Commit Graph

705 Commits (52f56527d80b1435c85d832f559d967417c6d007)

Author SHA1 Message Date
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Adam Cammack 3da451795c
Fix potential case issue
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
Tim f83cb4ee32 fix set_wallpaper 2016-03-16 13:07:41 +00:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names"
This reverts commit 3da9535e22.
2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook a1190f4344
Land #6598, add post module for setting wallpaper 2016-03-06 15:00:10 -06:00
Brent Cook 86845222ef add meterpreter platform workaround 2016-03-06 14:51:34 -06:00
Brent Cook d955c6a8f6 style fixes 2016-02-29 14:06:49 -06:00
wchen-r7 f3cf5a8a41 Resolve merge conflict with upstream-master
Out of date author field
2016-02-25 14:49:53 -06:00
Tim 27af59ea7c minor tweaks 2016-02-20 08:35:56 +00:00
Brent Cook b58166a9a8 add android platform to the hash 2016-02-18 20:13:39 -06:00
Tim 5c92076a1e more cleanup 2016-02-14 09:15:25 +00:00
Tim e738b5922d fix play_youtube to work on Android 2016-02-11 07:16:40 +00:00
Tim a93f200851
cosmetic fixes 2016-02-10 07:51:13 +00:00
Tim d544bf9311 android set wallpaper 2016-02-01 01:16:17 +00:00
Tim 96ab598835 set wallpaper 2016-02-01 01:01:24 +00:00
wchen-r7 6fb27a3da9 Undo path and move the out of bound check 2016-01-28 23:49:50 -06:00
wchen-r7 d515e4db64 Unwanted comment 2016-01-21 00:55:08 -06:00
wchen-r7 bda76c7340 Update lastpass_creds module 2016-01-21 00:53:16 -06:00
Martin Vigo 348ae586a7 Handle vault parsing exceptions 2016-01-15 14:54:59 -08:00
Martin Vigo 3bee2fff70 Use native method dir 2016-01-08 16:06:24 -08:00
Martin Vigo 8c6bdd532b Use ? for SQL queries 2016-01-07 22:50:23 -08:00
Martin Vigo b46095f3d6 Remove custom method checking file exists 2016-01-07 22:21:10 -08:00
Martin Vigo e7701b6d5f Fix incoherent method to always return a list 2016-01-07 22:17:04 -08:00
Jon Hart f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
Stuart Morgan d6dacd1580 Fixed bug when generating native traffic with one thread 2015-12-23 15:28:33 +00:00
Rory McNamara 45b9230efb Redirect python stderr to stdout, darwin python platform 2015-12-22 11:32:31 +00:00
Tim be9197fc97 quick fix for issues #6359 2015-12-22 03:26:31 +00:00
Tim f9d74143c3 fix typo 2015-12-22 03:25:34 +00:00
Martin Vigo 2ddac42be7 Perform Rubocop cleanup 2015-12-19 23:33:32 -08:00
Martin Vigo 2fc940cc3e Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 22:19:20 -08:00
Martin Vigo ab630166bb Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 21:40:30 -08:00
Martin Vigo ccb13a2ca6 Add full IE support and bug fixes 2015-12-17 20:29:50 -08:00
William Vu b085989923
Land #6266, rsync creds scraper 2015-12-14 11:37:30 -06:00
William Vu db788d1b7c
Land #6238, CmdStager BOURNE_{PATH,FILE} options 2015-12-07 12:34:42 -06:00
Christian Mehlmauer fc9d818837
change youtube url 2015-12-04 10:15:56 +01:00
Martin Vigo b4ade1989a Add IE support for stored passwords 2015-12-04 00:13:42 -08:00
Stuart Morgan 78d391fa10 Rubocop 2015-12-02 14:54:30 +00:00
Stuart Morgan 99dceb33ac Added 'ALL' support (to do TCP and UDP in one go) 2015-12-02 14:50:16 +00:00
Rory McNamara 15dd18dc4b use single quotes, remove explicit nil 2015-12-02 09:36:07 +00:00
Jon Hart 366b92a79e
Store rsync creds as creds, not loot 2015-12-01 15:30:39 -08:00
Stuart Morgan b66be85ccb Rubocop 2015-12-01 22:32:04 +00:00
