52f9daf8c5
Renamed prefetch_tool to enum_prefetch
2013-07-14 15:33:54 +03:00
6539b4e507
Working
2013-07-14 15:30:54 +03:00
b77ba64e88
Fixed WinXP registry timezone key
2013-07-14 13:53:18 +03:00
398d5070b2
Fixed WinXP registry timezone key
2013-07-14 06:18:25 +03:00
43740d7626
Minor edits
2013-07-14 04:55:57 +03:00
742615f3a1
Working
2013-07-14 04:50:13 +03:00
1f27a2b7bd
Working version
2013-07-14 04:32:20 +03:00
ae60abd05b
Minor changes
2013-07-13 20:19:01 +03:00
45d49cdfe5
Time conversion broken, otherwise works.
2013-07-13 20:03:08 +03:00
1f10d1ca05
Done. Needs final cleanup and rewrite.
2013-07-13 13:24:08 +03:00
84f30b2379
Works. Needs just FILETIME converter
2013-07-12 23:31:52 +03:00
ce8f3d2a62
Tested on XP and Win7. Works, needs just Filetime convert
2013-07-12 23:29:54 +03:00
5692cde57a
Initial transfer
2013-07-12 21:19:44 +03:00
6dec81cbdf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-06 10:38:19 -05:00
b2e7f61814
Fix path build on total_commander
2013-07-06 10:15:30 -05:00
df7209f28a
Land #2067 , @wchen-r7's fix for total_commander
2013-07-06 10:14:44 -05:00
39f0359fa4
Land #2061 , @wchen-r7's fix to make bitcoin_jacker use post mixins
2013-07-06 00:14:14 -05:00
ca4e11c112
Use check_other more
2013-07-05 12:38:38 -05:00
98f49758af
Don't need this line
2013-07-05 12:34:26 -05:00
d3000c0066
These funcs want 'filename'
2013-07-05 12:29:16 -05:00
353db0884d
Use expand_path from Msf::Post::File
2013-07-05 12:26:59 -05:00
18e5831ca8
Don't use begin/rescue to shut errors up and call it "file not found"
2013-07-05 12:22:05 -05:00
dc90904e50
Avoid misleading error
2013-07-05 12:12:30 -05:00
c859129339
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 12:06:05 -05:00
bcf6d11442
Land #2049 , @wchen-r7's had_pid? method work
2013-07-05 11:19:11 -05:00
6477c6995d
Merge branch 'enum_db_no_method' of https://github.com/wchen-r7/metasploit-framework
2013-07-05 09:35:34 -05:00
a7d110367a
Land #2064 , @wchen-r7's fix for access uninitialized variable on enum_services
2013-07-05 09:30:23 -05:00
b9dd3df05f
Land #2068 , @wchen-r7's fix to initialize variables on windows_autologin module
2013-07-05 09:09:17 -05:00
4ed6a4d8d1
Land #2062 , @wchen-r7's fix to avoid redundant check
2013-07-05 08:51:05 -05:00
1ad4482ce2
Land #2069 , @wchen-r7's patch to print info when using store_loot
2013-07-05 08:35:57 -05:00
c459b0e937
Land #2045 , @wchen-r7's fix for memory_grep module
2013-07-05 08:16:47 -05:00
2a32b59c88
Forgot to change var 'filename'
2013-07-05 01:37:35 -05:00
84050241f0
Fix target ID
2013-07-05 01:25:08 -05:00
1352731062
Make heap grep optional
2013-07-05 00:57:25 -05:00
a52d38f359
Land #2052 - Fix regex
2013-07-03 16:55:07 -05:00
ff49cc1c4f
[SeeRM:#8135] - Be able to show where store_loot saves a file
...
If you don't print where store_loot saves the file, it can be a
pain in the butt to find it sometimes.
2013-07-03 12:29:01 -05:00
70c472fb7e
[FixRM:#8134] - Handle registry_getvaldata return value properly
...
registry_getvaldata can return nil, can't always assume it's
gonna throw a string.
2013-07-03 12:23:14 -05:00
1064c050de
[FixRM:#8132] - Fix undefined method '+' in total_commander.rb
...
The return value of registry_getvaldata can return nil when a
RequestError occurs, so you can't always assume it's gonna throw
you a string.
2013-07-03 12:10:23 -05:00
27653b661f
[FixRM:#8131] & [FixRM:#8133] - Fix Base64 func usage
...
Instead of using Base64, these modules should use Rex.
2013-07-03 12:06:12 -05:00
c40a605495
[FixRM:#8129] - Fix undefined method error in enum_services.rb
...
srv_conf may not have the 'Startup' key because it's only assigned
in service_info() when srvstart is 4, therefore it's possible to
cause an undefined method 'downcase' error.
