Commit Graph

2982 Commits (2dfff956693cf7549deeb7de2b845932953c3b43)

Author SHA1 Message Date
Stuart Morgan 89728fd8fe Working version 2015-12-20 21:16:17 +00:00
Stuart Morgan ae09549057 New module, strating with managedby_groups 2015-12-20 20:17:06 +00:00
Stuart Morgan 28e563659f Added managedBy to group acquisition 2015-12-20 20:16:18 +00:00
Stuart Morgan d79fd9a9f3 Renamed the comments attribute to comment 2015-12-20 19:53:36 +00:00
Stuart Morgan 924017e606 Moved trust enumeration to separate PR 2015-12-20 19:46:20 +00:00
Stuart Morgan 43f8a35b12 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_filter_to_ad_tools 2015-12-20 19:43:04 +00:00
Martin Vigo 2ddac42be7 Perform Rubocop cleanup 2015-12-19 23:33:32 -08:00
Martin Vigo 2fc940cc3e Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 22:19:20 -08:00
Martin Vigo ab630166bb Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 21:40:30 -08:00
Stuart Morgan 3a89d3cc70 Turns out that we dont need the report or accounts includes in there, so removing them for tidyness 2015-12-20 02:37:25 +00:00
Stuart Morgan c11c0ca7e0 Added comment about the UTF-8 encoding. This is an issue which is documented at https://github.com/rails/rails/issues/1965; namely that SQLite seems to treat ASCII text as a blob meaning that the text searches break. Encoding to UTF-8 seems to fix this. 2015-12-20 02:35:19 +00:00
Stuart Morgan 2301658611 Working 2015-12-20 02:20:59 +00:00
Stuart Morgan 7ce24969bb rubocop fixes 2015-12-20 02:02:44 +00:00
Stuart Morgan d5436c6fae msftidy is now silent 2015-12-20 02:01:11 +00:00
Stuart Morgan b8274cca01 Tested 2015-12-20 01:59:31 +00:00
Stuart Morgan b0eba24c5f Fixed verbosity bug and tidied up 2015-12-20 01:55:44 +00:00
Stuart Morgan 86294a869e No longer need the sAMAccountType lookup table 2015-12-20 01:45:10 +00:00
Stuart Morgan cdf430e689 Fixed bug relating to forgetting to add columns to the schema 2015-12-20 01:44:26 +00:00
Stuart Morgan 14f71eabdb Completing processing the sAMAccountType value 2015-12-20 01:42:25 +00:00
Stuart Morgan 5f5a297324 Adding u_, g_ and c_ parameters to the tables directly avoids most of the views 2015-12-20 01:30:24 +00:00
Stuart Morgan bb25c7606c Restructuring to add SAM_ (userAccountControl) variables as fields directly 2015-12-20 01:28:25 +00:00
Stuart Morgan 872aeccbb6 Significant simplified the hex-to-SID parsing code because we only want the RID out of it 2015-12-19 02:02:40 +00:00
Stuart Morgan 07e5f03aba Fixed 2015-12-19 01:58:29 +00:00
Stuart Morgan c7f8450775 Appears to work correctly 2015-12-19 01:11:20 +00:00
Stuart Morgan 36392ac0cd All works 2015-12-19 00:48:41 +00:00
Stuart Morgan 82c3ec5f4b Added views for users and groups table 2015-12-19 00:26:31 +00:00
Stuart Morgan ba9845818e Appears to work for the computers table (tables and view) 2015-12-18 23:22:22 +00:00
Stuart Morgan cf8f0e2483 Added userAccountControl to the computer table. Note that computer and user LDAP entries are more or less the same (user is the parent for computer), but it makes sense just for sanity and ease of use to keep them separate. 2015-12-18 22:22:56 +00:00
Stuart Morgan eade245a9e Added groupType attribute interpretation 2015-12-18 22:06:20 +00:00
Stuart Morgan e716cd79e3 Needed to use .zero? in the ? : if shorthand for the UAC variables 2015-12-18 21:55:55 +00:00
Stuart Morgan 838f74ff74 Added table creation for userAccoutControl 2015-12-18 21:45:07 +00:00
William Vu 6afcc13774 Requote file path 2015-12-18 15:41:38 -06:00
Stuart Morgan a065fc803c fixed spacing 2015-12-18 21:38:54 +00:00
Stuart Morgan 8821caa199 Added UserAccountControl constants 2015-12-18 21:37:31 +00:00
William Vu 06a2bb53bd Clean up module 2015-12-18 15:29:15 -06:00
Stuart Morgan 6d6306f6e7 Added sAMAccountType constants from MSDN 2015-12-18 21:14:39 +00:00
Stuart Morgan 5b07a35cef Added LDAP filter to identify groups of interest 2015-12-18 14:10:00 +00:00
Stuart Morgan 662010fce7 Added thread capability 2015-12-18 14:06:50 +00:00
Stuart Morgan 0a75fa333c msftidy 2015-12-18 12:14:22 +00:00
