63708f2bba
Add module_fullname: fullname
2015-06-02 12:27:35 -05:00
28556ea6e2
Update spark_im to use the new cred API
2015-06-02 12:16:07 -05:00
aac2db826f
Remove comment about report_auth_info
...
This module isn't using report_auth_info, so this comment is no
longer needed.
2015-06-02 10:24:55 -05:00
7485cf776e
Remove unnecessary spaces
2015-06-02 14:18:36 +05:00
b4cfe93977
Add creds API
2015-06-02 14:16:16 +05:00
1ae9265fb9
Update tortoisesvn to use the new cred API
2015-06-02 00:52:43 -05:00
b98cc89f0c
Update filezilla_client_cred to use the new cred API
2015-06-02 00:22:17 -05:00
c3e15059a7
Update total_commander to use the new cred API
2015-06-01 21:17:58 -05:00
17c0af6380
Consistent column names
2015-05-29 11:08:24 +05:00
101f12b9d2
Remove base64 require
2015-05-29 10:38:06 +05:00
3ac5088a9a
Add decryption.final for proper padding
2015-05-29 10:33:55 +05:00
2756c7375e
Add datastore options
2015-05-28 10:58:36 +05:00
1ab49397a2
Decrypt encrypted passwords
2015-05-28 10:21:00 +05:00
79db696c15
fix EOL character
2015-05-18 15:46:55 -05:00
e1eed6e9d9
single quotes and slashes..
2015-05-18 16:33:57 +02:00
7d65095472
fix quotes
2015-05-18 12:20:42 +02:00
30f7c651c9
use REGISTRY_VIEW_32_BIT
2015-05-18 10:19:32 +02:00
fd1a24d6f9
some more minor cleanup noise
...
apparently we standardized on using get_env
instead of expand_path in these cases. Not sure
on the effective difference here but no big deal
MSP-12358
2015-05-15 13:33:48 -05:00
631dfc0a0e
increase timeout on ntdsutil
...
default timeout is 15 seconds. we'll give it 90
seconds for now. This may still be too short for
really really large domains, but too long of a timeout
can create other issues
MSP-12358
2015-05-15 11:19:35 -05:00
a3d91dff0b
clean up ntds.dit file when done
...
delete the ntds.dit file we copied when
we are done
MSP-12358
2015-05-15 11:13:19 -05:00
ac04b8d1e7
a little bit of cleanup
...
constantise some of the magic numbers in
the NTDS Account class
MSP-12358
2015-05-15 10:47:31 -05:00
2721be946a
also check Wow6432Node keys
2015-05-15 14:28:12 +02:00
724b7c6f16
save the ntlm hases as creds
...
the last step is now complete. the current and historical
hashes are all saved to the database for cracking and/or
replay
MSP-12358
2015-05-14 13:52:11 -05:00
452fc6b149
Merge branch 'feature/MSP-12357/meterp-ntds' into feature/MSP-12358/ntds-dump-module
2015-05-14 10:31:28 -05:00
0e666d5732
gaurd against arch mismatch
...
this will not work from an x86 proc
on an x64 machine, so guard against that.
MSP-12358
2015-05-13 15:28:11 -05:00
9308da7956
2003 code path working
...
using VSS directly on server 2003 and repairing
the database with esentutl is now working
MSP-12358
2015-05-13 12:25:44 -05:00
21004046c1
begin parsing of the database
...
clean up and begin aprsing the database
after we have copied it
MSP-12358
2015-05-11 14:48:12 -05:00
028f9dd43b
Tidy and rubocop
2015-05-09 10:48:07 +01:00
e9dc93f345
Use cmd_exec
2015-05-09 10:44:02 +01:00
8c3a97667a
use get_env instead of client.sys.config.getenv
2015-05-08 15:25:20 -04:00
b2ce2ddb05
determine the domain using env vars instead of parsing net.exe output
2015-05-08 14:17:49 -04:00
3c9c578a3d
ntdsutil method in place
...
ntdsutil method built out to make a copy
of ntds.dit on later version of Winbdows Server
MSP-12358
2015-05-04 15:35:36 -05:00
e0c64038a7
start new ddomain hashdump post module
...
module checks for all preconditions so far
including that Domain Services are running,
that we are Admin, that we have bypassed uac
and that it is a supported version of windows.