2013-07-03 11:44:28 -05:00
534858a23b
[FixRM:#8128] - Potential undefined method 'include' for nil
...
A lot of return values aren't checked, may result in undefined method X
bugs. The same type of issue is all over the place.
2013-07-03 11:40:24 -05:00
6198409e71
[FixRM:#8127] - Remove junk code that checks ARTIFACTS again
...
ARTIFACTS uses OptPath, which already checks the path. We don't need
to do this again.
2013-07-03 11:33:25 -05:00
944761a1dc
[FixRM:#8126] - Use functions from Msf::Post::File
...
Some functions already exist in Msf::Post::File, should use them.
2013-07-03 11:30:05 -05:00
864f4e9d37
post/local_admin_search_enum~Regex fails,module 2
...
If the regex fails then the entire moudle would too
2013-07-03 00:43:08 +01:00
a74f706bdb
These modules should check PID before using it
2013-07-02 14:48:04 -05:00
6815eef8f4
Fix multiple issues with memory_grep
...
This fixes the following:
[FixRM:#8118] - Allows the module to be able to enumerate from
multiple processes with the same name.
[FixRM:#8120] - Allows the module to be able to actually read data
from the heap.
2013-07-01 18:57:00 -05:00
1865e6c19d
Fix requrires for enable_support_account
2013-07-01 16:22:39 -05:00
be1a0d3cae
Land #2041 , title and description cleanup
2013-07-01 15:55:13 -05:00
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
1c6657ee86
Land #2034 , @wchen-r7's patch for memory_grep
2013-07-01 13:34:57 -05:00
43c4f07e06
Use "unless"
...
Guidelines favor "unless".
2013-06-30 18:32:15 -05:00
520a78e2c8
Add final cleanup for enable_support_account
2013-06-29 23:30:29 -05:00
df88ace6d1
Land #1989 , @salcho's post module for enable windows support account
2013-06-29 23:29:16 -05:00
8717a3b7d8
using post mixins, fixed checks, module renamed
2013-06-29 15:44:36 -05:00
00bf9070aa
using post mixins, fixed checks, module renamed
2013-06-29 15:41:36 -05:00
82eed1582f
No need for the 2nd element
2013-06-28 17:05:43 -05:00
a7ee95381b
Updates module description, and uses the proper func for hex dump
...
As an user, it's important to know that using this module may result
a lost session because it must migrate to grep memory, but does not
migrate back.
The module also has its own hex dump routine, which is no longer
needed because we have a built-in Rex::Text.to_hex_dump
2013-06-28 16:28:00 -05:00
f158e421fa
Add requires for pptp_tunnel
2013-06-28 10:07:52 -05:00
ecfe083b0e
Correct module naming style
...
I was just looking at these modules on the web gui, and these names
need to be fixed to maintain style consistency.
2013-06-25 00:26:53 -05:00
36c3460911
changed reference
2013-06-20 18:02:25 -05:00
c1994db2a7
shorter title, included msf::post mixins, added reference and overall readability
2013-06-20 17:42:38 -05:00
db935498ab
admin_me modified according to msftidy
2013-06-19 18:14:32 -05:00
8afbcd6931
added admin_me.rb as post->manage script
2013-06-19 17:54:13 -05:00
f91719bf80
Do final cleanup for pptp_tunnel
2013-06-19 14:21:48 -05:00
3e31d2c97a
Land #1820 , @bmerinofe post module for pptpd mitm
2013-06-19 14:19:50 -05:00
f478eb51cf
s/disable/disabled/
2013-06-16 21:27:45 +02:00
a9df55c27a
Add Windows 2012 to regex matching
2013-06-09 20:46:44 -04:00
8e83f0ee30
Add Windows 8 and 2012 to regex matching
2013-06-09 20:41:46 -04:00
e70221a993
Land #1903 - Add decryptioin for firefox_creds
2013-06-04 11:38:03 -05:00
cb31772302
Fix indent
2013-06-04 11:37:16 -05:00
423a33b1fc
Added firefox pw decryption support
2013-06-03 13:13:59 -04:00
ed5b8895bb
Fixes smart_migrate for a TypeError bug
...
Bug is: TypeError can't convert Rex::RuntimeError into String
[SeeRM: #7984 ]
2013-05-28 18:45:49 -05:00
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
eb46b09708
Timeout condition change
2013-05-14 00:35:42 +02:00
b8826396ee
Cosmetic changes
2013-05-12 23:03:28 +02:00
ba5d6fc259
Added post module to get a MITM through a pptp tunnel
2013-05-12 16:27:43 +02:00
55fc1458de
Simplify and clean up some
...
