaver and locking
2018-06-21 16:46:00 +00:00
247437c8f3
Change global variables to instance variables in pseudo_shell module and minor fix prompts's output
2018-06-21 13:25:35 +02:00
a8e9c20d6c
Make open works on windows
2018-06-20 09:23:57 +00:00
4c0ac00f38
Make screensaver works on OSX
2018-06-20 09:13:51 +00:00
667f6cb570
Some minor fixes in pseudo_shell module and priv.rb
2018-06-19 14:30:00 +02:00
53e6faef27
Module description fixed
2018-06-19 12:50:18 +02:00
be1ea1549e
Post-exploitation API improvements and pseudo_shell module added
2018-06-19 12:39:41 +02:00
351a0bd37f
Cleanup command execution code
2018-06-18 07:24:54 +00:00
a750aedb6b
Move xdg_screensaver to multi module
2018-06-18 07:19:52 +00:00
1f6b9a51ea
Remove useless import
2018-06-18 06:56:39 +00:00
8342751b05
Move xdg_open to multi module
2018-06-18 06:54:13 +00:00
ec88683ad2
Land #10165 , Fix missing RequestError in a few post modules
2018-06-15 15:38:49 -05:00
b733b79533
Land #10021 , post/multi/recon/sudo_commands module
2018-06-14 16:33:50 -05:00
c4af2aca53
Check command availability
2018-06-14 10:00:26 +00:00
e523d5a114
Fix tabbed indents
2018-06-14 11:35:03 +02:00
b9d59315a8
Fix English in XDG screensaver
2018-06-14 11:30:04 +02:00
c5c0dffa3a
Fix English for XDG open
2018-06-14 11:28:30 +02:00
ee81ed6f7e
Add XDG screensaver
2018-06-14 08:58:24 +00:00
3c4bcf9258
Make XDG open module
2018-06-14 08:33:51 +00:00
14da99bb3d
Fix missing RequestError in a few post modules
...
Should be Rex::Post::Meterpreter::RequestError.
2018-06-12 17:11:29 -05:00
96cd65a205
Added new whoami module and some fixes
2018-06-01 02:57:03 +02:00
6df8e28f7e
Some syntax fixes and name changes
2018-06-01 02:06:25 +02:00
c9a4cc47f7
Initial upload of Vulnerateca Post-Exploitation Framework (VPEF)
2018-05-31 18:05:33 +02:00
5e968529bf
Land #9976 , Store non-nil linux enum_network loot
2018-05-30 15:33:39 -05:00
435f965418
Use #include? over Regexps with plain strings
2018-05-30 15:32:04 -05:00
4df01da49a
Add GTFOBins
2018-05-25 04:20:25 +00:00
72fb51f877
add extra check for failed command outputs
2018-05-24 20:47:06 +05:30
45481f26b6
Add Msf::Post::OSX::Priv mixin
2018-05-22 22:25:39 +00:00
b14e354b25
Land #10048 , Make shell and meterpreter sessions consistent with cmd_exec
2018-05-22 21:26:47 +00:00
75562e2bbc
Land #10044 , Fix is_system? in Msf::Post::Windows::Priv for non-English
...
Merge branch 'land-10044' into upstream-master
2018-05-21 14:24:26 -05:00
a8fcd9d275
Fix display of uid in post/windows/gather/win_privs
...
`inspect` is not necessary and triggers display of Unicode characters as "\x.." instead of printing their value.
As discussed in PR #10044
2018-05-19 01:35:19 +02:00
520b8bc3c0
remove many duplicate code paths
2018-05-17 08:14:32 -05:00
a3879f0109
Land #9956 , add module to extract wireless credentials on Android
2018-05-17 21:04:56 +08:00
406f1fe165
fix #10046 , remove invalid timeout argument on cmd_exec
2018-05-17 07:38:22 -05:00
eb0ac79143
Land #9975 , local_exploit_suggester fixes
2018-05-16 06:48:02 -05:00
7ebe0d6dc5
Use sudo -l rather than sudo -l -l
2018-05-15 18:53:52 +00:00
900480dd1a
check for root
2018-05-15 17:32:10 +05:30
e1786d1ae0
Update sub_info.rb
2018-05-15 16:55:52 +05:30
17bd9aafb3
Add post/multi/recon/sudo_commands
2018-05-14 18:31:24 +00:00
67c7a718db
Land #9868 , fix post/osx/capture/keylog_recorder
2018-05-10 16:47:57 +08:00
08b81a418f
Customization of Golden Ticket Duration
...