MSP-12358
2015-05-04 15:07:27 -05:00
eb8fdcc2f2
Typo
2015-04-29 10:45:49 +01:00
4072cbd4d3
Bitlocker -> BitLocker
2015-04-29 10:02:21 +01:00
7e5b03c44e
Tidyup and update for new ADSI format
2015-04-29 09:48:44 +01:00
0d81ad4db4
Remove max search
2015-04-29 09:40:53 +01:00
96a9313e7e
Initial commit
2015-04-29 09:40:53 +01:00
4ffffa59fe
Land #5184 , restore store_loot for ssh_creds gatherer
2015-04-24 13:55:06 -05:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
a3b0f2e424
Land #5175 , Update mcafee_vse_hashdump description
2015-04-20 21:49:24 -05:00
43e9244b4c
Fix #5134 , Put store_loot back
...
Fix #5134
store_loot was used at one point, but we ended up removing it.
Turns out store_loot is handy in some cases so we're brining it back.
2015-04-17 16:33:51 -05:00
e3ce4eb88e
Update mcafee_vse_hashdump.rb
2015-04-17 09:47:02 -04:00
3422501d91
Land #5174 , deprecated module cleanup
2015-04-16 17:43:28 -05:00
2b9fd93729
remove deprecated modules
2015-04-16 22:49:22 +02:00
cb2e8f4949
Update mcafee_vse_hashdump description
...
The description of this module has been added upon to include cracking details.
2015-04-16 16:09:43 -04:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
8c12361bda
remove fail_with defs
2015-04-16 21:49:31 +02:00
ba6548db75
be consistent about naming
2015-04-16 21:44:56 +02:00
b4b8ac0849
moar fail_with's
2015-04-16 21:26:37 +02:00
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
001253a8da
Clean up module some more
2015-04-15 22:02:04 -05:00
c6e8ffb7e3
Fix some "mistakes" following the style guide
2015-04-15 00:35:14 -03:00
9250869ace
Fix typo
2015-04-14 20:19:38 -03:00
6aad8b3a70
Changed the conditions if/elsif to case statements
2015-04-14 20:05:52 -03:00
7aceb9218e
Use bitwise OR to select both primary and backup DCs
...
SV_TYPE_DOMAIN_CTRL || SV_TYPE_DOMAIN_BAKCTRL returns
SV_TYPE_DOMAIN_CTRL rather than ORing the bits together.
2015-04-05 11:05:42 +01:00
6d5bcb93a8
Normalize the SecurityXploded Team credits
...
[See #5012 ]
2015-04-02 15:15:37 -05:00
63da27ece0
add missing HKLM root to regkey
...
the chevkm windows psot module had HKLM
missing from the front of one of it's reg key
paths. This was missed in Rails 3 due to the
error being swallowed unexpectedly. in rails 4
we actually see this cause a stack trace
MSP-12384
2015-03-31 14:17:18 -05:00
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
c430e5fab1
@m7x forgot to put a reference in
2015-03-29 02:13:31 +01:00
2ed9489f38
Delete load line
2015-03-28 20:31:35 +00:00
99f79e8533
Use incognito token stealing rather than process migration if we have
...
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
f83f4ae764
Move hashdump to gather
2015-03-28 20:31:35 +00:00
e2af15a0df
Refactor MSSQL Post
2015-03-28 20:31:35 +00:00
1558190a9d
Add module mssql_local_hashdump
2015-03-28 20:31:35 +00:00
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
fc6860672b
Fix merge conflict due to #5527
...
...my mistake
2015-03-21 01:57:13 +00:00
faa7ed2b68
shell_to_meterpreter - more options, more verbose
...
...less bugs!
2015-06-13 17:37:41 +01:00
2a525958bd
fixed typo
...
Does no one tested this script on x64 yet ?
2015-03-16 20:15:26 +01:00
4d3a1a2f71
fix all duplicated keys in modules
2015-03-14 13:10:42 +01:00
1d03b9a166
Maj debug output
2015-02-26 21:06:20 +01:00
a0ba078801
add debug output
2015-02-24 14:15:30 +01:00
be5a0ee9c2
Land #4777 , @todb-r7's release fixes
2015-02-17 13:45:00 -06:00
053de8e62c
Fix whitespace in author name
...