Stuart Morgan d5c0da5e19 Added 33434-33534 because this is the default udp range for traceroute (might be enabled by sysadmins to enbale traceroutes to work) 2015-12-01 22:31:12 +00:00
Stuart Morgan 74a07709b8 Use the Comm param instead of adding a route as suggested by @jlee-r7 and hdm 2015-12-01 21:42:27 +00:00
Stuart Morgan c744b14a8a Exclude python meterpreter, doesn't seem to work 2015-11-29 20:40:42 +00:00
Stuart Morgan 6a3172268e Fixed module metadata 2015-11-29 19:32:55 +00:00
Stuart Morgan 2bc5b98d6e Rubocop fixing alignment of ifs and ends 2015-11-29 19:17:49 +00:00
Stuart Morgan 8b4649e75c Working through rubocop issues 2015-11-29 19:11:10 +00:00
Stuart Morgan 9267afc18b Rubocop 2015-11-29 19:06:24 +00:00
Stuart Morgan 9a6f0d6734 Reducing complexity (rubocop) 2015-11-29 19:06:07 +00:00
Stuart Morgan b5909852a9 Rubocop 2015-11-29 19:02:33 +00:00
Stuart Morgan d4bb5537b2 Fixed stupid paste error 2015-11-29 19:02:15 +00:00
Stuart Morgan fd7a6465c6 Attemping to simplify code 2015-11-29 19:01:34 +00:00
Stuart Morgan 10f89239a5 rubocop 2015-11-29 18:59:40 +00:00
Stuart Morgan 6a567845e0 Tidy up error messages 2015-11-29 18:54:46 +00:00
Stuart Morgan 12dbe31bee Apparently adding .close causes it to hang 2015-11-29 18:49:51 +00:00
Stuart Morgan 41d963eeb1 Debugging 2015-11-29 18:34:26 +00:00
Stuart Morgan b6dfafaeb7 Stabilised code, still giving errors on threads>1 in native mode though 2015-11-29 18:14:19 +00:00
Stuart Morgan e18f8b5e21 Now works for both TCP and UDP
However, it gives 'interrupted by console user' as an error message for no reason (?timeouts?)
2015-11-29 17:53:04 +00:00
Stuart Morgan 98e0050e8c Fixed 'end' bugs (mismatched blocks) 2015-11-29 16:20:33 +00:00
Stuart Morgan af106737b9 Adding both native and winapi options, split out to functions & fix up 2015-11-29 16:17:07 +00:00
Stuart Morgan 5ffeaddf1e Added help 2015-11-26 14:01:40 +00:00
Stuart Morgan 1ce0386d01 Reusing port array generation code 2015-11-26 13:59:15 +00:00
Martin Vigo 9d747e67a3 Fix bugs in new Firefox creds storage 2015-11-25 21:28:07 -08:00
Jon Hart a692a5d36c
Remove Platform, this should work everywhere; correct grammar 2015-11-25 11:23:18 -08:00
Stuart Morgan 09d4bd8175 Added basic function definition for non-Win32API egress 2015-11-24 15:38:06 +00:00
Stuart Morgan 4ea732716a Added file 2015-11-24 15:37:44 +00:00
Jon Hart 718e928fe3
Control per-user config file 2015-11-23 11:11:03 -08:00
Jon Hart 93bb31dfa0
Make path to rsyncd configuration file configurable 2015-11-21 19:50:33 -08:00
Martin Vigo f34c7a8594 Support for new Firefox method to store credentials 2015-11-20 23:42:59 -08:00
Jon Hart aa962f30a9
Minor style/usability cleanup 2015-11-20 13:51:31 -08:00
Jon Hart a96102c20a
Minor cleanup 2015-11-20 13:19:38 -08:00
Jon Hart c75e3c8e84
Initial commit of a post module for looting rsync credentials 2015-11-20 12:57:33 -08:00
Rory McNamara 811167442c Re-disable debugging nodelete 2015-11-17 13:10:03 +00:00
PsychoMario 2b99969f9a quote paths to allow spaces 2015-11-15 00:14:30 +00:00
PsychoMario e3f25fd6e2 Add support for specifying path, file in bourne dropper 2015-11-14 18:31:11 +00:00
Jon Hart 38ca943219
Remove unneeded width arg 2015-11-13 11:49:50 -08:00
Jon Hart 4604f8cd83
Move cowsay to Rex::Text so that everyone can enjoy it ;) 2015-11-13 08:57:48 -08:00
Martin Vigo 211da2746e Support cookie auth key decryption 2015-11-11 16:26:07 -08:00
Jon Hart 15cfa925c8
