wchen-r7
a9c3c5d391
Fix typos
2016-09-07 15:40:10 -05:00
wchen-r7
831c7a08a8
Check environment variables before using for winscp module
2016-09-07 15:24:22 -05:00
William Vu
fed2ed444f
Remove deprecated modules
...
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
AgoraSecurity
d65ca818ea
Add validation of session type
2016-08-31 11:29:04 -05:00
AgoraSecurity
ce7d4cf7f7
Removed "shell" from SessionTypes
...
Remove the need to check for the session type manually. It will be automatically validated at the time of module run.
2016-08-31 00:12:31 -05:00
AgoraSecurity
401044ee43
Fix error when saving creds
2016-08-30 16:49:31 -05:00
Brendan
bc6a529388
Added some error checking to CredEnuerateA() railgun call
2016-08-26 16:21:54 -05:00
Louis Sato
4a6b2ef8de
fixing typo for reference for golden ticket
2016-08-24 10:55:36 -05:00
Brendan
83160b7e49
Land #7173 , Add post module to compress (zip) a file or directory
2016-08-24 09:38:04 -05:00
wchen-r7
89c3b6f399
Remove the -d flag for Linux machines
2016-08-23 18:43:50 -05:00
wchen-r7
b081dbf703
Make destination required
2016-08-18 15:56:16 -05:00
William Vu
2fa4c7073b
Land #6995 , SSH key persistence module
2016-08-17 22:44:57 -05:00
wchen-r7
60937ec5e9
If user is SYSTEM, then steal a token before decompression
2016-08-17 16:56:09 -05:00
Brent Cook
870669bdf7
handle exception in getsystem module
2016-08-15 23:51:05 -05:00
David Maloney
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
Pearce Barry
ae59c4ae74
Land #6687 , Fix meterpreter platform to include OS in the tuple for all meterpreters
2016-08-07 05:00:24 -05:00
wchen-r7
45801bc44e
get_env
2016-08-03 11:11:34 -05:00
wchen-r7
bddf5edcf1
Fix typo
2016-08-03 11:04:53 -05:00
wchen-r7
8f7d0eae0c
Fix #7155 - Add post module to compress (zip) a file or directory
...
Fix #7155
2016-08-02 14:44:58 -05:00
AgoraSecurity
b61aaef03e
Fix undercase issue with userlist.dat
...
Remove the 2nd element of the array at line 102.
Add .downcase for line 103.
Fix to find filenames on systems that created the userlist.dat on uppercase.
2016-07-29 15:54:34 -05:00
Pearce Barry
6c7cc061ea
Minor formatting tweaks.
2016-07-28 16:29:42 -05:00
Robert Kugler
ef2899dfd4
msftidy updates
2016-07-28 16:29:42 -05:00
Robert Kugler
7b4bb75294
Create avira_password.rb
2016-07-28 16:29:42 -05:00
wchen-r7
df15eebdf8
Land #7106 , multiple keylog_recorder improvements
2016-07-25 14:54:06 -05:00
Josh Hale
352d63480d
scriptjunkie's recs and fixes additional issues
2016-07-21 22:54:48 -05:00
Josh Hale
722133491d
Wording change in advanced options and doc
2016-07-16 22:57:36 -05:00
Josh Hale
9cb9a2f69d
Update for windows keylog_recorder
2016-07-16 22:38:10 -05:00
AgoraSecurity
dcd09f17bd
New Post Module
...
New post module for windows.
It gathers the users and cracks the password of MDaemon Mail server.
NOTE: The module have a bug and I would appreciate help fixing it (problem when storing credentials)
2016-07-16 19:07:27 -05:00
ktreimann
e3801c425b
Fix typo in USB error message
2016-07-16 09:43:48 -04:00
Brent Cook
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e0216
, reversing
changes made to 7b1d9596c7
.
2016-07-15 12:00:31 -05:00
h00die
7734279147
round 2 of updates
2016-07-15 08:21:17 -04:00
Brent Cook
fcdb32795d
Land #6777 , Linux Xen 4.2.0 DoS
2016-07-13 00:40:42 -05:00
Brent Cook
7b5e3a880d
added module docs and some output tweaks for consistency with other modules
2016-07-13 00:38:46 -05:00
Brent Cook
3e6fed7958
update metadata
2016-07-13 00:13:02 -05:00
Brent Cook
0304b2c1e2
simplify logic, Ubuntu support
2016-07-12 23:50:32 -05:00
Brent Cook
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
Stephen Deck
9d13df3a25
Corrected for console width errors causing erroneous carriage returns, resulting in incorrect hash extraction on ms sql server 2012
2016-07-04 16:23:07 -04:00
Louis Sato
d5d0b9e9b8
Revert "Land #6729 , Speed up the datastore"
...
