Commit Graph

2982 Commits (3fdd3d36516549eb498662c64ca31d38a46ee239)

Author SHA1 Message Date
Vincent Yiu 2e03c3511e Add enum_trusted_locations.rb
Quickly enumerates trusted locations for file planting :)
2016-06-12 10:59:57 +01:00
Crypt0-M3lon 233186c833 Check presence in local admin group
As the "is_admin?" function only checks if the current session effectively has admin rights, I offer to add a check to know if the current user is in the local admin group using the "is_in_admin_group?" function. This information is better suited to check if admin rights are obtainable using the "bypassuac" module.
2016-06-09 17:47:09 +02:00
Crypt0-M3lon eaaa9177d5 Fix "username" key to add login in creds database 2016-06-08 10:38:38 +02:00
William Vu ca76e8f290 Update allwinner_backdoor report_vuln hash 2016-05-24 00:57:37 -05:00
Brent Cook 928a706135
Land #6890, Allwinner CPU kernel module local privilege escalation 2016-05-23 22:00:52 -05:00
Brent Cook 2f8562fba4 added documentation and minor style tweaks 2016-05-23 21:59:44 -05:00
h00die 4242bbdf55 change report_note to report_vuln per note 2016-05-23 17:36:50 -04:00
h00die c621f689b2 more descriptive note per @sempervictus 2016-05-18 19:08:01 -04:00
h00die 815a2600a8 additional description 2016-05-17 22:07:33 -04:00
h00die 640e0b9ff7 working ready for pr 2016-05-17 21:58:32 -04:00
Brent Cook 2e3e4f0069
Land #6296, Added a multi-platform post module to generate TCP & UDP egress traffic 2016-05-14 00:03:00 -05:00
Brent Cook 3542d907f7 simplify description, move the bulk of documentation to documentation/ 2016-05-14 00:01:51 -05:00
h00die 314d73546c additional details, not working on tablet via malicious apk meterpreter 2016-05-13 23:12:44 -04:00
h00die 5099124f3d module compiles, fails correctly but cant yet verify it works 2016-05-12 22:18:43 -04:00
Brent Cook a69432abe5 update module class and move to recon from manage 2016-05-12 12:42:04 -05:00
Brent Cook 9f923cdb00 Merge branch 'master' into land-6296-egress 2016-05-12 12:36:47 -05:00
Brent Cook 57a3a2871b remove various session manipulation hacks since session.platform should always contain an os identifier 2016-05-08 22:39:41 -05:00
wchen-r7 2f66442f1d Fix #5191, bad LHOST format causes shell_to_meterpreter to backtrace
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.

Fix #5191
2016-04-28 23:03:54 -05:00
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
wchen-r7 da9f156913 Print IP in print_* 2016-04-22 16:03:31 -05:00
wchen-r7 3aa02891e9
Bring #6801 up to date with upstream-master 2016-04-22 14:04:26 -05:00
join-us 16ff74e293 syntax check / code reduce 2016-04-22 10:53:03 +08:00
Vincent Yiu ca4bcfe62a Update enum_emet.rb
Cleaned up a bit more
2016-04-22 00:41:10 +01:00
Vincent Yiu c81d0ade3f Update, implemented
Took @bcook-r7's advice
2016-04-22 00:37:03 +01:00
Vincent Yiu 30ac6b4a93 enum_emet
A module to enumerate all the EMET wildcard paths.