- Post exploitation module updated
- Kiwi extention updated
Using mimikatz /startoffset and /endin params
Duration in hours, default already 10 years
2018-05-09 17:44:55 +02:00
a612c4cc65
Update wireless_ap.rb
2018-05-06 17:37:12 +05:30
6bd31d7921
Update wireless_ap.rb
2018-05-06 17:33:20 +05:30
f32fda6757
Update wireless_ap.rb
2018-05-06 16:52:18 +05:30
3e949733e2
fix wpa_supplicant parsing
2018-05-06 19:11:35 +08:00
40b6b97dbf
Update enum_network.rb
2018-05-05 10:56:55 +05:30
ec55a631ef
Check if the data is nil before pasisng to store_loot
...
when I ran this module for linux/aarch64/meterpreter_reverse_tcp for payload running in termux, it was obvious that without root the commands will return error, It still created empty files in `.msf4/loot`
```
msf5 post(linux/gather/enum_network) > run
[*] Running module against localhost.localdomain
[*] Module running as /system/bin/sh: /usr/bin/whoami: not found
[+] Info:
[+]
[+] Linux localhost 3.10.84-perf+ #1 SMP PREEMPT Tue Oct 24 01:07:25 CST 2017 aarch64 Android
[*] Collecting data...
[+] /system/bin/sh: /sbin/route: not found
[-] Failed to open file: /etc/ssh/sshd_config: core_channel_open: Operation failed: 1
[-] unable to get data for Network config
[+] Network config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_735775.txt
[-] unable to get data for Route table
[+] Route table stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_599334.txt
[-] unable to get data for Firewall config
[+] Firewall config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_790893.txt
[-] unable to get data for DNS config
[+] DNS config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_867340.txt
[-] unable to get data for SSHD config
[+] SSHD config stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_900906.txt [-] unable to get data for Host file
[+] Host file stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_179877.txt
[-] unable to get data for Active connections
[+] Active connections stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_656035.txt [-] unable to get data for Wireless information
[+] Wireless information stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_168144.txt
[-] unable to get data for Listening ports
[+] Listening ports stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_999548.txt [-] unable to get data for If-Up/If-Down
[+] If-Up/If-Down stored in /data/data/com.termux/files/home/.msf4/loot/20180505105107_default_127.0.0.1_linux.enum.netwo_860869.txt
[*] Post module execution completed
msf5 post(linux/gather/enum_network) >
```
2018-05-05 10:52:08 +05:30
cb29b4cf7a
Update Local Exploit Suggester - Fix #9974
2018-05-05 04:41:58 +00:00
916dfa56fe
Add author name to the wlan_probe_request post-exploitation module
2018-05-03 11:41:09 +02:00
02920728a4
Update sub_info.rb
2018-05-03 02:51:39 +05:30
7a47e2aa25
Update sub_info.rb
2018-05-02 22:02:09 +05:30
bd92d189f4
Update sub_info.rb
2018-05-02 21:48:01 +05:30
e87116a5c1
Minor fixes
2018-05-02 20:51:30 +05:30
1c89bd80d9
Update sub_info.rb
2018-05-02 20:44:21 +05:30
c6df12dccb
Add android post module to extract subscriber info
2018-05-02 20:41:54 +05:30
98d81476f7
Fix get_password for pwds with `"`, `=` etc
2018-05-02 19:09:36 +05:30
fa727f5394
Update wireless_ap.rb
2018-05-02 18:22:00 +05:30
773e06b3ca
Update wireless_ap.rb
2018-05-02 01:28:15 +05:30
2817ff25cb
Update wireless_ap.rb
2018-05-02 00:00:34 +05:30
614de11a9c
Update wireless_ap.rb
2018-05-02 00:00:05 +05:30
9b00a5cffb
store loot
2018-05-01 23:10:29 +05:30
29467c2e37
Stylize the output
2018-05-01 22:58:17 +05:30
bc0cad43bc
Update wireless_ap.rb
2018-04-30 19:19:12 +05:30
ca7afae730
Add wireless_ap post module for Android
...