I'd really love to make this work on Linux as well, since it's really
just a file grabber/parser. Unfortunately, the Post API for enumerating
users and homedirs isn't great for cross-platform stuff like this.
A few small changes, all verified on Windows 7:
* Reuse the key storing code instead of copy-paste with minor changes
* Use binary mode when opening the stored prefs
* Don't bother checking for incognito since we're using `steal_token`
anyway
* Check for existence of directories instead of guessing based on OS
match
2013-05-10 16:58:35 -05:00
84ff72eb92
use file_exist? instead of fs.file.stat
2013-05-10 11:17:42 -04:00
25f7af43b4
use gsub instead of split/join
2013-05-10 11:12:56 -04:00
2f543d3080
extension and pref parsing
2013-05-09 13:23:28 -04:00
b0f5255de8
fix ssh_creds username
...
ssh_creds post module as not saving
the username in the cred objects
2013-05-05 16:31:28 -05:00
567d2bb14b
Land #1687 , @bmerinofe's forensic file recovery post module
2013-05-01 08:13:08 -05:00
a201391ee6
Clean recovery_files
2013-04-30 13:18:32 -05:00
dfff20a3fc
Landing #1692 - Handles OSQL banners and responses
...
[Close #1692 ]
2013-04-22 13:58:44 -05:00
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
830715dc07
Applying changes
2013-04-16 00:28:39 +02:00
a36c6d2434
Lands #1730 , adds a VERBOSE option checker
...
Also removes VERBOSE options from extant modules. There were only 5 of
them, and one was a commented option.
2013-04-15 15:32:56 -05:00
29101bad41
Removing VERBOSE offenders
2013-04-15 15:29:56 -05:00
65e5ed8950
Merge #1716 , version checker fix for UAC bypass
2013-04-09 09:00:30 -05:00
ba86e14d43
Whitespace and caps fixes
2013-04-09 08:57:53 -05:00
e2b8d5ed23
Fix from David Kennedy, enable Windows 8 support
2013-04-09 02:07:40 -05:00
a2d6f7bb17
Landing #1714 - Don't bomb out if there are no wireless interfaces
...
No redmine ticket reported.
2013-04-08 17:17:47 -05:00
f369584bbd
Timeout added
2013-04-08 23:32:07 +02:00
ad46b46684
Landing #1463 , Meatballs' cdecl fixes
2013-04-04 22:58:59 -05:00
cd4a410682
Forgot an end. Dangit.
2013-03-31 23:24:50 -05:00
ac858c81a5
Deal with other osql banners and responses
...
Not sure where those other banners come from, but keeping them as
positive responses regardless.
[FixRM #7862 ]
2013-03-31 23:20:05 -05:00
d08640726b
added post module forensics recovery files
2013-03-30 01:59:41 +01:00
353f02cdcc
move word_unc_injector to gather dir
2013-03-27 16:23:19 +01:00
ed23fe6502
Merge branch 'post-word_unc_injector.rb' of https://github.com/SphaZ/metasploit-framework into SphaZ-post-word_unc_injector.rb
2013-03-27 16:21:54 +01:00
ef11a584f4
work on word_unc_injector
2013-03-27 11:17:29 +01:00
dea48b459f
Merge branch 'download_exec_shell' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-download_exec_shell
2013-03-22 12:53:36 -05:00
d908050808
Merge epo_sql fix from neinwechter
...
Easy, sensible fix -- since report_auth_info uses full_user, print_good
should too.