2016-04-22 00:20:25 +01:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Josh Hale 57467b94d9 Fix RegExp evaluation in is_routable? function 2016-04-20 10:22:46 -05:00
Adam Cammack 3da451795c
Fix potential case issue
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
Josh Hale 48556483b5 Fix a few comments 2016-04-17 19:16:52 -05:00
Josh Hale 32590c89b7 Add interface name to routing status message 2016-04-17 14:15:50 -05:00
Josh Hale fb7194c125 Work on autoroute.md 2016-04-17 00:04:42 -05:00
Josh Hale a5e48b6112 Add default option and clean up comments 2016-04-16 19:50:08 -05:00
Josh Hale 6550e0bc1b Finish up autoadd_interface_routes 2016-04-16 18:42:41 -05:00
Josh Hale b3d199c055 Add get_subnet_octet and test 2016-04-16 14:57:39 -05:00
Josh Hale b1064af082 Initial get_subnet testing 2016-04-16 13:50:15 -05:00
Josh Hale 018e7807fe Identify routable networks 2016-04-15 22:21:54 -05:00
Josh Hale e8863ba09d Initial autoadd_interface_routes work 2016-04-15 22:13:17 -05:00
Josh Hale 5f5c330f2b Initial Testing of Interface Info Gather 2016-04-14 21:59:48 -05:00
Josh Hale c39410a070 Fix autoadd problem 2016-04-13 23:31:27 -05:00
CSendner 2319629dd8 Update comments 2016-04-13 05:03:11 +02:00
Christoph Sendner 4970047198 ./modules/post/linux/dos/xen_420_dos.rb 2016-04-13 03:31:02 +02:00
wchen-r7 cba7353e1d Fix another typo? 2016-04-07 17:12:11 -05:00
wchen-r7 ff9d94218d Fix a typo? 2016-04-07 17:11:42 -05:00
wchen-r7 a3c390ee9d Change class name to MetasploitModule 2016-04-07 17:11:08 -05:00
wchen-r7 f09637a1c7
Bring #6377 up to date with upstream-master 2016-04-07 17:06:49 -05:00
wchen-r7 0d3eb4f055 Change class name to MetasploitModule 2016-04-07 12:15:32 -05:00
wchen-r7 0f56dbd858
Bring #6378 up to date with upstream-master 2016-04-07 12:10:55 -05:00
wchen-r7 ac051bda7f Add check is_routable?, and change netmask if needed 2016-04-06 15:28:54 -05:00
wchen-r7 d240e0b3a2
Bring #6515 up to date with upstream-master 2016-04-06 11:27:32 -05:00
wchen-r7 4074634a13
Land #6713, Add post exploit module for HeidiSQL's stored passwords 2016-03-30 12:10:30 -05:00
wchen-r7 0c6b4d81c8 More proper exception handling 2016-03-30 12:09:40 -05:00
wchen-r7 aaa1515ba0 Print rhost:rport 2016-03-30 11:56:09 -05:00
Meatballs 397d5580be
Use MetasploitModule convention 2016-03-30 15:44:37 +01:00
Meatballs f8628e3438
Merge remote-tracking branch 'upstream/master' into wdigest_enable 2016-03-30 15:44:21 +01:00
Meatballs 9e45f0c104
Minor tidies 2016-03-30 15:29:03 +01:00
Hans-Martin Münch (h0ng10) 976932ed43 Initial commit 2016-03-26 12:00:25 +01:00
James Lee d54bbdf9a3
Land #6566, filezilla xml file locations 2016-03-17 16:27:24 -05:00
James Lee 115a033036
Fix parsing the Last Server xml 2016-03-17 16:27:02 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Tim f83cb4ee32 fix set_wallpaper 2016-03-16 13:07:41 +00:00
Brent Cook cd84ac37d6
Land #6569, check if USERNAME env var exists before using in enum_chrome post module 2016-03-13 15:12:51 -05:00
Brent Cook c89e53d0a3
Land #6666, fix filezilla_server display bug showing the session ID 2016-03-13 13:56:44 -05:00
wchen-r7 51cdb57d42 Fix #6569, Add a check for USERNAME env var in enum_chrome post mod
Fix #6569

Depending on the context, the USERNAME environment variable might
not always be there.
2016-03-11 15:36:44 -06:00
James Lee 8217d55e25
Fix display issue when SESSION is -1 2016-03-11 11:37:22 -06:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names"
This reverts commit 3da9535e22.