Stuart Morgan 91c8c2b9dd Trying to fix threads 2015-12-18 12:14:08 +00:00
Stuart Morgan 6f50635ab2 Strange bug with memberOf param and trying to fix up threads 2015-12-18 11:49:17 +00:00
Stuart Morgan 39bc23629a Getting ready to add thread support 2015-12-18 10:56:41 +00:00
Stuart Morgan 3c8ac89ba8 Added options to dump user membership and group membership to screen 2015-12-18 10:29:53 +00:00
Stuart Morgan 8f95ad315e Added extra user fields to database schema 2015-12-18 10:02:18 +00:00
Stuart Morgan fc45d70d25 Added extra user fields 2015-12-18 09:59:21 +00:00
Stuart Morgan b186aaa08d Added extra computer fields 2015-12-18 09:55:13 +00:00
Stuart Morgan f8b402165c Added extra computer fields 2015-12-18 09:51:04 +00:00
Stuart Morgan 805ba1d7dd Enumerate computers 2015-12-18 08:28:40 +00:00
Stuart Morgan 98c6b56494 Added computer recon 2015-12-18 08:14:30 +00:00
Martin Vigo ccb13a2ca6 Add full IE support and bug fixes 2015-12-17 20:29:50 -08:00
Stuart Morgan f13ca17de0 rubocop 2015-12-18 02:01:38 +00:00
Stuart Morgan 38b6ad4dbf msftidy 2015-12-18 02:00:57 +00:00
Stuart Morgan 36adbadb11 Tidied up SQL searching and added file size indicator 2015-12-18 01:59:19 +00:00
Stuart Morgan eb38859ecc Finally worked out how to use .map to make the SQL stuff far more elegant 2015-12-18 01:40:37 +00:00
Stuart Morgan 1ba6b91968 More accurate description 2015-12-18 01:24:43 +00:00
Stuart Morgan 0ddb40b55e Added UNIQUE and FOREIGN KEY constraints to SQLite DB 2015-12-18 01:23:29 +00:00
Stuart Morgan 15dc542544 Initial module works 2015-12-18 01:13:44 +00:00
Stuart Morgan f31c1c24db Added schema and code to populate SQLite db 2015-12-18 01:01:20 +00:00
Stuart Morgan e3483a2ac3 Getting RIDs from hex mess to decimal. Needs fixing 2015-12-18 00:20:16 +00:00
Stuart Morgan 460778738d Initial version works 2015-12-18 00:00:21 +00:00
Stuart Morgan 41c2d12e0c Tidy up initial print 2015-12-17 23:41:18 +00:00
Stuart Morgan 09fb37db6b Add status updates (useful if there are a large number of groups) 2015-12-17 23:07:02 +00:00
Stuart Morgan 2bcea91b15 Differentiate between user and group errors 2015-12-17 22:57:30 +00:00
Stuart Morgan 85c4e89526 Process user levels 2015-12-17 22:55:02 +00:00
Stuart Morgan 7c145c45e8 add LDAP_MATCHING_RULE_IN_CHAIN oid (from my adsi rework earlier) 2015-12-17 22:44:35 +00:00
Stuart Morgan f2b038f4b3 Begin loop to grab effective users of each group 2015-12-17 22:39:56 +00:00
Stuart Morgan c98519e0b9 Get groups using ADSI 2015-12-17 22:35:51 +00:00
Stuart Morgan 7b019bddf4 Initial version, just basing it on the ad_users module 2015-12-17 22:14:14 +00:00
Stuart Morgan e17a7a5d8c Fix attributes 2015-12-17 21:38:42 +00:00
Stuart Morgan 59d5626ef7 Bugfix 2015-12-17 21:36:19 +00:00
Stuart Morgan cba1ddbdc2 rubocop 2015-12-16 22:38:05 +00:00
Stuart Morgan 47e484408f rubocop 2015-12-16 22:31:54 +00:00
Stuart Morgan 9eef27e4c1 Removed snake case and added SID translation call 2015-12-16 22:31:22 +00:00
Stuart Morgan cc3ac3ad95 Removed trailing line spaces 2015-12-16 22:28:27 +00:00
Stuart Morgan 58635be237 Try to unpack the SID from hex to normal cut/paste format. Its a mess. 2015-12-16 22:27:52 +00:00
Stuart Morgan 421a29d998 Added the trust types from MSDN 2015-12-16 22:18:28 +00:00
Stuart Morgan fbe0cfde8f Fixed URL for trustDirection reference 2015-12-16 22:16:33 +00:00
Stuart Morgan fd8405f52d added trustDirection 2015-12-16 22:15:10 +00:00
Stuart Morgan 4da8859e57 added trustAttributes 2015-12-16 22:13:00 +00:00
Stuart Morgan 207a964117 Loop through results 2015-12-16 21:52:30 +00:00
Stuart Morgan 087a01f27f Templated table 2015-12-16 21:40:49 +00:00
Stuart Morgan fdf1a8c235 Updated with the LDAP fields to retrieve 2015-12-16 21:39:33 +00:00
Stuart Morgan ed4cf71ca8 Initial add (templated from Ben's bitlocker module) 2015-12-16 21:26:02 +00:00
Stuart Morgan c9c1dd22ee Added custom LDAP filter to ad_groups and ad_users to save having to use meterpreter's adsi interface 2015-12-16 10:38:38 +00:00
Stuart Morgan 2c29298485 undoing this, put in a separate module 2015-12-15 23:16:21 +00:00