This reverts commit c6b1955a5a
, reversing
changes made to 4fb7472391
.
2016-06-28 13:39:52 -05:00
h00die
42697b46ac
append over read and write
2016-06-21 16:52:40 -04:00
Meatballs
81f30ca962
Land #6966 , Microsoft Office Trusted Locations Enumeration
2016-06-21 21:45:39 +01:00
h00die
c50f935412
shell > cmd all day
2016-06-20 17:59:01 -04:00
Pearce Barry
95517b4a45
Avoid exception on missing key in prefs.
2016-06-20 09:26:10 -05:00
William Vu
6cb2a6970e
Fix unused SessionType in two modules
...
Pretty sure it should be "shell."
2016-06-19 23:41:34 -05:00
h00die
6905a29b10
sshkey persistence
2016-06-19 22:40:03 -04:00
wchen-r7
c6b1955a5a
Land #6729 , Speed up the datastore
2016-06-15 17:55:42 -05:00
Meatballs
0451d4f079
Cleanup
2016-06-15 22:41:59 +01:00
Vincent Yiu
8a68e86a0a
Update enum_trusted_locations.rb
...
Changed some colours
2016-06-15 13:42:38 +01:00
Vincent Yiu
48714184f3
Update enum_trusted_locations.rb
...
Added product it found the locations in.
2016-06-15 13:41:19 +01:00
Vincent Yiu
1ba33ff7f8
Fixed MSFTidy
...
Fixed MSFTidy stuff
2016-06-12 13:00:44 +01:00
Vincent Yiu
a2a97d0271
Update enum_trusted_locations.rb
...
Fix some changes, I had emet references.
2016-06-12 11:06:20 +01:00
Vincent Yiu
2e03c3511e
Add enum_trusted_locations.rb
...
Quickly enumerates trusted locations for file planting :)
2016-06-12 10:59:57 +01:00
Crypt0-M3lon
233186c833
Check presence in local admin group
...
As the "is_admin?" function only checks if the current session effectively has admin rights, I offer to add a check to know if the current user is in the local admin group using the "is_in_admin_group?" function. This information is better suited to check if admin rights are obtainable using the "bypassuac" module.
2016-06-09 17:47:09 +02:00
Crypt0-M3lon
eaaa9177d5
Fix "username" key to add login in creds database
2016-06-08 10:38:38 +02:00
William Vu
ca76e8f290
Update allwinner_backdoor report_vuln hash
2016-05-24 00:57:37 -05:00
Brent Cook
928a706135
Land #6890 , Allwinner CPU kernel module local privilege escalation
2016-05-23 22:00:52 -05:00
Brent Cook
2f8562fba4
added documentation and minor style tweaks
2016-05-23 21:59:44 -05:00
h00die
4242bbdf55
change report_note to report_vuln per note
2016-05-23 17:36:50 -04:00
h00die
c621f689b2
more descriptive note per @sempervictus
2016-05-18 19:08:01 -04:00
h00die
815a2600a8
additional description
2016-05-17 22:07:33 -04:00
h00die
640e0b9ff7
working ready for pr
2016-05-17 21:58:32 -04:00
Brent Cook
2e3e4f0069
Land #6296 , Added a multi-platform post module to generate TCP & UDP egress traffic
2016-05-14 00:03:00 -05:00
Brent Cook
3542d907f7
simplify description, move the bulk of documentation to documentation/
2016-05-14 00:01:51 -05:00
h00die
314d73546c
additional details, not working on tablet via malicious apk meterpreter
2016-05-13 23:12:44 -04:00
h00die
5099124f3d
module compiles, fails correctly but cant yet verify it works
2016-05-12 22:18:43 -04:00
Brent Cook
a69432abe5
update module class and move to recon from manage
2016-05-12 12:42:04 -05:00
Brent Cook
9f923cdb00
Merge branch 'master' into land-6296-egress
2016-05-12 12:36:47 -05:00
Brent Cook
57a3a2871b
remove various session manipulation hacks since session.platform should always contain an os identifier
2016-05-08 22:39:41 -05:00
wchen-r7
2f66442f1d
Fix #5191 , bad LHOST format causes shell_to_meterpreter to backtrace
...