2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook a1190f4344
Land #6598, add post module for setting wallpaper 2016-03-06 15:00:10 -06:00
Brent Cook 86845222ef add meterpreter platform workaround 2016-03-06 14:51:34 -06:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Meatballs c7f9fbcdfa Change to enable/disable 2016-03-06 04:31:24 +00:00
Meatballs 6b510005da Reverse os checks 2016-03-06 04:31:23 +00:00
Meatballs 0e52fda708 Initial tidy 2016-03-06 04:31:23 +00:00
Brent Cook d955c6a8f6 style fixes 2016-02-29 14:06:49 -06:00
Brent Cook 89b0c8a27a
Land #6571, use intent to unlock Android screens, support <= 4.3 2016-02-26 05:55:35 -06:00
wchen-r7 f3cf5a8a41 Resolve merge conflict with upstream-master
Out of date author field
2016-02-25 14:49:53 -06:00
Tim 27af59ea7c minor tweaks 2016-02-20 08:35:56 +00:00
William Vu 8a15c36770
Land #6563, VNC creds scraper uninstall location 2016-02-19 15:01:23 -06:00
William Vu bfd204ac50 Fix some cosmetic issues 2016-02-19 15:00:56 -06:00
Louis Sato 873250dbec
Land #6557, bug fix priv_migrate user migration 2016-02-19 12:03:30 -06:00
Brent Cook b58166a9a8 add android platform to the hash 2016-02-18 20:13:39 -06:00
Tim 5c92076a1e more cleanup 2016-02-14 09:15:25 +00:00
nk bc74ceb8c5 Handle errors when parsing interfaces.xml, add check for several locations 2016-02-11 15:56:58 +01:00
Tim e738b5922d fix play_youtube to work on Android 2016-02-11 07:16:40 +00:00
Tim 9791e66683 fix remove_lock to work with 4.3 devices 2016-02-11 07:10:05 +00:00
Nicolas Devillers 8118198628 Add vprint of the exception message 2016-02-10 22:47:51 +01:00
nk 1637891ece Add check for the uninstall location in vnc post module 2016-02-10 20:30:41 +01:00
Josh Hale 62dd82e653 Make fix easier to read 2016-02-10 11:24:45 -06:00
Tim a93f200851
cosmetic fixes 2016-02-10 07:51:13 +00:00
Josh Hale 4653c27167 Fix minor grammar error in description 2016-02-09 21:24:40 -06:00
Josh Hale 08a41b0a31 Fix issue when target PID not owned by session 2016-02-09 21:22:50 -06:00
Tim d544bf9311 android set wallpaper 2016-02-01 01:16:17 +00:00
Tim 96ab598835 set wallpaper 2016-02-01 01:01:24 +00:00
Josh Hale 3d4b7af6bb Update description 2016-01-30 14:35:03 -06:00
Josh Hale 413ea53984 Add found flag and touchup code 2016-01-30 14:31:45 -06:00
Josh Hale 3abb6feb3f Add autoadd feature to autoroute.rb 2016-01-29 21:34:22 -06:00
wchen-r7 6fb27a3da9 Undo path and move the out of bound check 2016-01-28 23:49:50 -06:00
wchen-r7 d515e4db64 Unwanted comment 2016-01-21 00:55:08 -06:00
wchen-r7 bda76c7340 Update lastpass_creds module 2016-01-21 00:53:16 -06:00
Martin Vigo 348ae586a7 Handle vault parsing exceptions 2016-01-15 14:54:59 -08:00
wchen-r7 315d079ae8
Land #6402, Add Post Module for Windows Priv Based Meterpreter Migration
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
wchen-r7 6deb57dca3 Deprecate post/windows/manage/smart_migrate and other things
This includes:

* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
Meatballs 7128c408c8
Land #6375, Active Directory Managed Groups Enumeration 2016-01-12 11:21:31 +00:00
Meatballs 4ba2d56f49
Just search on DN for samaccountname 2016-01-12 11:20:20 +00:00
Martin Vigo 3bee2fff70 Use native method dir 2016-01-08 16:06:24 -08:00
David Maloney 5e6620f2cf
add yard doc and lexical sorting
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
David Maloney 536378e023
move datastore kill check to kill method
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
David Maloney 9716b97e1c
split up the migration efforts
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney ad50f9a047
move default targets to constants
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Martin Vigo 8c6bdd532b Use ? for SQL queries 2016-01-07 22:50:23 -08:00
Martin Vigo b46095f3d6 Remove custom method checking file exists 2016-01-07 22:21:10 -08:00
Martin Vigo e7701b6d5f Fix incoherent method to always return a list 2016-01-07 22:17:04 -08:00
Josh 4e99c873c8 Fix issue when target_pid == current_pid 2016-01-06 19:58:07 -06:00
Josh 60c506d7fb Replace error handling methods 2016-01-06 18:53:54 -06:00
Vincent Yiu 30a866a85b Update enable_rdp.rb
Fixed some typos.
