infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
23,887 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1117 Commits (2c9209f8b19fa00be5b70695f4e93ec92bf4d323)

Author SHA1 Message Date
Meatballs 3bf728da61
Dont store in DB by default 2014-01-07 12:20:44 +00:00
Tod Beardsley cd38f1ec5d
Minor touchups to recent modules. 2014-01-03 13:39:14 -06:00
OJ 1cb671b02e
Merge branch 'adjust_getenv_api' into stop_abusing_expand_path 2014-01-03 08:14:02 +10:00
jvazquez-r7 3f0ee081d9 Beautify description 2014-01-02 15:37:58 -06:00
jvazquez-r7 d5e196707d Include Msf::Post::Windows::Error 2014-01-02 13:41:37 -06:00
jvazquez-r7 ec8d24c376 Update against upstream 2014-01-02 12:55:46 -06:00
jvazquez-r7 3bccaa407f Beautify use of Regexp 2014-01-02 12:54:54 -06:00
bmerinofe 832b0455f1 Class constants and Regex added 2013-12-31 03:20:12 +01:00
jvazquez-r7 4366d4da20 Delete comma 2013-12-30 11:45:52 -06:00
jvazquez-r7 54a6a4aafa
Land #2807, @todb-r7's armory support for bitcoin_jaker 2013-12-30 11:44:51 -06:00
bmerinofe e3d918a8a3 Applying changes 2013-12-30 01:49:13 +01:00
Tod Beardsley 88cf1e4843
Default false KILL_PROCESSES for bitcoin_jacker 
I seem to able to read associated wallet files while these processes are
running with the greatest of ease. Maybe there was a file locking
concern, but I haven't run into it. Feel free to avoid landing this
particular commit if you disagree.
 2013-12-29 14:12:00 -06:00
Tod Beardsley 5e0c7e4741
DRY up bitcoin_jacker.rb, support Armory 
Also, make the process killing optional.
 2013-12-29 13:07:43 -06:00
TabAssassin 9384a466c1
Retab bitcoin_jacker.rb 2013-12-29 10:59:15 -06:00
Tod Beardsley 6fcd12e36c Refactor for clearer syntax and variables 
This was done on a barely configured Windows machine, so mind the tabs.
 2013-12-29 10:15:48 -06:00
Tod Beardsley ef73ca537f First, clean up the original a little 2013-12-28 18:57:04 -06:00
sinn3r f2335b5145
Land #2792 - SSO/Mimikatz module overwrites password with N/A 2013-12-27 17:25:44 -06:00
Meatballs bf8c0b10fa
Dont store n/a creds 2013-12-21 09:04:02 +00:00
jvazquez-r7 a043d384d4
Land #2738, @jiuweigui update to enum_prefetch 2013-12-20 10:26:54 -06:00
Meatballs 71ba78c2f0
Direct to correct module 2013-12-20 16:09:57 +00:00
Meatballs f99a5b8b47
Update for extapi 2013-12-20 13:18:01 +00:00
Meatballs 4ca25d5d89
Merge branch 'enum_ad_perf' into enum_ad_users 2013-12-20 12:54:24 +00:00
Meatballs 62ef810e7c
Use Extapi if available 2013-12-19 18:18:47 +00:00
Meatballs 737154c2fe
Update to use extapi 2013-12-19 16:46:09 +00:00
Meatballs 3ef1c0ecd6 Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2013-12-19 14:25:07 +00:00
Meatballs 244cf3b3f6 Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf 2013-12-19 13:59:57 +00:00
OJ a77daa0902 Fix download_exec to better handle spaces 
It was just wrong. Now it actually works.
 2013-12-19 13:00:26 +10:00
OJ 9fb081cb2d Add getenvs, update getenv, change extract_path use 
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.

Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.