Stuart Morgan 5dd8cb7648 proper type conversions 2015-12-15 23:13:02 +00:00
Stuart Morgan fef9a84548 rubocop 2015-12-15 23:12:14 +00:00
Stuart Morgan a2b30ff16e msftidy 2015-12-15 23:11:40 +00:00
Stuart Morgan 281966023c Final version 2015-12-15 23:10:06 +00:00
Stuart Morgan 7fa453b7ff Added module 2015-12-15 22:31:00 +00:00
Stuart Morgan 059de62400 Editing an existing module rather than adding a new one 2015-12-15 21:36:39 +00:00
Stuart Morgan 4a66b487de Based on putty enum module 2015-12-15 21:28:13 +00:00
William Vu b085989923
Land #6266, rsync creds scraper 2015-12-14 11:37:30 -06:00
Jon Hart 39da306b1d
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
Jon Hart ed8076f361
Merge branch 'master' into pr/6197 2015-12-08 12:08:15 -08:00
Jon Hart 2177b979fd
Update SessionTypes command to describe why shell is not listed 2015-12-08 12:06:47 -08:00
Jon Hart 3890961155
Correct SEP client exclusion enumeration 2015-12-08 10:16:25 -08:00
BAZIN-HSC be5f648969 manage-bde.exe path test if in System32 or sysnative 2015-12-08 16:14:13 +01:00
William Vu db788d1b7c
Land #6238, CmdStager BOURNE_{PATH,FILE} options 2015-12-07 12:34:42 -06:00
Jon Hart f6417df9ba
Update enum_av_excluded to work properly under wow64 2015-12-04 17:13:43 -08:00
Jon Hart ad60a4118e
Put admin and client exclusions in different tables 2015-12-04 13:01:28 -08:00
Jon Hart c92365090f
Simpler 2015-12-04 12:38:25 -08:00
Jon Hart e7d2eb6ad9
Wire in support for showing process and file extension exclusions 2015-12-04 12:35:42 -08:00
Jon Hart 78a303974f
Handle empty exclusions better 2015-12-04 12:19:17 -08:00
Jon Hart 81ee01a93e
Simplify exclusion extraction and printing 2015-12-04 11:42:03 -08:00
Jon Hart 1968a76863
Simplify AV enumeration code 2015-12-04 10:27:14 -08:00
Christian Mehlmauer fc9d818837
change youtube url 2015-12-04 10:15:56 +01:00
Martin Vigo b4ade1989a Add IE support for stored passwords 2015-12-04 00:13:42 -08:00
Jon Hart 28ee056c32
Make enumeration of each individual AV optional 2015-12-03 16:07:49 -08:00
Jon Hart c007fffbce
Style cleanup 2015-12-03 15:55:12 -08:00
Stuart Morgan 78d391fa10 Rubocop 2015-12-02 14:54:30 +00:00
Stuart Morgan 99dceb33ac Added 'ALL' support (to do TCP and UDP in one go) 2015-12-02 14:50:16 +00:00
Rory McNamara 15dd18dc4b use single quotes, remove explicit nil 2015-12-02 09:36:07 +00:00
Jon Hart 366b92a79e
Store rsync creds as creds, not loot 2015-12-01 15:30:39 -08:00
Stuart Morgan b66be85ccb Rubocop 2015-12-01 22:32:04 +00:00
Stuart Morgan d5c0da5e19 Added 33434-33534 because this is the default udp range for traceroute (might be enabled by sysadmins to enbale traceroutes to work) 2015-12-01 22:31:12 +00:00
Stuart Morgan 74a07709b8 Use the Comm param instead of adding a route as suggested by @jlee-r7 and hdm 2015-12-01 21:42:27 +00:00
Stuart Morgan c744b14a8a Exclude python meterpreter, doesn't seem to work 2015-11-29 20:40:42 +00:00
Stuart Morgan 6a3172268e Fixed module metadata 2015-11-29 19:32:55 +00:00
Stuart Morgan 2bc5b98d6e Rubocop fixing alignment of ifs and ends 2015-11-29 19:17:49 +00:00
Stuart Morgan 8b4649e75c Working through rubocop issues 2015-11-29 19:11:10 +00:00
Stuart Morgan 9267afc18b Rubocop 2015-11-29 19:06:24 +00:00
Stuart Morgan 9a6f0d6734 Reducing complexity (rubocop) 2015-11-29 19:06:07 +00:00
Stuart Morgan b5909852a9 Rubocop 2015-11-29 19:02:33 +00:00
Stuart Morgan d4bb5537b2 Fixed stupid paste error 2015-11-29 19:02:15 +00:00
Stuart Morgan fd7a6465c6 Attemping to simplify code 2015-11-29 19:01:34 +00:00
Stuart Morgan 10f89239a5 rubocop 2015-11-29 18:59:40 +00:00
Stuart Morgan 6a567845e0 Tidy up error messages 2015-11-29 18:54:46 +00:00
Stuart Morgan 12dbe31bee Apparently adding .close causes it to hang 2015-11-29 18:49:51 +00:00
Stuart Morgan 41d963eeb1 Debugging 2015-11-29 18:34:26 +00:00
Stuart Morgan b6dfafaeb7 Stabilised code, still giving errors on threads>1 in native mode though 2015-11-29 18:14:19 +00:00
Stuart Morgan e18f8b5e21 Now works for both TCP and UDP
However, it gives 'interrupted by console user' as an error message for no reason (?timeouts?)