2016-01-04 09:52:57 +00:00
Kyle Gray 47f9880690
Land #6395, grammar fixes for recovery_files.rb
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
William Vu cf0e982e83
Land #6386, VNC creds module fix 2015-12-28 02:32:26 -06:00
William Vu 6b9c74eec7 Prefer gsub and nix the return 2015-12-28 02:31:47 -06:00
Josh 0de69a9d40 Add post Windows privilege based migrate 2015-12-27 19:26:21 -06:00
Jon Hart f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
karllll 431c6001a8 Fix recovery_files.rb Description grammar errors 2015-12-24 10:10:39 -05:00
Stuart Morgan d6dacd1580 Fixed bug when generating native traffic with one thread 2015-12-23 15:28:33 +00:00
Stuart Morgan 391145a4af Checking if group_filter is empty 2015-12-23 15:14:37 +00:00
g0tmi1k 2f71730484 Gather VNC null byte fix + formatting 2015-12-22 17:30:37 +00:00
Rory McNamara 45b9230efb Redirect python stderr to stdout, darwin python platform 2015-12-22 11:32:31 +00:00
Tim be9197fc97 quick fix for issues #6359 2015-12-22 03:26:31 +00:00
Tim f9d74143c3 fix typo 2015-12-22 03:25:34 +00:00
Stuart Morgan f950633d32 renamed 2015-12-21 18:16:06 +00:00
Stuart Morgan e09c2944cf Renamed module to be more descriptive 2015-12-21 18:15:39 +00:00
Stuart Morgan 4c27f381dc rubocop & msftidy 2015-12-21 18:15:19 +00:00
Stuart Morgan 8438774077 Bug 2015-12-21 18:13:58 +00:00
Stuart Morgan 0b6969afbc Rubocop. This encoding mess was the only way I could find to deal with a number of parsing errors when testing this against a multilingual domain. 2015-12-21 17:30:32 +00:00
Stuart Morgan 30e283b0ae fixup 2015-12-21 17:28:36 +00:00
Stuart Morgan 751a0708bf rubocop 2015-12-21 13:32:29 +00:00
Stuart Morgan 0c8aa0bd5c msftidy - fixed module name 2015-12-21 13:32:11 +00:00
Stuart Morgan 0081c79f39 Added comments 2015-12-21 13:31:26 +00:00
Stuart Morgan 03b904cc4e Initial version 2015-12-21 13:29:47 +00:00
Stuart Morgan 16cf3c6207 Further messing about with unicode conversions 2015-12-21 13:28:27 +00:00
Stuart Morgan e8c8c54cb0 Use a regex with a negative lookbehind to cope with CNs that contain commas 2015-12-21 11:44:37 +00:00
Stuart Morgan d8b3b15da6 Trying to fix encoding errors 2015-12-21 11:43:12 +00:00
Stuart Morgan 76f99cbc7f Fixing UTF-8 encoding errors with some strangely named groups 2015-12-21 11:11:01 +00:00
Stuart Morgan b0fca769d7 capitalisation 2015-12-21 10:39:30 +00:00
Stuart Morgan 4ed32ad3e8 Add manager user attribute 2015-12-20 22:51:37 +00:00
Stuart Morgan 9493b333df rubocop 2015-12-20 21:22:03 +00:00
Stuart Morgan c394caad27 actually made the securitygroups only option do something 2015-12-20 21:19:24 +00:00
Stuart Morgan 07caaf352b made comment match purpose 2015-12-20 21:18:21 +00:00
Stuart Morgan c0a93433af msftidy 2015-12-20 21:16:42 +00:00
Stuart Morgan 89728fd8fe Working version 2015-12-20 21:16:17 +00:00
Stuart Morgan ae09549057 New module, strating with managedby_groups 2015-12-20 20:17:06 +00:00
Stuart Morgan 28e563659f Added managedBy to group acquisition 2015-12-20 20:16:18 +00:00
Stuart Morgan d79fd9a9f3 Renamed the comments attribute to comment 2015-12-20 19:53:36 +00:00
Stuart Morgan 924017e606 Moved trust enumeration to separate PR 2015-12-20 19:46:20 +00:00
Stuart Morgan 43f8a35b12 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_filter_to_ad_tools 2015-12-20 19:43:04 +00:00
Martin Vigo 2ddac42be7 Perform Rubocop cleanup 2015-12-19 23:33:32 -08:00
Martin Vigo 2fc940cc3e Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 22:19:20 -08:00
Martin Vigo ab630166bb Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 21:40:30 -08:00
Stuart Morgan 3a89d3cc70 Turns out that we dont need the report or accounts includes in there, so removing them for tidyness 2015-12-20 02:37:25 +00:00