[See #4777 ]
2015-02-17 12:57:36 -06:00
214146beaa
Correct author attribution
2015-02-17 10:52:55 -06:00
ecefad946e
Spellingz
2015-02-17 14:39:34 +00:00
6559b43f1e
EOL Spaces argh
2015-02-16 15:46:45 +00:00
12f2828829
Allow additional fields
2015-02-16 15:24:28 +00:00
b77aed1c56
UPN is optional, should use sAMAccountName
2015-02-16 15:08:09 +00:00
3a894a29de
Dont use magic values and use the userPrincipalName as the
...
username
2015-02-16 15:02:01 +00:00
e42bbcbcbb
Enum_ad modules should retrive userPrincipalName as it may differ
...
to the sAMAccountName value.
2015-02-16 14:03:15 +00:00
d7fa06de06
Fix off-by-one whitespace
2015-02-12 13:12:13 -06:00
d89eda65fa
Moar fixes, thanks @wvu-r7
...
See #4755
2015-02-12 12:46:38 -06:00
e78d08e20d
Fix up titles, descriptions
2015-02-12 12:11:40 -06:00
02fe57e2a1
Bump out to April, 60ish days
2015-02-11 12:56:37 -06:00
fd11afff1a
Deprecate manage/pxexploit
...
modules/post/windows/manage/pxeexploit.rb
2015-02-11 12:39:10 -06:00
6294cbf4de
Fix manage/pxexploit datastore
2015-02-11 12:19:59 -06:00
133ae4cd04
Land #4679 , Windows Post Gather File from raw NTFS.
2015-02-08 18:50:50 +00:00
69e53a46cb
Final tidyups, description etc
2015-02-08 18:49:17 +00:00
9518090b8b
Ignore some error conditions
2015-02-08 18:46:48 +00:00
cc4fc1aefa
use GetFileAttributesW and CreateFileW
2015-02-08 17:36:49 +01:00
a5b2e99136
Correct punctuation on outlook, too.
2015-02-07 22:26:14 -06:00
1390c81420
Fix fail_with text
...
Fix fail_with text, when the target system is locked.
2015-02-07 21:20:24 +01:00
358ab2590e
Small tidyup
2015-02-07 11:35:47 +00:00
970c5d115a
spellcheck
2015-02-05 22:08:39 +01:00
5b2eb986c9
Land #4678 Add post module to phish credentials
2015-02-04 23:43:02 -06:00
9e030143e7
Fix slow search due to method name conflict
...
Changed "search_filter" in enum_ad_users module to "query_filter" to
avoid conflicting with "search_filter" in command_dispatcher/core.rb.
2015-02-02 16:36:20 -06:00
904a99965d
Sleep 1 added
...
Sleep 1 added to reduce network usage
2015-02-01 11:55:01 +01:00
03fcfc496a
add a test to check if the file exist
2015-01-31 06:00:02 +01:00
2cf9a17f25
variable name clarification (file, file_path, path)
2015-01-31 05:07:07 +01:00
5d4a8e2f90
using store_loot
2015-01-31 05:01:28 +01:00
d6fb445522
add begin...ensure block so that the CloseHandle call occurs
2015-01-31 04:46:02 +01:00
1205c0045f
using r['ErrorMessage']
2015-01-31 04:37:16 +01:00
f7d2e2a27a
twitter in comment
2015-01-31 04:36:07 +01:00
c831de35a2
Land #4392 , @Meatballs1's post module to enumerate AD users
2015-01-30 17:21:10 -06:00
25ac9c1ed9
Add post module to phish windows user credentials
2015-01-30 19:50:04 +01:00
68b735dbda
Add a NTFS parser and a post module to dump files
...