2015-11-29 17:53:04 +00:00
Stuart Morgan 98e0050e8c Fixed 'end' bugs (mismatched blocks) 2015-11-29 16:20:33 +00:00
Stuart Morgan af106737b9 Adding both native and winapi options, split out to functions & fix up 2015-11-29 16:17:07 +00:00
Andrew Smith 59bd88ff70 msftidy 2015-11-27 16:45:52 -05:00
Andrew Smith 9c016343c7 Update to logic and reliability
Included support for Windows Defender

Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
Stuart Morgan f492a1d80a Merge branch 'master' of https://github.com/rapid7/metasploit-framework into post_multi_egress_traffic 2015-11-26 14:41:55 +00:00
Stuart Morgan 5ffeaddf1e Added help 2015-11-26 14:01:40 +00:00
Stuart Morgan 1ce0386d01 Reusing port array generation code 2015-11-26 13:59:15 +00:00
Martin Vigo 9d747e67a3 Fix bugs in new Firefox creds storage 2015-11-25 21:28:07 -08:00
Jon Hart a692a5d36c
Remove Platform, this should work everywhere; correct grammar 2015-11-25 11:23:18 -08:00
Louis Sato 55b3e10390
Land #6258, smart_migrate enhancement 2015-11-24 11:30:29 -06:00
Stuart Morgan 09d4bd8175 Added basic function definition for non-Win32API egress 2015-11-24 15:38:06 +00:00
Stuart Morgan 4ea732716a Added file 2015-11-24 15:37:44 +00:00
Stuart Morgan f0271c04ab Merge remote-tracking branch 'origin/master' into post_multi_egress_traffic 2015-11-24 15:27:38 +00:00
William Vu 16e6ced867
Land #6108, OpenVPN creds scraper 2015-11-23 14:25:19 -06:00
William Vu 601d4fda9f Add note about --auth-nocache 2015-11-23 14:24:26 -06:00
Jon Hart 718e928fe3
Control per-user config file 2015-11-23 11:11:03 -08:00
Louis Sato 493e476a43
Land #6243, check nil for sock.read 2015-11-23 11:15:51 -06:00
Jon Hart 93bb31dfa0
Make path to rsyncd configuration file configurable 2015-11-21 19:50:33 -08:00
Martin Vigo f34c7a8594 Support for new Firefox method to store credentials 2015-11-20 23:42:59 -08:00
Jon Hart aa962f30a9
Minor style/usability cleanup 2015-11-20 13:51:31 -08:00
Jon Hart a96102c20a
Minor cleanup 2015-11-20 13:19:38 -08:00
Jon Hart c75e3c8e84
Initial commit of a post module for looting rsync credentials 2015-11-20 12:57:33 -08:00
BAZIN-HSC 5592e4e4ea seek_relative suppression (use seek instead) 2015-11-20 18:30:51 +01:00
BAZIN-HSC dd027982ae if recovery_key specified, only method that is tried 2015-11-20 18:30:50 +01:00
BAZIN-HSC f49d6905a6 Fix comments by @jhart-r7 2015-11-20 18:30:50 +01:00
BAZIN-HSC 8f135c07aa Remove hard coded C:\Windows and use %SYSTEMROOT% 2015-11-20 18:30:49 +01:00
BAZIN-HSC 7d9d74f609 msftidy... 2015-11-20 18:30:49 +01:00
BAZIN-HSC c8847182d7 Add module to dump Bitlocker master key (FVEK) 2015-11-20 18:30:48 +01:00
sammbertram f1675f9ae4 Minor enhancement to smart_migrate
Adding a check to see if the user is currently already migrated to the "explorer.exe" and "winlogon.exe" processes prior to attempting migration.