Stuart Morgan c11c0ca7e0 Added comment about the UTF-8 encoding. This is an issue which is documented at https://github.com/rails/rails/issues/1965; namely that SQLite seems to treat ASCII text as a blob meaning that the text searches break. Encoding to UTF-8 seems to fix this. 2015-12-20 02:35:19 +00:00
Stuart Morgan 2301658611 Working 2015-12-20 02:20:59 +00:00
Stuart Morgan 7ce24969bb rubocop fixes 2015-12-20 02:02:44 +00:00
Stuart Morgan d5436c6fae msftidy is now silent 2015-12-20 02:01:11 +00:00
Stuart Morgan b8274cca01 Tested 2015-12-20 01:59:31 +00:00
Stuart Morgan b0eba24c5f Fixed verbosity bug and tidied up 2015-12-20 01:55:44 +00:00
Stuart Morgan 86294a869e No longer need the sAMAccountType lookup table 2015-12-20 01:45:10 +00:00
Stuart Morgan cdf430e689 Fixed bug relating to forgetting to add columns to the schema 2015-12-20 01:44:26 +00:00
Stuart Morgan 14f71eabdb Completing processing the sAMAccountType value 2015-12-20 01:42:25 +00:00
Stuart Morgan 5f5a297324 Adding u_, g_ and c_ parameters to the tables directly avoids most of the views 2015-12-20 01:30:24 +00:00
Stuart Morgan bb25c7606c Restructuring to add SAM_ (userAccountControl) variables as fields directly 2015-12-20 01:28:25 +00:00
Stuart Morgan 872aeccbb6 Significant simplified the hex-to-SID parsing code because we only want the RID out of it 2015-12-19 02:02:40 +00:00
Stuart Morgan 07e5f03aba Fixed 2015-12-19 01:58:29 +00:00
Stuart Morgan c7f8450775 Appears to work correctly 2015-12-19 01:11:20 +00:00
Stuart Morgan 36392ac0cd All works 2015-12-19 00:48:41 +00:00
Stuart Morgan 82c3ec5f4b Added views for users and groups table 2015-12-19 00:26:31 +00:00
Stuart Morgan ba9845818e Appears to work for the computers table (tables and view) 2015-12-18 23:22:22 +00:00
Stuart Morgan cf8f0e2483 Added userAccountControl to the computer table. Note that computer and user LDAP entries are more or less the same (user is the parent for computer), but it makes sense just for sanity and ease of use to keep them separate. 2015-12-18 22:22:56 +00:00
Stuart Morgan eade245a9e Added groupType attribute interpretation 2015-12-18 22:06:20 +00:00
Stuart Morgan e716cd79e3 Needed to use .zero? in the ? : if shorthand for the UAC variables 2015-12-18 21:55:55 +00:00
Stuart Morgan 838f74ff74 Added table creation for userAccoutControl 2015-12-18 21:45:07 +00:00
William Vu 6afcc13774 Requote file path 2015-12-18 15:41:38 -06:00
Stuart Morgan a065fc803c fixed spacing 2015-12-18 21:38:54 +00:00
Stuart Morgan 8821caa199 Added UserAccountControl constants 2015-12-18 21:37:31 +00:00
William Vu 06a2bb53bd Clean up module 2015-12-18 15:29:15 -06:00
Stuart Morgan 6d6306f6e7 Added sAMAccountType constants from MSDN 2015-12-18 21:14:39 +00:00
Stuart Morgan 5b07a35cef Added LDAP filter to identify groups of interest 2015-12-18 14:10:00 +00:00
Stuart Morgan 662010fce7 Added thread capability 2015-12-18 14:06:50 +00:00
Stuart Morgan 0a75fa333c msftidy 2015-12-18 12:14:22 +00:00
Stuart Morgan 91c8c2b9dd Trying to fix threads 2015-12-18 12:14:08 +00:00
Stuart Morgan 6f50635ab2 Strange bug with memberOf param and trying to fix up threads 2015-12-18 11:49:17 +00:00
Stuart Morgan 39bc23629a Getting ready to add thread support 2015-12-18 10:56:41 +00:00
Stuart Morgan 3c8ac89ba8 Added options to dump user membership and group membership to screen 2015-12-18 10:29:53 +00:00
Stuart Morgan 8f95ad315e Added extra user fields to database schema 2015-12-18 10:02:18 +00:00
Stuart Morgan fc45d70d25 Added extra user fields 2015-12-18 09:59:21 +00:00
Stuart Morgan b186aaa08d Added extra computer fields 2015-12-18 09:55:13 +00:00
Stuart Morgan f8b402165c Added extra computer fields 2015-12-18 09:51:04 +00:00
Stuart Morgan 805ba1d7dd Enumerate computers 2015-12-18 08:28:40 +00:00
Stuart Morgan 98c6b56494 Added computer recon 2015-12-18 08:14:30 +00:00
Martin Vigo ccb13a2ca6 Add full IE support and bug fixes 2015-12-17 20:29:50 -08:00