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.
Fix #5191
2016-04-28 23:03:54 -05:00
Brent Cook
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
wchen-r7
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
wchen-r7
da9f156913
Print IP in print_*
2016-04-22 16:03:31 -05:00
wchen-r7
3aa02891e9
Bring #6801 up to date with upstream-master
2016-04-22 14:04:26 -05:00
join-us
16ff74e293
syntax check / code reduce
2016-04-22 10:53:03 +08:00
Vincent Yiu
ca4bcfe62a
Update enum_emet.rb
...
Cleaned up a bit more
2016-04-22 00:41:10 +01:00
Vincent Yiu
c81d0ade3f
Update, implemented
...
Took @bcook-r7's advice
2016-04-22 00:37:03 +01:00
Vincent Yiu
30ac6b4a93
enum_emet
...
A module to enumerate all the EMET wildcard paths.
2016-04-22 00:20:25 +01:00
Brent Cook
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
Josh Hale
57467b94d9
Fix RegExp evaluation in is_routable? function
2016-04-20 10:22:46 -05:00
Adam Cammack
3da451795c
Fix potential case issue
...
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
Josh Hale
48556483b5
Fix a few comments
2016-04-17 19:16:52 -05:00
Josh Hale
32590c89b7
Add interface name to routing status message
2016-04-17 14:15:50 -05:00
Josh Hale
fb7194c125
Work on autoroute.md
2016-04-17 00:04:42 -05:00
Josh Hale
a5e48b6112
Add default option and clean up comments
2016-04-16 19:50:08 -05:00
Josh Hale
6550e0bc1b
Finish up autoadd_interface_routes
2016-04-16 18:42:41 -05:00
Josh Hale
b3d199c055
Add get_subnet_octet and test
2016-04-16 14:57:39 -05:00
Josh Hale
b1064af082
Initial get_subnet testing
2016-04-16 13:50:15 -05:00
Josh Hale
018e7807fe
Identify routable networks
2016-04-15 22:21:54 -05:00
Josh Hale
e8863ba09d
Initial autoadd_interface_routes work
2016-04-15 22:13:17 -05:00
Josh Hale
5f5c330f2b
Initial Testing of Interface Info Gather
2016-04-14 21:59:48 -05:00
Josh Hale
c39410a070
Fix autoadd problem
2016-04-13 23:31:27 -05:00
CSendner
2319629dd8
Update comments
2016-04-13 05:03:11 +02:00
Christoph Sendner
4970047198
./modules/post/linux/dos/xen_420_dos.rb
2016-04-13 03:31:02 +02:00
wchen-r7
cba7353e1d
Fix another typo?
2016-04-07 17:12:11 -05:00
wchen-r7
ff9d94218d
Fix a typo?
2016-04-07 17:11:42 -05:00
wchen-r7
a3c390ee9d
Change class name to MetasploitModule
2016-04-07 17:11:08 -05:00
wchen-r7
f09637a1c7
Bring #6377 up to date with upstream-master
2016-04-07 17:06:49 -05:00
wchen-r7
0d3eb4f055
Change class name to MetasploitModule
2016-04-07 12:15:32 -05:00
wchen-r7
0f56dbd858
Bring #6378 up to date with upstream-master
2016-04-07 12:10:55 -05:00
wchen-r7
ac051bda7f
Add check is_routable?, and change netmask if needed
2016-04-06 15:28:54 -05:00
wchen-r7
d240e0b3a2
Bring #6515 up to date with upstream-master
2016-04-06 11:27:32 -05:00
wchen-r7
4074634a13
Land #6713 , Add post exploit module for HeidiSQL's stored passwords
2016-03-30 12:10:30 -05:00
wchen-r7
0c6b4d81c8
More proper exception handling
2016-03-30 12:09:40 -05:00
wchen-r7
aaa1515ba0
Print rhost:rport
2016-03-30 11:56:09 -05:00
Meatballs
397d5580be
Use MetasploitModule convention
2016-03-30 15:44:37 +01:00
Meatballs
f8628e3438
Merge remote-tracking branch 'upstream/master' into wdigest_enable
2016-03-30 15:44:21 +01:00
Meatballs
9e45f0c104
Minor tidies
2016-03-30 15:29:03 +01:00
Hans-Martin Münch (h0ng10)
976932ed43
Initial commit
2016-03-26 12:00:25 +01:00
James Lee
d54bbdf9a3
Land #6566 , filezilla xml file locations
2016-03-17 16:27:24 -05:00
James Lee
115a033036
Fix parsing the Last Server xml
2016-03-17 16:27:02 -05:00
James Lee
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
Tim
f83cb4ee32
fix set_wallpaper
2016-03-16 13:07:41 +00:00
Brent Cook
cd84ac37d6
Land #6569 , check if USERNAME env var exists before using in enum_chrome post module
2016-03-13 15:12:51 -05:00
Brent Cook
c89e53d0a3
Land #6666 , fix filezilla_server display bug showing the session ID
2016-03-13 13:56:44 -05:00
wchen-r7
51cdb57d42
Fix #6569 , Add a check for USERNAME env var in enum_chrome post mod
...