2015-11-19 13:30:12 +00:00
Rory McNamara 811167442c Re-disable debugging nodelete 2015-11-17 13:10:03 +00:00
Roberto Soares ac99f9c229 Fix condition 2015-11-17 00:52:42 -02:00
Roberto Soares f69e7c0fb3 Fix condition 2015-11-17 00:49:04 -02:00
Roberto Soares a48d0b275b Added check if the commands executed successfully. 2015-11-17 00:07:31 -02:00
wchen-r7 f6fdabfd77
Land #6239, added Session info display to module output
MS-706
2015-11-16 18:10:58 -06:00
wchen-r7 17a1f2ee8a Fix #6242, Check nil for sock.read
Fix #6242
2015-11-16 14:24:46 -06:00
David Maloney a1ab8f1dc7
added Session info display to module output
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action

MS-706
2015-11-16 12:13:26 -06:00
PsychoMario 2b99969f9a quote paths to allow spaces 2015-11-15 00:14:30 +00:00
PsychoMario e3f25fd6e2 Add support for specifying path, file in bourne dropper 2015-11-14 18:31:11 +00:00
Jon Hart 38ca943219
Remove unneeded width arg 2015-11-13 11:49:50 -08:00
Jon Hart 4604f8cd83
Move cowsay to Rex::Text so that everyone can enjoy it ;) 2015-11-13 08:57:48 -08:00
Martin Vigo 211da2746e Support cookie auth key decryption 2015-11-11 16:26:07 -08:00
Jon Hart 15cfa925c8
Document the cloud mess 2015-11-11 12:06:53 -08:00
Jon Hart a328675f77
Add simulated cowsay support to wall 2015-11-11 11:54:46 -08:00
Jon Hart 8d21a91f3e
Add initial wall module 2015-11-11 09:15:32 -08:00
Jon Hart 8f86b2519f
Resolve 'duplicate key warning' for some modules 2015-11-09 18:40:32 -08:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
Andrew Smith c44ecfeb15 Spacing 2015-11-06 10:55:29 -05:00
jakxx e4d8909815 Initial Commit 2015-11-05 20:43:30 -05:00
jvazquez-r7 20679ea6c6
Land #5720, @g0tmi1k's changes to firefox_creds post module 2015-11-05 15:36:08 -06:00
Martin Vigo b0f92b49a2 Print vault passwords 2015-11-01 21:47:00 -08:00
wchen-r7 95920b7ff6 Bring back more working links 2015-10-29 15:57:16 -05:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
Martin Vigo e67065a7e9 Fix Firefox/Opera bugs 2015-10-26 22:40:47 -07:00
Martin Vigo da9420a915 Retrieve randkey from LastPass 2015-10-26 19:17:09 -07:00
Roberto Soares 0bce90654f Changed path to save dump data 2015-10-22 15:11:55 -02:00
Roberto Soares 467ae52ec3 Remove redundant check 2015-10-21 13:12:45 -02:00
Brent Cook 0784370b98 more typo and whitespace fixes 2015-10-20 13:09:17 -05:00
Rob Fuller 2f1406e1c8 fix typo
not sure how this got in there
2015-10-20 13:48:00 -04:00
Roberto Soares 78d5e52dd6 Add OpenVPN Grab Credentials - Post Module 2015-10-19 23:11:02 -02:00
Brent Cook 20366993e3
Land #5937, use the Android mixin to get the Android version 2015-10-16 14:23:27 -05:00
jvazquez-r7 c967b60bf8
Land #5948, @bcook-r7's fix shell_to_meterpreter from powershell 2015-10-02 15:59:43 -05:00
jvazquez-r7 6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions 2015-10-02 15:26:42 -05:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
William Vu 8866b15f3b Fix creds reporting 2015-10-01 00:24:43 -05:00
Brent Cook f3451eef75
Land #5380, pageantjacker, an SSH agent proxy 2015-09-26 10:52:44 -04:00
Stuart 853d822992 Merge pull request #1 from bcook-r7/land-5380-pageantjacker
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
jvazquez-r7 415fa3a244
Fix #5968, some modules not handling Rex::Post::Meterpreter::RequestError exceptions
* Related to the usage of ADSI on unsupported OSes
2015-09-21 14:33:00 -05:00
Stuart Morgan cdd39f52b1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension 2015-09-21 14:34:56 +02:00
Stuart Morgan e8e4f66aaa Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension 2015-09-21 14:34:38 +02:00
Brent Cook 61e7e1d094 update pageantjacker to run as part of extapi 2015-09-20 20:25:00 -05:00
William Vu 5f9f66cc1f Fix nil bug in SSO gather module 2015-09-11 02:21:01 -05:00
William Vu a1a7471154
Land #5949, is_root? for remove_lock_root 2015-09-11 02:09:14 -05:00
wchen-r7 e9e4b60102 move require 'msf/core/post/android' to post.rb 2015-09-11 01:58:12 -05:00
wchen-r7 f2ccca97e0 Move require 'msf/core/post/android' to post.rb 2015-09-11 01:56:21 -05:00
wchen-r7 90ef9c11c9 Support meterpreter for OS X post modules 2015-09-10 15:57:43 -05:00
jvazquez-r7 30cb93b4df
Land #5940, @hmoore-r7's fixes for busybox post modules 2015-09-08 15:12:23 -05:00
wchen-r7 122d57fc20
Land #5945, Add auto-accept to osx/enum_keychain 2015-09-08 10:56:08 -05:00
wchen-r7 13afbc4eae Properly check root for remove_lock_root (android post module)
This uses the Msf::Post::Android::Priv mixin.
2015-09-08 10:40:08 -05:00
joev 1b320bae6a Add auto-accept to osx/enum_keychain. 2015-09-07 21:17:49 -05:00
HD Moore ec5cbc842e Cosmetic cleanups 2015-09-05 22:56:11 -05:00
HD Moore 8c0b0ad377 Fix up jailbreak commands & regex for success detection 2015-09-05 22:54:07 -05:00
wchen-r7 da0752e8c2 use fail_with 2015-09-04 15:12:05 -05:00
wchen-r7 7ab506dc06 Use Msf::Post::Android::System#get_build_prop to get the android ver
Instead of grabbing the android version from the module, this
is done by the mixin.