Document the cloud mess 2015-11-11 12:06:53 -08:00
Jon Hart a328675f77
Add simulated cowsay support to wall 2015-11-11 11:54:46 -08:00
Jon Hart 8d21a91f3e
Add initial wall module 2015-11-11 09:15:32 -08:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
jvazquez-r7 20679ea6c6
Land #5720, @g0tmi1k's changes to firefox_creds post module 2015-11-05 15:36:08 -06:00
Martin Vigo b0f92b49a2 Print vault passwords 2015-11-01 21:47:00 -08:00
Martin Vigo e67065a7e9 Fix Firefox/Opera bugs 2015-10-26 22:40:47 -07:00
Martin Vigo da9420a915 Retrieve randkey from LastPass 2015-10-26 19:17:09 -07:00
jvazquez-r7 6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions 2015-10-02 15:26:42 -05:00
jvazquez-r7 8bfa5bcd09
Do some more minor code cleaning 2015-09-04 13:08:27 -05:00
jvazquez-r7 ac49c80367
Do minor code cleanup 2015-09-04 12:46:21 -05:00
jvazquez-r7 60d2856444
Use id instead of whoami 2015-09-04 12:02:21 -05:00
jvazquez-r7 4fa58efaa0
Allow to configure the DOWNLOAD_TIMEOUT 2015-09-04 11:54:22 -05:00
g0tmi1k eb43241425 Firefox_creds more stable/bug fixs (Linux/OSX) 2015-08-27 11:43:53 +01:00
HD Moore d264802ce0 Consistency and API conformance changes to LES 2015-08-21 12:38:58 -05:00
wchen-r7 4a91dfdcf5
Land #5873, report_note for local_exploit_suggester 2015-08-20 17:52:33 -05:00
Mo Sadek b20a283617 Added report_note to suggester 2015-08-20 13:57:16 -05:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
Brent Cook 9720e8e081 normalize osx to darwin so python meterp works 2015-08-15 19:49:55 -05:00
Brent Cook 422bba87d3 style fixes, moved google_geolocate to google/geolocate 2015-08-15 19:49:32 -05:00
Tod Beardsley 50041fad2a
Pre-Bloggery cleanup
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.

Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.

Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823, mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
Mo Sadek 7f0d992914 Fixed name typo 2015-08-11 11:51:52 -05:00
wchen-r7 34279776a6 Minor edit 2015-07-30 18:40:41 -05:00
wchen-r7 fc4fdba482 Merge branch 'suggestor' of https://github.com/MSadek-r7/metasploit-framework into pr5788 2015-07-30 18:31:49 -05:00
wchen-r7 08338b73b2 Add get_target_arch and get_target_os
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
Mo Sadek af55ef7352 Added session.present? 2015-07-30 10:10:42 -05:00
Mo Sadek 7aa78dfd4e Revamped os, platform, arch detection. Added count for exploits being tried 2015-07-30 09:36:02 -05:00
Mo Sadek 1521c8f87e Reworded to no suggestions available 2015-07-29 17:40:27 -05:00
Mo Sadek 66489202fc Added error message if no exploits are found 2015-07-29 17:31:23 -05:00
Mo Sadek b58c6248fe Fixed ShowDescription bug 2015-07-29 16:52:06 -05:00
Mo Sadek 2cddfda0a0 wchen-r7's fixes, fixed indentation, removed newlines, added desc. 2015-07-29 16:13:50 -05:00
Mo Sadek c725f74d46 Add Local Exploit Suggestor
Resolve #5647
2015-07-29 13:19:51 -05:00
Martin Vigo a3365a9c7f Add key, 2fa, iterations and otp support 2015-07-28 00:15:08 -07:00
g0tmi1k 7c3e79f72d Smarter way to download via meterpreter
...less chance of data crupterion
2015-07-27 19:49:06 +01:00
James Lee 52e4f45ecd
Use the new thing in wlan_geolocate 2015-07-20 20:24:07 -05:00
James Lee d6e12d431f
Style and whitespace 2015-07-20 19:40:25 -05:00
g0tmi1k d5c57d9d6e Use creds API 2015-07-16 16:05:59 +01:00
g0tmi1k 074ed20f1c Fix Firefox_Creds
...isn't perfect.