Fix #6569
Depending on the context, the USERNAME environment variable might
not always be there.
2016-03-11 15:36:44 -06:00
James Lee
8217d55e25
Fix display issue when SESSION is -1
2016-03-11 11:37:22 -06:00
Christian Mehlmauer
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
Brent Cook
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
.
2016-03-07 13:19:55 -06:00
Brent Cook
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
.
2016-03-07 13:19:48 -06:00
Christian Mehlmauer
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
Christian Mehlmauer
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
Brent Cook
a1190f4344
Land #6598 , add post module for setting wallpaper
2016-03-06 15:00:10 -06:00
Brent Cook
86845222ef
add meterpreter platform workaround
2016-03-06 14:51:34 -06:00
Brent Cook
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
Meatballs
c7f9fbcdfa
Change to enable/disable
2016-03-06 04:31:24 +00:00
Meatballs
6b510005da
Reverse os checks
2016-03-06 04:31:23 +00:00
Meatballs
0e52fda708
Initial tidy
2016-03-06 04:31:23 +00:00
Brent Cook
d955c6a8f6
style fixes
2016-02-29 14:06:49 -06:00
Brent Cook
89b0c8a27a
Land #6571 , use intent to unlock Android screens, support <= 4.3
2016-02-26 05:55:35 -06:00
wchen-r7
f3cf5a8a41
Resolve merge conflict with upstream-master
...
Out of date author field
2016-02-25 14:49:53 -06:00
Tim
27af59ea7c
minor tweaks
2016-02-20 08:35:56 +00:00
William Vu
8a15c36770
Land #6563 , VNC creds scraper uninstall location
2016-02-19 15:01:23 -06:00
William Vu
bfd204ac50
Fix some cosmetic issues
2016-02-19 15:00:56 -06:00
Louis Sato
873250dbec
Land #6557 , bug fix priv_migrate user migration
2016-02-19 12:03:30 -06:00
Brent Cook
b58166a9a8
add android platform to the hash
2016-02-18 20:13:39 -06:00
Tim
5c92076a1e
more cleanup
2016-02-14 09:15:25 +00:00
nk
bc74ceb8c5
Handle errors when parsing interfaces.xml, add check for several locations
2016-02-11 15:56:58 +01:00
Tim
e738b5922d
fix play_youtube to work on Android
2016-02-11 07:16:40 +00:00
Tim
9791e66683
fix remove_lock to work with 4.3 devices
2016-02-11 07:10:05 +00:00
Nicolas Devillers
8118198628
Add vprint of the exception message
2016-02-10 22:47:51 +01:00
nk
1637891ece
Add check for the uninstall location in vnc post module
2016-02-10 20:30:41 +01:00
Josh Hale
62dd82e653
Make fix easier to read
2016-02-10 11:24:45 -06:00
Tim
a93f200851
cosmetic fixes
2016-02-10 07:51:13 +00:00
Josh Hale
4653c27167
Fix minor grammar error in description
2016-02-09 21:24:40 -06:00
Josh Hale
08a41b0a31
Fix issue when target PID not owned by session
2016-02-09 21:22:50 -06:00
Tim
d544bf9311
android set wallpaper
2016-02-01 01:16:17 +00:00
Tim
96ab598835
set wallpaper
2016-02-01 01:01:24 +00:00
Josh Hale
3d4b7af6bb
Update description
2016-01-30 14:35:03 -06:00
Josh Hale
413ea53984
Add found flag and touchup code
2016-01-30 14:31:45 -06:00
Josh Hale
3abb6feb3f
Add autoadd feature to autoroute.rb
2016-01-29 21:34:22 -06:00
wchen-r7
6fb27a3da9
Undo path and move the out of bound check
2016-01-28 23:49:50 -06:00