2015-09-04 15:05:45 -05:00
jvazquez-r7 eaf51a2113
Land #5722, @vallejocc's busybox work 2015-09-04 13:36:44 -05:00
jvazquez-r7 5dd0cee36a
Add comment 2015-09-04 13:30:00 -05:00
jvazquez-r7 8bfa5bcd09
Do some more minor code cleaning 2015-09-04 13:08:27 -05:00
jvazquez-r7 ac49c80367
Do minor code cleanup 2015-09-04 12:46:21 -05:00
jvazquez-r7 60d2856444
Use id instead of whoami 2015-09-04 12:02:21 -05:00
jvazquez-r7 4fa58efaa0
Allow to configure the DOWNLOAD_TIMEOUT 2015-09-04 11:54:22 -05:00
jvicente 2b2dec3531 Fixed typo direcotry. 2015-09-04 18:52:55 +02:00
jvazquez-r7 319bc2d750
Use downcase 2015-09-04 11:18:09 -05:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
HD Moore f0ef035a0b Update the module titles to clarify what these do 2015-09-03 12:53:25 -05:00
HD Moore 630057e23f Implement suggestions from the PR discussion 2015-09-03 12:42:51 -05:00
HD Moore 57c8038f07 Merge branch 'master' into land-5413 2015-09-03 12:38:19 -05:00
HD Moore 0f1530adc1 Merge branch 'master' into land-5412 2015-09-03 12:22:00 -05:00
jvazquez-r7 9c7f97d124
Fix methods name schema 2015-08-28 13:26:52 -05:00
jvazquez-r7 be7db10e7d
Fix busybox_write_file 2015-08-28 13:15:07 -05:00
jvazquez-r7 c4a3b4f18e
Add busy_box_file_exist? 2015-08-28 11:56:12 -05:00
jvazquez-r7 8faf6f9cd0
Fix require 2015-08-28 11:51:26 -05:00
jvazquez-r7 e62b117fda
Include mixin correctly 2015-08-28 11:50:17 -05:00
jvazquez-r7 132f5c6a20
Review jailbreak 2015-08-28 11:44:57 -05:00
jvazquez-r7 e7f486e43a
Review wget_exec 2015-08-28 11:24:41 -05:00
jvazquez-r7 edc9982c8b
Review smb_share_root 2015-08-28 11:18:49 -05:00
jvazquez-r7 c2639fc138
Review set_dns 2015-08-28 11:00:46 -05:00
jvazquez-r7 4523608bf7
Review set_dmz 2015-08-28 10:43:09 -05:00
Stuart Morgan b59bc30160 Fixed stupid bracket error 2015-08-28 16:13:22 +01:00
jvazquez-r7 0e810aa8bc
Clean ping_net 2015-08-28 09:53:31 -05:00
Stuart Morgan 8bf815c4bb rubocop 2015-08-28 15:39:02 +01:00
jvazquez-r7 42b342d615
Clean enum_hosts 2015-08-28 09:37:18 -05:00
jvazquez-r7 dfdb4fe044
Review enum_connections 2015-08-28 09:28:12 -05:00
jvazquez-r7 577656a78e
Change modules location 2015-08-28 09:17:23 -05:00
Stuart Morgan b8b68983b0 Merge remote-tracking branch 'upstream/master' into adsi_group_enum_improvements 2015-08-28 15:11:27 +01:00
Stuart Morgan f371a1c4fc Added the ability to list AD groups by POST module 2015-08-28 15:10:48 +01:00
Stuart Morgan 8682ec77c5 Added group filtering to the enum_ad_users module 2015-08-28 15:10:27 +01:00
g0tmi1k eb43241425 Firefox_creds more stable/bug fixs (Linux/OSX) 2015-08-27 11:43:53 +01:00
HD Moore a2d5511e39
Land #5379, new post modules to load into powershell sessions 2015-08-26 17:11:40 -05:00
Brent Cook 5633c1431f
Land #5821, add explicit 64-bit pointer support to enum_cred_store 2015-08-24 09:44:36 -05:00
jvicente b37efd29b0 Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb. 2015-08-23 12:17:17 +02:00
wchen-r7 fb2adb2e51 Check blank bullprop, also better instructions for the user. 2015-08-23 02:20:51 -05:00
wchen-r7 0f3e96b457
Merge branch 'upstream-master' into pr5416 2015-08-22 22:10:56 -05:00
HD Moore d264802ce0 Consistency and API conformance changes to LES 2015-08-21 12:38:58 -05:00
wchen-r7 4a91dfdcf5
Land #5873, report_note for local_exploit_suggester 2015-08-20 17:52:33 -05:00
Mo Sadek b20a283617 Added report_note to suggester 2015-08-20 13:57:16 -05:00
jvicente a9ad7b7c6f Modifications to use cmd_exec instead of session.shell_write.
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
jvazquez-r7 e7433b81bd
Reuse architecture check 2015-08-17 10:28:10 -05:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
benpturner 8800d89424 Updated to reflect HD's comments on indents and name of local script. 2015-08-16 10:47:20 +01:00
Brent Cook 9720e8e081 normalize osx to darwin so python meterp works 2015-08-15 19:49:55 -05:00
Brent Cook 422bba87d3 style fixes, moved google_geolocate to google/geolocate 2015-08-15 19:49:32 -05:00
Brent Cook 0a4651a553
Land #5359, add PuTTY session enumeration module 2015-08-14 13:20:05 -05:00
Stuart Morgan ee7c418ca8 Rubocop and msftidy-ied :-) 2015-08-14 17:19:07 +01:00
Stuart Morgan 02a58d459b Merge remote-tracking branch 'upstream/master' into pageant_extension 2015-08-14 17:05:38 +01:00
Stuart Morgan e2b6c11a3e Update 2015-08-14 16:24:52 +01:00
Tod Beardsley 50041fad2a
Pre-Bloggery cleanup
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.

Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.

Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823, mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
William Vu 80f415074b
Land #5823, mv local_exploit_{suggestor,suggester} 2015-08-11 13:52:55 -05:00
Mo Sadek 7f0d992914 Fixed name typo 2015-08-11 11:51:52 -05:00
jvazquez-r7 76f6312fab Fix #3916 Support 64 bits targets on enum_cred_store 2015-08-10 15:16:12 -05:00
jvicente 5ff61ca5f3 Added modules to jailbreak and control remotely BusyBox based devices. It was added to a word list with default credentials typically used by commercial routers. 2015-08-10 18:29:41 +02:00
Meatballs c197e5224d
Store loot 2015-08-01 20:52:25 +01:00
Meatballs deb6f5638e
Update WinSCP Gather
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
Brent Cook affc86bfd9
Land #5779, make cachedump / lsa_secrets work on 64-bit windows 2015-07-31 16:25:47 -05:00
wchen-r7 629afd86fc
Land #5788, local exploit suggestor
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
wchen-r7 34279776a6 Minor edit 2015-07-30 18:40:41 -05:00
wchen-r7 fc4fdba482 Merge branch 'suggestor' of https://github.com/MSadek-r7/metasploit-framework into pr5788 2015-07-30 18:31:49 -05:00
wchen-r7 08338b73b2 Add get_target_arch and get_target_os
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
Mo Sadek af55ef7352 Added session.present? 2015-07-30 10:10:42 -05:00
Mo Sadek 7aa78dfd4e Revamped os, platform, arch detection. Added count for exploits being tried 2015-07-30 09:36:02 -05:00
Mo Sadek 1521c8f87e Reworded to no suggestions available 2015-07-29 17:40:27 -05:00
Mo Sadek 66489202fc Added error message if no exploits are found 2015-07-29 17:31:23 -05:00
Mo Sadek b58c6248fe Fixed ShowDescription bug 2015-07-29 16:52:06 -05:00
Mo Sadek 2cddfda0a0 wchen-r7's fixes, fixed indentation, removed newlines, added desc. 2015-07-29 16:13:50 -05:00
Mo Sadek c725f74d46 Add Local Exploit Suggestor
Resolve #5647
2015-07-29 13:19:51 -05:00
Tod Beardsley a342a9db10
Another sticky keys ref, from @carnal0wnage 2015-07-29 12:32:38 -05:00
Tod Beardsley 8043e5a88e
Add a reference to the sticky keys exploit 2015-07-29 12:31:43 -05:00
Tod Beardsley ee66cadde2
Don't use bullet points in descriptions
They never render correctly in anything other than a text editor.

modules/post/windows/manage/sticky_keys.rb first landed in #5760,
Sticky Keys post module
2015-07-29 12:29:09 -05:00
William Vu ff9b975576
Land #5701, @g0tmi1k's filezilla_server refactor 2015-07-29 11:13:22 -05:00
jvazquez-r7 e966545e08
Fix mask 2015-07-29 09:13:37 -05:00
g0tmi1k 38e952ba07 Python -> Ruby 2015-07-29 10:55:28 +01:00
Martin Vigo a3365a9c7f Add key, 2fa, iterations and otp support 2015-07-28 00:15:08 -07:00
jvazquez-r7 ab7ffb1a08
Fich cachedump 2015-07-27 17:26:53 -05:00
jvazquez-r7 704c8cadd9
Fix lsa_secrets 2015-07-27 16:19:01 -05:00
g0tmi1k 7c3e79f72d Smarter way to download via meterpreter
...less chance of data crupterion
2015-07-27 19:49:06 +01:00
William Vu 4dd2c31b44
Land #5760, Sticky Keys post module 2015-07-23 17:12:31 -05:00
William Vu 06ed7ba574 Add a comma 2015-07-23 17:12:17 -05:00
OJ ebdbb179ce Last of the style fixes 2015-07-24 08:09:25 +10:00
OJ db7fadfc36 Fix indentation 2015-07-24 08:08:01 +10:00
OJ 616e1ddd68 Change enum to action, a couple of tidies 2015-07-24 08:01:58 +10:00
Samuel Huckins a818dc4460
Land #5657, misc fixes to domain_hashdump 2015-07-23 16:58:46 -05:00
OJ e60f590f09 Add DisplaySwitch.exe support with WINDOWS+P
As per @mubix's request.
2015-07-24 07:20:31 +10:00
OJ 1dd765d6e6 Remove trailing spaces 2015-07-23 13:17:34 +10:00
OJ 0f2692f24f Fix up silly mistake with `fail_with` 2015-07-23 13:14:35 +10:00
OJ 691b13ebd8 Add the sticky_keys module 2015-07-23 12:53:47 +10:00
James Lee 52e4f45ecd
Use the new thing in wlan_geolocate 2015-07-20 20:24:07 -05:00
James Lee d6e12d431f
Style and whitespace 2015-07-20 19:40:25 -05:00
wchen-r7 425a9dc266 credit OJ 2015-07-17 13:47:17 -05:00
wchen-r7 663bcbe53b Avoid checking these system process names 2015-07-17 13:46:02 -05:00
g0tmi1k d5c57d9d6e Use creds API 2015-07-16 16:05:59 +01:00
OJ e1b1db9f88 Fix stupid typo 2015-07-16 23:03:49 +10:00
OJ 986463e489 Fix killav post module, handle errors, better output 2015-07-16 11:35:01 +10:00
Marc-Andre Meloche 2735c035b5 fixed issues as requested.
fixed.