2015-07-14 13:33:48 +01:00
g0tmi1k d795b2f831 Module cleanup 2015-07-11 19:40:21 +01:00
Martin Vigo 0e5e8032ad Add Firefox 2FA support 2015-06-30 21:02:10 -07:00
Martin Vigo 5b0647a1f2 Add support to steal 2FA token 2015-06-29 22:20:38 -07:00
jvazquez-r7 834c0e594a
Update multi modules 2015-06-29 11:36:28 -05:00
jvazquez-r7 f216841d01
Update enum_vbox 2015-06-22 17:54:17 -05:00
jvazquez-r7 c20d2a1dd9
Update post/multi/gather/env
* Use cmd_exec
2015-06-22 16:20:46 -05:00
wchen-r7 5a548c3792
Land #5453, Update dbvis_enum to use the new cred API 2015-06-19 11:35:07 -05:00
g0tmi1k ce9481d2b7 Inconstancy - If datastore['VERBOSE'] vs vprint 2015-06-18 09:27:01 +01:00
William Vu ef825fb4bf
Land #5530, shell_to_meterpreter improvements 2015-06-16 14:29:15 -05:00
g0tmi1k 33139c4ecd shell_to_meterpreter minor improvements 2015-06-16 20:42:47 +01:00
g0tmi1k a53ca53a6a Fix inconstancy - multi/handler 2015-06-12 21:23:51 +01:00
wchen-r7 e43163135b Add module_fullname: fullname, 2015-06-02 12:33:34 -05:00
root 7485cf776e Remove unnecessary spaces 2015-06-02 14:18:36 +05:00
root b4cfe93977 Add creds API 2015-06-02 14:16:16 +05:00
wchen-r7 b98cc89f0c Update filezilla_client_cred to use the new cred API 2015-06-02 00:22:17 -05:00
root 17c0af6380 Consistent column names 2015-05-29 11:08:24 +05:00
root 101f12b9d2 Remove base64 require 2015-05-29 10:38:06 +05:00
root 3ac5088a9a Add decryption.final for proper padding 2015-05-29 10:33:55 +05:00
root 2756c7375e Add datastore options 2015-05-28 10:58:36 +05:00
root 1ab49397a2 Decrypt encrypted passwords 2015-05-28 10:21:00 +05:00
wchen-r7 43e9244b4c Fix #5134, Put store_loot back
Fix #5134

store_loot was used at one point, but we ended up removing it.
Turns out store_loot is handy in some cases so we're brining it back.
2015-04-17 16:33:51 -05:00
g0tmi1k fc6860672b Fix merge conflict due to #5527
...my mistake
2015-03-21 01:57:13 +00:00
g0tmi1k faa7ed2b68 shell_to_meterpreter - more options, more verbose
...less bugs!
2015-06-13 17:37:41 +01:00
William Vu 7d7139d769
Consistent-ize whitespace 2015-01-27 11:11:02 -06:00
Tod Beardsley d8200c65a8
Strip safely, avoid nil.strip errors 2015-01-27 11:06:55 -06:00
William Vu 5b3d877b25
Land #4648, for real 2015-01-27 11:00:22 -06:00
William Vu a88a631b66
Fix #strip 2015-01-27 10:58:24 -06:00
Tod Beardsley d2bf1a73ff
Don't need to require YAML anymore either 2015-01-27 10:40:57 -06:00
Tod Beardsley cafbd1af51
Prefer a regex over YAML parsing
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
William Vu d53f4e1178
Fix bugs and make final changes 2015-01-26 23:29:10 -06:00
Jonathan Claudius 2bb9314b4b Switch to unless conditional 2015-01-27 00:10:33 -05:00
Jonathan Claudius 1f9286da69 Undo logic reversage 2015-01-26 23:54:41 -05:00
Jonathan Claudius a9e480e44a Fixed tilde 2015-01-26 23:53:08 -05:00
Jonathan Claudius eed9fbe024 Lose assignment in conditional 2015-01-26 23:48:08 -05:00
Jonathan Claudius c496d2c987 Remove nil check 2015-01-26 23:43:31 -05:00
Jonathan Claudius c29b7488b2 Fix double new line 2015-01-26 23:40:19 -05:00
Jonathan Claudius d77f112e82 Minor Formatting 2015-01-26 23:31:36 -05:00
Jonathan Claudius 06485d8c89 Fix naming of things 2015-01-26 23:17:44 -05:00