[Closes #1629 ]
2013-03-22 11:22:24 -05:00
096ec9a5d7
Fix to print out correct/full username
2013-03-22 10:22:24 -04:00
f27333567f
use bash or sh according to availability
2013-03-21 17:26:56 +01:00
370f849e29
cleanup for download_exec
2013-03-21 09:24:02 +01:00
39b1ad8bd6
spacing cleanup
2013-03-21 00:21:10 -04:00
837d426ff0
removed an extra space
2013-03-21 00:18:35 -04:00
08029ca2e8
edited Description
2013-03-21 00:17:55 -04:00
edd85ccd69
added wget support
2013-03-21 00:09:22 -04:00
804e2cfa3a
small fixup of unused old vars
2013-03-20 21:31:28 +01:00
b275797ba2
Used msf file mixin where possible and more in memory handling
2013-03-20 21:25:07 +01:00
54f22ed06c
check if curl is on the path
2013-03-20 17:31:48 +01:00
9948d1ec12
change from vcmd_exec to a method in the module
2013-03-19 20:40:25 -04:00
07d78af421
Linux post module to download and run a command
2013-03-15 10:13:56 -04:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
92ee4300df
cleanup for reflective_dll_inject
2013-03-04 17:40:09 +01:00
582395412f
Merge branch 'post_ref_dll_inj' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_ref_dll_inj
2013-03-04 17:39:11 +01:00
3334257aa4
Merge branch 'bug/fix_screenspy' of github.com:kernelsmith/metasploit-framework into kernelsmith-bug/fix_screenspy
2013-02-26 13:54:47 -06:00
15d505f7a9
Msftidy
2013-02-22 22:09:19 +00:00
0ea7247a43
Initial commit
2013-02-22 22:05:29 +00:00
ff508fa222
msftidy
2013-02-14 21:51:50 +01:00
91f89f8c68
Rewrite of module after auxilliary. Also moved to post/windows
2013-02-14 21:41:19 +01:00
8a91f0d7ec
rescue ENOENT as well
2013-02-14 14:04:45 -06:00
a6fea39583
Change to wldap to allow cdecl
2013-02-08 21:01:22 +00:00
e3ee0d7913
Don't try to download '.' or '..' as files
2013-02-08 11:25:17 -06:00
3883b0d0da
added word_unc_injector post module
2013-02-01 07:51:30 +01:00
4d7daacfb4
I wanna know where it's stored
2013-01-31 11:55:11 -06:00
13da4181c5
Merge branch 'feature/rm7605-version-for-MSCACHE-v1-and-v2' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7605-version-for-MSCACHE-v1-and-v2
2013-01-31 11:51:55 -06:00
345c5f32cc
keep it from migrating more than once into explorer.exe
...
thanks for noticing egypt
we should add a migrate_explorer to the post api
2013-01-30 15:40:02 -06:00
1e1cbd7445
Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun
2013-01-30 21:01:31 +01:00
e1c037e523
Better error handling
2013-01-30 12:06:57 -06:00
f649cd53ad
removed commented out code (again)
...
thanks egypt
2013-01-30 11:31:10 -06:00
32a5a009d6
change loot type to image/jpg
...
thanks egypt
2013-01-30 11:28:47 -06:00
de544dc3d4
Handle multiple IPs
2013-01-30 11:25:43 -06:00
6659459de5
del Version ref and change platform windows -> win
...
per sinner's comments, thanks sinner.
2013-01-30 10:56:49 -06:00
80a0f0694d
add 'auto' & 'none' VIEW_CMD, fixed looting, ch defaults
2013-01-30 00:49:48 -06:00
c5ab059a1a
Really fix the :host key
2013-01-29 18:24:11 -06:00
8a9dba2ffe
Updates host info
2013-01-29 16:35:36 -06:00
77ea5a40f5
Do report_auth_info
2013-01-29 14:19:42 -06:00
da5436e565
Made changes as described in Redmine issue 7605
2013-01-28 23:29:50 -05:00
ca70041f32
Adds a post module that loots chap-secrets
2013-01-28 16:23:26 -06:00
fbbac2bd51
make module msftidy compliant
2013-01-24 21:37:04 +01:00
2419e55603
Merge branch 'feature/rm7581-sudo-improved-with-PASSWORD-option' of https://github.com/lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7581-sudo-improved-with-PASSWORD-option
2013-01-24 21:36:40 +01:00
3b65f31d95
post/multi/manage/sudo improved with the PASSWORD option
...
as described in Redmine Feature #7581
2013-01-23 15:23:40 -05:00
d354982345
Fix grammar on description for webcam
2013-01-23 14:00:34 -06:00
933f807745
Msftidy cleanup + handling return values better
2013-01-22 23:53:00 -06:00
dab2952d60
Merge branch 'picasa' of github.com:charles-n2netsec/metasploit-framework into charles-n2netsec-picasa
2013-01-22 22:54:45 -06:00
9671df4488
Picasa 2 credentials are now also saved as loot
...
This module used to save only Picasa 3 credentials as loot. Picasa
2 creds were displayed, but not saved. I've updated the module to
save Picasa 2 credentials, and I also updated the output code to
use print_good instead of print_status.
2013-01-22 15:46:47 -05:00
08062597b9
fix data added to table
2013-01-22 12:07:16 +01:00
dce4e7fc08
Merge branch 'filezilla_server_bugs' of https://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-filezilla_server_bugs
2013-01-22 12:06:44 +01:00
jiuweigui
jvazquez-r7
sinn3r
g0tmi1k
James Lee
William Vu
Tod Beardsley
salcho
root
Carlos Perez
xard4s
Borja Merino
Rob Fuller
David Maloney
Antoine
Tod Beardsley
HD Moore
sinn3r
Nathan Einwechter
Doug P
SphaZ
Joshua Abraham
Meatballs
kernelsmith
lmercer
Charles Smith