The meterpreter console `getenv` command now uses `getenvs`
 2013-12-19 11:54:34 +10:00
Meatballs 3e54379b0e
Merge remote-tracking branch 'upstream/master' into wmic_post 
Conflicts:
	lib/msf/core/post/windows.rb
 2013-12-18 13:40:54 +00:00
bmerinofe 89ffafad0e Changes to Service mixin 2013-12-17 13:10:27 +01:00
Tod Beardsley 040619c373
Minor description changes 
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
 2013-12-16 14:57:33 -06:00
jiuweigui 446db78818 Minor fix to gather_pf_info function 2013-12-16 21:33:07 +02:00
Meatballs b532987b8f
Re-add file out to wmic_command 2013-12-14 20:58:33 +00:00
Meatballs 7902f061ca
Final tidyup 2013-12-14 20:18:14 +00:00
Meatballs 04496a539c
Fix up local wmi exploit. 2013-12-14 20:05:51 +00:00
Meatballs 4224c016f4
Use WaitForSingleObject instead of loop 2013-12-14 18:42:31 +00:00
Meatballs 12afdd2cbb
Get and parse result from clipboard 2013-12-14 18:30:43 +00:00
Meatballs 3ad1e57f8d
Merge remote-tracking branch 'upstream/master' into wmic_post 2013-12-14 16:25:31 +00:00
bmerinofe f185c2deb1 added driver_loaded post meterpreter module 2013-12-14 00:07:04 +01:00
jvazquez-r7 374e40c815 Add requires 2013-12-11 12:05:12 -06:00
jvazquez-r7 572ddacdd6 Clean ie_proxypac 2013-12-11 11:49:29 -06:00
jvazquez-r7 7589b4c4d5 Merge for retab 2013-12-11 11:47:30 -06:00
bmerinofe e6eeb4a26d rescue RuntimeError added 2013-12-11 03:00:13 +01:00
Tod Beardsley 1b3bc878f8
Unscrew the author name 2013-12-09 21:32:03 -06:00
bmerinofe e9edce10ac Applying changes 2013-12-10 03:07:40 +01:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
jiuweigui 2a0b503f06 Minor fix 2013-12-08 18:17:22 +02:00
bmerinofe 5e5fd6b01a Unless replaced 2013-12-06 15:01:35 +01:00
Meatballs 3aebe968bb
Land #2721 Reflective DLL Mixin 
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.

Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
 2013-12-06 12:26:51 +00:00
OJ 73d3ea699f Remove the last redundant error check 2013-12-06 09:32:21 +10:00
OJ 2cb991cace Shuffle RDI stuff into more appropriate structure 
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
 2013-12-06 08:25:24 +10:00
William Vu 79e23a1e13
Land #2675, @JonValt's forensics/browser_history 
Great job!
 2013-12-05 09:35:53 -06:00
Joshua Harper PI GCFE GCFA GSEC cd5172384f Rename gather_browser_history.rb to browser_history.rb 2013-12-05 08:43:19 -06:00
Joshua Harper 3957bbc710 capitalization ("skype") 
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120307)

Removed some Chrome artifacts and renamed one to reflect "Archived History."  
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120314)
((Will include other doxxes in another module.))
 2013-12-05 08:33:47 -06:00
jiuweigui 717f45ac09 Minor modification 2013-12-05 09:07:28 +02:00
jiuweigui 902d48efab Delete debug prints 2013-12-05 09:03:42 +02:00
jiuweigui 492cd1ca07 Modifications how info is collected from pf files. 2013-12-05 08:56:26 +02:00
OJ b936831125 Renamed the mixin module 2013-12-05 08:13:54 +10:00
bmerinofe 1833b6fd95 More changes. No admin privs check 2013-12-04 14:51:46 +01:00
OJ 7e8db8662e Update name of the mixin 
Changed `RdiMixin` to `ReflectiveDLLInjection`.
 2013-12-04 22:18:29 +10:00
bmerinofe 05479b2a19 Added new options 2013-12-04 11:45:37 +01:00
OJ f79af4c30e Add RDI mixin module 
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.