This commit add a draft of an NTFS Parser and a post module
to gather file using the raw NTFS device (\\.\C:)
bypassing restriction like already open file with lock
Can be used to retreive file like NTDS.DIT without volume shadow copy
2015-01-30 19:16:44 +01:00
39004d265b
Increase default buffer sizes to reduce railgun calls
2015-01-30 11:20:03 +00:00
d4707b8e07
Spellingz
2015-01-30 11:20:03 +00:00
9670608380
Reformat, remove unnecessary guard statement
2015-01-30 11:20:02 +00:00
0e976041b7
Small description fix
2015-01-30 11:20:02 +00:00
14f6ef13f4
Remove hardcoded domain
2015-01-30 11:20:02 +00:00
79a3a48348
Correct description
2015-01-30 11:20:02 +00:00
e492f56ac0
Error if no database
2015-01-30 11:20:02 +00:00
e6dbc15f40
Line length modification
2015-01-30 11:20:02 +00:00
044e3bd608
Golden Ticketz Post module
2015-01-30 11:20:02 +00:00
81fa509b50
Only clean up handles if process started
2015-01-27 21:11:12 +00:00
7d7139d769
Consistent-ize whitespace
2015-01-27 11:11:02 -06:00
d8200c65a8
Strip safely, avoid nil.strip errors
2015-01-27 11:06:55 -06:00
5b3d877b25
Land #4648 , for real
2015-01-27 11:00:22 -06:00
a88a631b66
Fix #strip
2015-01-27 10:58:24 -06:00
d2bf1a73ff
Don't need to require YAML anymore either
2015-01-27 10:40:57 -06:00
cafbd1af51
Prefer a regex over YAML parsing
...
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
3d0dc1a19d
Rubocop
2015-01-27 16:34:52 +00:00
215a590940
Refactor and fixes for post module
2015-01-27 16:14:59 +00:00
d53f4e1178
Fix bugs and make final changes
2015-01-26 23:29:10 -06:00
2bb9314b4b
Switch to unless conditional
2015-01-27 00:10:33 -05:00
1f9286da69
Undo logic reversage
2015-01-26 23:54:41 -05:00
a9e480e44a
Fixed tilde
2015-01-26 23:53:08 -05:00
eed9fbe024
Lose assignment in conditional
2015-01-26 23:48:08 -05:00
c496d2c987
Remove nil check
2015-01-26 23:43:31 -05:00
c29b7488b2
Fix double new line
2015-01-26 23:40:19 -05:00
d77f112e82
Minor Formatting
2015-01-26 23:31:36 -05:00
06485d8c89
Fix naming of things
2015-01-26 23:17:44 -05:00
685c4804e5
Add trailing return
2015-01-26 23:15:00 -05:00
6b6e47a237
Fix sessiontypes, again
2015-01-26 23:13:17 -05:00
747349a57a
Fix sessiontypes
2015-01-26 23:11:48 -05:00
ee7ecb349d
Fix description
2015-01-26 23:10:08 -05:00
106170eddc
Add multi to name
2015-01-26 23:08:43 -05:00
a3c7cf70f8
Make MSF Tidy more happy
2015-01-26 22:30:26 -05:00
d37b3cf0c3
Use next instead of return
2015-01-26 22:26:56 -05:00
f58dc2789f
Remove creds
2015-01-26 22:13:15 -05:00
a27c376ae7
Add service port and host
2015-01-26 22:06:07 -05:00
dd34b58e49
Add add loot
2015-01-26 22:01:38 -05:00
3889ed5784
Add cred login
2015-01-26 21:50:10 -05:00
eead063375
Add RubyGems API Post Gather Module
2015-01-26 20:53:39 -05:00
d7375e84ea
Move modules/post/windows/escalate/net_runtime_modify.rb
...
This module was scheduled to be removed on 01/08/2015.
Please use exploit/windows/local/service_permissions instead.
2015-01-26 00:29:43 -06:00
e7c21f3205
Land #4503 , @m7x's post module for extracting McAfee VSE hashes
2015-01-21 20:44:41 -08:00
9cc58a8d69
Lastly, rename the file so that it is specific to McAfee VSE
2015-01-21 20:44:34 -08:00
wchen-r7
root
Brent Cook
Donny Maasland (Fox-IT)
David Maloney
Meatballs
rwhitcroft
rwhitcroft
jvazquez-r7
karllll
William Vu
Christian Mehlmauer
Roberto Soares
Jon Cave
Tod Beardsley
root
g0tmi1k
Felix Wehnert
Sven Vetsch
Bazin Danil
BAZIN-HSC
wez3
scriptjunkie
Jonathan Claudius
Jon Hart