Jonathan Claudius 685c4804e5 Add trailing return 2015-01-26 23:15:00 -05:00
Jonathan Claudius 6b6e47a237 Fix sessiontypes, again 2015-01-26 23:13:17 -05:00
Jonathan Claudius 747349a57a Fix sessiontypes 2015-01-26 23:11:48 -05:00
Jonathan Claudius ee7ecb349d Fix description 2015-01-26 23:10:08 -05:00
Jonathan Claudius 106170eddc Add multi to name 2015-01-26 23:08:43 -05:00
Jonathan Claudius a3c7cf70f8 Make MSF Tidy more happy 2015-01-26 22:30:26 -05:00
Jonathan Claudius d37b3cf0c3 Use next instead of return 2015-01-26 22:26:56 -05:00
Jonathan Claudius f58dc2789f Remove creds 2015-01-26 22:13:15 -05:00
Jonathan Claudius a27c376ae7 Add service port and host 2015-01-26 22:06:07 -05:00
Jonathan Claudius dd34b58e49 Add add loot 2015-01-26 22:01:38 -05:00
Jonathan Claudius 3889ed5784 Add cred login 2015-01-26 21:50:10 -05:00
Jonathan Claudius eead063375 Add RubyGems API Post Gather Module 2015-01-26 20:53:39 -05:00
jvazquez-r7 43e0afeaed Delete 's' typo 2015-01-19 12:55:35 -06:00
jvazquez-r7 79a24f80b8 Use constant for play options 2015-01-19 12:50:40 -06:00
jvazquez-r7 652400451e Delete extra k 2015-01-19 12:35:26 -06:00
IMcPwn 50d43f118b Make URLs better
Removes YouTube logo, loops, hides video controls at bottom, disables keyboard controls, doesn't show info about the video on the top, hides video annotations, and doesn't show related videos at the end.
2015-01-19 12:27:18 -05:00
EricGershman 0496bb16bc Minor spelling fix 2015-01-07 23:43:59 -05:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
jvazquez-r7 54de805b7a Report credentials
* Even when we are not associating them to hosts
* It's a post module so maybe we cannot solve some names
2014-11-17 12:49:18 -06:00
jvazquez-r7 b3b37c7c9f Use longer description lines 2014-11-17 12:23:22 -06:00
Jon Hart d5afb2b766 %q 2014-11-17 09:01:14 -08:00
Jon Hart ce73e32673 Doc and named captures 2014-11-17 09:01:14 -08:00
Jon Hart bf05fe1389 Refactoring, simplification, better print_* 2014-11-17 09:01:14 -08:00
Jon Hart 6e1cdfde36 Rip out create_credential* stuff. Use what works 2014-11-17 09:01:14 -08:00
Jon Hart e5bb13a609 If remmina config files are missing data for creds, tell me what 2014-11-17 09:01:14 -08:00
Jon Hart 875d1f9ea0 Convert Remmina credential gatherer to use new credentials model 2014-11-17 09:01:14 -08:00
Jon Hart 086f0c02d6 Remove excessive logging 2014-11-17 09:01:14 -08:00
Jon Hart 90e58e9e71 Binary encoding 2014-11-17 09:01:14 -08:00
Jon Hart e76373340e Correct some Rubocop things that I agree with 2014-11-17 09:01:14 -08:00
Jon Hart f729a6cf02 Add Remmina RDP/SSH/VNC password gathering 2014-11-17 09:01:13 -08:00
Jon Hart c765100efd
Land #4004, @martinvigo's LastPass master password extraction module 2014-10-22 16:34:54 -07:00
Jon Hart 29b61984c5 Update to use correctly joined path 2014-10-22 16:34:17 -07:00
Tim Wright b8c3fadb9e python 3 is supported now too :) 2014-10-22 20:10:48 +01:00
Tim Wright 8c3c73a72d inline the error message 2014-10-22 20:08:14 +01:00
Tim Wright 2ab73688dc use framework.threads to launch cleanup thread 2014-10-22 19:40:29 +01:00
Tim Wright 22fc6496ac Merge branch 'pr/3401' into landing-3401 2014-10-22 19:23:01 +01:00
Jon Hart 88c1647c80 Loot the passwords, obviously 2014-10-19 13:11:10 -07:00