This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
 2013-12-04 16:09:41 +10:00
bmerinofe 5c266adfd7 added ie_proxypac post meterpreter module 2013-12-03 22:23:09 +01:00
Joshua Harper d1dd7c291b cosmetic (indentation) 
https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7977962
 2013-12-02 13:16:48 -06:00
Joshua Harper cdf6ffa70d Complete refactor with lots of help from @kernelsmith and @OJ. Thank you guys so much. 2013-11-27 21:02:48 -06:00
sinn3r a8af050c16 Update post module Apache Tomcat description 
This module's description needs to be more descriptive, otherwise
you kind of have to pull the source code to see what it actually
does for you.
 2013-11-27 19:21:27 -06:00
Joshua Harper 1c17383eff removed return file_loc 
removed extra space
 2013-11-27 15:04:31 -06:00
Joshua Harper 036cd8c5ad couple cosmetic changes per wvu-r7 2013-11-27 14:44:39 -06:00
jonvalt 9dbeb55b9a removed single quotes from inside %q{} on line 22 per https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7913331 
removed empty advanced options registration on line 28 per https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7913342
 2013-11-26 10:29:38 -06:00
sinn3r 48578c3bc0 Update description about suitable targets 
The same technique work for Microsoft Office 2013 as well. Tested.
 2013-11-24 23:02:37 -06:00
jvazquez-r7 49441875f3
Land #2683, @wchen-r7's module name consistency fix 2013-11-24 16:51:22 -06:00
Meatballs 23a267b65c
Undo move 2013-11-24 15:06:36 +00:00
Meatballs 23ac7ad75a
Merge remote-tracking branch 'upstream/master' into getaddrinfo 2013-11-24 15:00:00 +00:00
Meatballs c03c33f6f6
Initial commit 2013-11-24 14:58:18 +00:00
sinn3r ce8b63f240 Update module name to stay consistent 
This module is under the windows/gather, so must be named the same
way like the rest.
 2013-11-24 01:01:29 -06:00
Meatballs 72822cfa2d
Save egypt from eol comments 2013-11-23 22:11:46 +00:00
Meatballs 646f977888
Use post mixin 2013-11-23 22:07:07 +00:00
Meatballs 4d3e061e43
Merge branch 'enum_ad_perf' into enum_ad_users 2013-11-23 22:05:15 +00:00
Meatballs 699d13eef1
Share the wealth 
Move LDAP methods to a Post mixin.
 2013-11-23 21:42:09 +00:00
Meatballs 11f00cc50b
Backout small change 2013-11-23 21:23:25 +00:00
Meatballs 0c8fc657bb
Address @jlee-r7's comments 2013-11-23 19:42:33 +00:00
jonvalt b712c77413 capitalization 2013-11-22 14:37:54 -06:00
jonvalt 52a3b93f24 Hopefully final commit. 
ALL issues mentioned by todb in https://github.com/rapid7/metasploit-framework/pull/2663/ have been fixed or erased.

Only exception is comment https://github.com/rapid7/metasploit-framework/pull/2663/#discussion_r7837036 which if omitted as recommended, breaks the module.
 2013-11-22 14:17:20 -06:00
jonvalt 9addd37458 minor changes: 
s/grab/gather/g
 2013-11-22 14:03:54 -06:00
jonvalt b742ed13b9 junk commit 2013-11-22 12:38:06 -06:00
jiuweigui b2e7ff4587 Small change for filetime conversion 2013-11-17 22:26:30 +02:00
jiuweigui b73260b74c Add functionality to enum_prefetch post module 2013-11-17 22:10:55 +02:00
James Lee 5b96ad595f
Skip reg values with no secretes 
Also update header comment to match new standard
 2013-11-13 19:05:16 -06:00
James Lee cb10b4783b
Mark XP hashes as mscash for JtR to recognize 2013-11-13 19:04:16 -06:00
James Lee 0aef145f64 Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa 2013-11-13 18:11:21 -06:00
James Lee 8471f74b75
Refactor ivar to a more reasonable method 
Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
 2013-11-13 18:09:41 -06:00
James Lee 8bb72764ec
Rename credentials/lsa -> lsa_secrets 
Secrets are not necessarily credentials
 2013-11-13 15:23:15 -06:00
James Lee 16627c1bd3
Add spec for capture_lsa_key 2013-11-13 15:16:34 -06:00
James Lee 3168359a82
Refactor lsa and add a spec for its crypto methods 2013-11-13 11:55:39 -06:00
Meatballs d9fa092962
Initial commit 2013-11-07 20:48:15 +00:00
Meatballs 6415666830 Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2013-11-07 17:00:56 +00:00
OJ f62247e731 Fix comments, indenting and pxexploit module 
Updated the comments and indentation so they're not blatantly wrong.

Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
 2013-11-05 06:35:50 +10:00
Tod Beardsley 4128aa8c08
Resplat and tabs 2013-10-28 14:03:15 -05:00
sinn3r a95425de08 Check dec instead 2013-10-25 10:47:41 -05:00
sinn3r 1d0a3aad70 [FixRM #8525] undefined method `+' for nil:NilClass in enum_ie 
Looks like for some reason if CryptUnprotectData fails, the decrypt_reg()
method will return "". And when you unpack "", you produce an array of nils.
Since you cannot add something to nil, this should cause an
"undefined method `+' for nil:NilClass" error.

This will check if we get an array of nils, we jump to the next iteration.
 2013-10-25 00:26:38 -05:00