2015-07-15 20:36:19 -04:00
Marc-Andre Meloche 579fb5fb1f Fixed
Fixed
2015-07-15 20:09:42 -04:00
Marc-Andre Meloche c762e9e8d6 Fixed as requested.
I added the possibility to read from file, instead of modifying the module each time.
2015-07-15 20:02:18 -04:00
Marc-Andre Meloche 7520bc9a8a Exported Killav into a post-exploitation module
I was unsure if this was the place to send the update.
2015-07-15 14:04:37 -04:00
g0tmi1k 074ed20f1c Fix Firefox_Creds
...isn't perfect.
2015-07-14 13:33:48 +01:00
g0tmi1k d795b2f831 Module cleanup 2015-07-11 19:40:21 +01:00
g0tmi1k 14d0d456f4 Fix FileZilla perm loot bug 2015-07-11 19:11:59 +01:00
g0tmi1k c92d0d9df6 Fix FileZilla Server 2015-07-11 18:14:55 +01:00
Spencer McIntyre 632bcda345
Land #5652, improve LAPS filter to reduce empty results 2015-07-03 15:02:39 -04:00
David Maloney e843db78dc
put rhost option back
it is needed for the wmic query that
creates the shadowcopy

MSP-12867
2015-07-02 14:46:40 -05:00
David Maloney 7b2b526ea1
deregister unwated options
deregister mixin options that we don't need
for this module
2015-07-02 14:33:21 -05:00
William Vu 8892cbdd10 Fix some minor things 2015-07-02 14:32:16 -05:00
David Maloney cc51d1e8fd
use registry data for VSS grab
use the location data we got from the registry for copying
the NTDS.dit file correctly with the VSS method
2015-07-02 14:27:51 -05:00
David Maloney 89d283da09
check registry for ntds location
check the registry for the location of the ntds.dit
file

MSP-12867
2015-07-02 14:07:47 -05:00
Tod Beardsley 95f19e6f1f
Minor description edits for clarity
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642, Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF

Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590, @Meatballs1 adds MS LAPS Enum post mod

Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
David Maloney 42daf4d38b
fix up ordering of pre-checks
i hate early returns, but we need to bail out early
if some of these checks fail

MSP-12867
2015-07-02 11:52:02 -05:00
Meatballs 8a3873d730
Tweak filter to reduce empty results 2015-07-02 09:53:08 +01:00
Spencer McIntyre a37ac1b089
Land #5590, @Meatballs1 adds MS LAPS Enum post mod 2015-07-01 21:19:15 -04:00
William Vu 399b3d2810
Land #5629, moar cmd_exec refactoring 2015-07-01 00:36:19 -05:00
Martin Vigo 0e5e8032ad Add Firefox 2FA support 2015-06-30 21:02:10 -07:00
Martin Vigo 5b0647a1f2 Add support to steal 2FA token 2015-06-29 22:20:38 -07:00
jvazquez-r7 656e6f5c73
Fix windows enum modules 2015-06-29 11:56:38 -05:00
jvazquez-r7 834c0e594a
Update multi modules 2015-06-29 11:36:28 -05:00
jvazquez-r7 ae172691f2
Update linux gather post modules 2015-06-29 10:21:13 -05:00
jvazquez-r7 2cbb107bba
Update enum_configs 2015-06-29 09:55:18 -05:00
jvazquez-r7 093f339f6b
Land #5268, @Meatballs1's post windows module to retrieve Bitlocker Recovery Keys from AD 2015-06-26 17:07:36 -05:00
jvazquez-r7 600a296291
Do minor cleanup 2015-06-26 16:51:00 -05:00
jvazquez-r7 31b7ef49d6
Solve conficts 2015-06-26 11:36:17 -05:00
Meatballs 9c4a96761e
Small tidyup 2015-06-23 23:10:29 +01:00
Meatballs 4392b7c1de
Enum LAPS 2015-06-23 23:02:22 +01:00
Meatballs 221980820a Committed wrong file
This reverts commit 76c2198ef0.
2015-06-23 23:01:59 +01:00
Meatballs 76c2198ef0
LAPS enum 2015-06-23 22:56:53 +01:00
jvazquez-r7 f216841d01
Update enum_vbox 2015-06-22 17:54:17 -05:00
Brent Cook e696d2f3dc Merge branch 'master' into land-5348-ntds 2015-06-22 17:18:13 -05:00
jvazquez-r7 c20d2a1dd9
Update post/multi/gather/env
* Use cmd_exec
2015-06-22 16:20:46 -05:00
jvazquez-r7 a309d99da9
Fix enum_osx
* Use cmd_exec
2015-06-22 16:09:30 -05:00
jvazquez-r7 4475b7ec8e
Update enum_keychain
* Use cmd_exec
2015-06-22 14:30:46 -05:00