Commit Graph

40703 Commits (3e1cd0c78943382a47abff01f52d7661647d3536)

Author SHA1 Message Date
Tim 3afa20a1af
fix double \n in printf 2016-12-13 17:02:23 +08:00
Tim fe9972cc25
fork early and use WfsDelay 2016-12-13 17:02:23 +08:00
Tim 891fccb4e2
add pattern for GT-S7392 2016-12-13 17:02:23 +08:00
Tim 07ce7f3aed
fix make run 2016-12-13 17:02:23 +08:00
Tim 7b7deb0588
better library cleanup 2016-12-13 17:02:23 +08:00
Tim 96b01effa7
cleanup library after use 2016-12-13 17:02:23 +08:00
Tim 9ece45a180
dont exit(0) when exploit fails 2016-12-13 17:02:23 +08:00
Tim 909773120c
typos 2016-12-13 17:02:23 +08:00
Tim ebf7ae0739
add CVE-2013-6282, put_user/get_user exploit for Android 2016-12-13 17:02:23 +08:00
h00die b5beb2eb93 throw errors 2016-12-12 21:48:08 -05:00
William Vu ad7b3dac2d Account for negative indices 2016-12-12 14:24:24 -06:00
William Vu 4ad42784d3 Update spec 2016-12-12 14:24:24 -06:00
William Vu b9e9d97479 Add -O (order_by) to services (cmd_services) 2016-12-12 14:24:24 -06:00
Brent Cook 082a8949e4
Land #7694, Initial stageless mettle payloads 2016-12-12 13:01:31 -06:00
Jon Hart 7aa743b205
Land #7682, @godinezj's improvements to #7604 2016-12-12 10:54:15 -08:00
Jon Hart 446cb02ebc
Document IAM_PASSWORD option 2016-12-12 10:43:27 -08:00
p3nt4 deec6eccdf Update hashcarve.rb 2016-12-12 17:09:04 +11:00
p3nt4 3e80ee1d6a Better Error Handling 2016-12-12 17:07:47 +11:00
OJ 505cc19662
Update reverse_tcp to show TCP listener information
Also update the readable text to only output the listener information if
it differs from the payload information.
2016-12-12 15:56:26 +10:00
William Vu cfca18906f
Land #7702, persistence script platform fix 2016-12-11 19:35:43 -06:00
OJ 462e91ed22
Fix persistence script to work with new platform changes 2016-12-12 11:20:23 +10:00
h00die 2dca7c871b applying #7582 to all ftp aux traversals 2016-12-10 16:05:09 -05:00
OJ 609c8da772
Re-add wifi support, start work on kerberos stuff 2016-12-10 11:20:16 +10:00
Adam Cammack ccba73b324
Add stageless mettle for Linux/zarch 2016-12-09 18:30:52 -06:00
Adam Cammack 24cf756f5b
Add stageless mettle for Linux/x86 2016-12-09 18:29:34 -06:00
Adam Cammack 62a9a31222
Add stageless mettle for Linux/x64 2016-12-09 18:28:29 -06:00
Adam Cammack 7d36d41b20
Add stageless mettle for Linux/ppc64le 2016-12-09 18:27:22 -06:00
Adam Cammack ee7d5fc0c9
Add stageless mettle for Linux/ppc 2016-12-09 18:25:57 -06:00
Adam Cammack 4570a7198c
Add stageless mettle for Linux/mipsle 2016-12-09 18:24:12 -06:00
Adam Cammack 25b069f6b4
Add stageless mettle for Linux/mipsbe 2016-12-09 18:23:03 -06:00
Adam Cammack 7aec68c1fe
Add stageless mettle for Linux/mips64 2016-12-09 18:21:52 -06:00
Adam Cammack 7a654ca76c
Add stageless mettle for Linux/armle 2016-12-09 18:19:58 -06:00
Adam Cammack b74482aa6e
Add stageless mettle for Linux/armbe 2016-12-09 18:18:22 -06:00
Adam Cammack 12b296ab1a
Add stageless mettle for Linux/aarch64 2016-12-09 18:05:34 -06:00
William Vu f0dca7abbf
Land #7692, print_error for error_sql_injection 2016-12-09 17:09:52 -06:00
William Vu 2b0bce6459
Land #7690, drupal_views_user_enum user count fix 2016-12-09 16:55:01 -06:00
William Vu 4e235be484 Ensure a trailing slash for base_uri
Technically, the GET parameters should be in vars_get, but we don't want
to refactor the entire module right now.
2016-12-09 16:53:58 -06:00
Jin Qian 8780c325a7 Fixed issues #7691, silent exit.
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
2016-12-09 16:20:44 -06:00
dmohanty-r7 77dd952370
Land #7592, check nil return value when using redis_command 2016-12-09 16:07:12 -06:00
Jin Qian 17c12a78f5 Fixed issue #7689, count of found users not accurate
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
2016-12-09 15:19:43 -06:00
Metasploit 12af07d8cb
Bump version of framework to 4.13.7 2016-12-09 10:03:22 -08:00
David Maloney a267101413
Land #7670, bwatter's fix for prompt newline
land's brendan's fix for console output getting truncated
2016-12-09 10:44:46 -06:00
Brent Cook 50f95f9940
Land #7681, Get ready for stageless mettle 2016-12-09 09:31:47 -06:00
Brent Cook 6dcdf74850 bump mettle gem 2016-12-09 09:27:56 -06:00
p3nt4 7b4dce5e7e One left! 2016-12-09 16:27:40 +11:00
p3nt4 74c48f5fa4 I'll get there! 2016-12-09 16:24:49 +11:00
p3nt4 c898e768f6 Struggling with tidyness 2016-12-09 16:00:32 +11:00
p3nt4 586b2d92e2 Corrected status prints 2016-12-09 15:45:30 +11:00
p3nt4 fb360e69c0 Initial Commit
This module "carves" a hash in the registries to set it as a user password.

The benefits are:
1/ It doesn't change the password last change field
2/ You can set a hash directly, so you can change  a user's password and revert it without cracking its hash.

I have tested it in Windows 7, and 8.1. Should work on every version though.

Usage:
 run post/windows/manage/hashcarve user=test pass=<password>
 run post/windows/manage/hashcarve user=test pass=<nthash>
 run post/windows/manage/hashcarve user=test pass=<lmhash:nthash>

This work is based on the hashdump implementation.
2016-12-09 15:41:01 +11:00
Javier Godinez e9ce622db7 Updated README 2016-12-08 16:39:28 -08:00