This module displays all the saved wireless AP creds in the target device
2018-04-30 19:02:30 +05:30
3351a59efb
Update linux/gather/enum_protections
2018-04-29 06:52:47 +00:00
9ae0acd489
Removing debug statement
2018-04-28 15:56:56 -07:00
c7caac627b
Replacing Import with Fiddle, adding fork compatibility for High Sierra
2018-04-28 15:53:23 -07:00
f12f6d54a5
Land #9862 , Post-exploitation module for meterpreter (Windows) to send wireless probe requests
...
Merge branch 'land-9862' into upstream-master
2018-04-20 14:32:01 -05:00
1547a47026
Land #9784 , add osx high sierra APFS password disclosure post module
2018-04-18 14:27:22 +08:00
72cd97d3e4
minor documentation and comment tweaks
2018-04-18 14:22:32 +08:00
b282db3c6a
Fixing broken imports for keylog_recorder.rb and improving control chars
2018-04-12 02:08:53 -07:00
2d33320921
Added a post-exploitation module to send wireless probe requests
2018-04-11 16:43:33 +02:00
ee6f83c281
match newfs_apfs regex
2018-04-10 14:45:14 +08:00
be18930f12
Cleaned up output, only querying for %WINDIR% if necessary
2018-04-09 15:27:50 -05:00
c07f2f1a09
Update run_as.rb
2018-04-09 21:24:16 +05:30
c34b796f13
Remove temp file from dist after cmd execution
...
https://github.com/rapid7/metasploit-framework/issues/9830
2018-04-09 20:14:01 +05:30
3f40f43609
Make final output more readable
2018-04-07 11:05:47 -04:00
0faf2f4e04
Land # 8007, Added NTDSgrab module to metasploit.
...
Merge branch 'land-8007' into upstream-master
2018-04-03 15:56:37 -05:00
e17be05e6a
Land #9595 , Add post module RID Hijacking on Windows
2018-04-03 14:12:34 -05:00
0806c0725f
Fix some bugs with command exits
...
Also fix a bug in check()
2018-04-03 10:35:49 -04:00
d6dc0a2d4f
Adjust rid_hijack.rb code style with rubocop recommendations.
2018-04-03 04:57:41 +02:00
c401872af6
Fix some logic flaws and other review things
...
Also make the output more reliable
2018-03-30 19:20:20 -07:00
76af9d5a15
Add apfs_encrypted_volume_passwd.rb
2018-03-29 23:47:45 -07:00
26463b33a2
Land #9636 , Improve post module persistence_exe
2018-03-26 17:48:53 -05:00
57b048fbf7
Remove requires, changed in-place modification
2018-03-26 17:46:18 -05:00
d6871f5733
Land #9614 , Juniper post enum module
2018-03-06 10:29:56 -06:00
18a1593de7
Clean up registry and fix bug when cleaning the windows local file
2018-03-02 02:31:09 -05:00
d1e91dfdfd
Fix bug
2018-03-01 22:19:03 -05:00
2bb8fc7325
Fix bug
2018-03-01 22:16:59 -05:00
174c47195a
Add options LocalExePath, StartupName, ServiceDescription
2018-02-27 05:32:07 -05:00
fcd6e8acab
Add options LocalExePath, StartupName, ServiceDescription
2018-02-27 05:27:32 -05:00
553a82a408
Add options LEXEPATH, STARTUP_NAME, SERVICE_DESC
2018-02-26 02:39:11 -05:00
f786a1cfb9
Add options LEXEPATH, STARTUP_NAME, SERVICE_DESC
2018-02-26 01:59:49 -05:00
0c82b0a922
Support Windows 2008/7 and above
...
Probably about time that we supported versions less than 10 years old :)
2018-02-24 16:06:55 -05:00
cd728defed
Merge branch 'master' into land-9607-
2018-02-23 11:09:20 -06:00
c7bbc6eca4
juniper post enum module
2018-02-22 21:08:21 -05:00
bda7fefa7f
Land #9444 - `hsts_eraser` module and docs
2018-02-20 21:22:55 -06:00
Shelby Pace
pwnforfun
Tim W
7echSec
Dhiraj Mishra
bwatters-r7
alpiste
Adam Cammack
AlbertoCoding
Kevin Gonzalvo
reka193
William Vu
h00die
Brent Cook
Brendan Coles
thesubtlety
Jacob Robles
Eliott Teissonniere
AlbertoCoding
Wei Chen
Auxilus
Clément Notin
Hypnoze57
Borja Merino
Chris Long
Aaron Soto
thecarterb
r4wd3r
Green-m
Rob Fuller