Meatballs
|
4ba2d56f49
|
Just search on DN for samaccountname
|
2016-01-12 11:20:20 +00:00 |
Kyle Gray
|
47f9880690
|
Land #6395, grammar fixes for recovery_files.rb
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
|
2015-12-28 15:57:41 -06:00 |
William Vu
|
cf0e982e83
|
Land #6386, VNC creds module fix
|
2015-12-28 02:32:26 -06:00 |
William Vu
|
6b9c74eec7
|
Prefer gsub and nix the return
|
2015-12-28 02:31:47 -06:00 |
Jon Hart
|
f8943f4821
|
Remove peer; defined in lib/msf/core/post/common.rb
|
2015-12-24 07:57:16 -08:00 |
karllll
|
431c6001a8
|
Fix recovery_files.rb Description grammar errors
|
2015-12-24 10:10:39 -05:00 |
Stuart Morgan
|
391145a4af
|
Checking if group_filter is empty
|
2015-12-23 15:14:37 +00:00 |
g0tmi1k
|
2f71730484
|
Gather VNC null byte fix + formatting
|
2015-12-22 17:30:37 +00:00 |
Stuart Morgan
|
f950633d32
|
renamed
|
2015-12-21 18:16:06 +00:00 |
Stuart Morgan
|
e09c2944cf
|
Renamed module to be more descriptive
|
2015-12-21 18:15:39 +00:00 |
Stuart Morgan
|
4c27f381dc
|
rubocop & msftidy
|
2015-12-21 18:15:19 +00:00 |
Stuart Morgan
|
8438774077
|
Bug
|
2015-12-21 18:13:58 +00:00 |
Stuart Morgan
|
0b6969afbc
|
Rubocop. This encoding mess was the only way I could find to deal with a number of parsing errors when testing this against a multilingual domain.
|
2015-12-21 17:30:32 +00:00 |
Stuart Morgan
|
30e283b0ae
|
fixup
|
2015-12-21 17:28:36 +00:00 |
Stuart Morgan
|
751a0708bf
|
rubocop
|
2015-12-21 13:32:29 +00:00 |
Stuart Morgan
|
0c8aa0bd5c
|
msftidy - fixed module name
|
2015-12-21 13:32:11 +00:00 |
Stuart Morgan
|
0081c79f39
|
Added comments
|
2015-12-21 13:31:26 +00:00 |
Stuart Morgan
|
03b904cc4e
|
Initial version
|
2015-12-21 13:29:47 +00:00 |
Stuart Morgan
|
16cf3c6207
|
Further messing about with unicode conversions
|
2015-12-21 13:28:27 +00:00 |
Stuart Morgan
|
e8c8c54cb0
|
Use a regex with a negative lookbehind to cope with CNs that contain commas
|
2015-12-21 11:44:37 +00:00 |
Stuart Morgan
|
d8b3b15da6
|
Trying to fix encoding errors
|
2015-12-21 11:43:12 +00:00 |
Stuart Morgan
|
76f99cbc7f
|
Fixing UTF-8 encoding errors with some strangely named groups
|
2015-12-21 11:11:01 +00:00 |
Stuart Morgan
|
b0fca769d7
|
capitalisation
|
2015-12-21 10:39:30 +00:00 |
Stuart Morgan
|
4ed32ad3e8
|
Add manager user attribute
|
2015-12-20 22:51:37 +00:00 |
Stuart Morgan
|
9493b333df
|
rubocop
|
2015-12-20 21:22:03 +00:00 |
Stuart Morgan
|
c394caad27
|
actually made the securitygroups only option do something
|
2015-12-20 21:19:24 +00:00 |
Stuart Morgan
|
07caaf352b
|
made comment match purpose
|
2015-12-20 21:18:21 +00:00 |
Stuart Morgan
|
c0a93433af
|
msftidy
|
2015-12-20 21:16:42 +00:00 |
Stuart Morgan
|
89728fd8fe
|
Working version
|
2015-12-20 21:16:17 +00:00 |
Stuart Morgan
|
ae09549057
|
New module, strating with managedby_groups
|
2015-12-20 20:17:06 +00:00 |
Stuart Morgan
|
28e563659f
|
Added managedBy to group acquisition
|
2015-12-20 20:16:18 +00:00 |
Stuart Morgan
|
d79fd9a9f3
|
Renamed the comments attribute to comment
|
2015-12-20 19:53:36 +00:00 |
Stuart Morgan
|
924017e606
|
Moved trust enumeration to separate PR
|
2015-12-20 19:46:20 +00:00 |
Stuart Morgan
|
43f8a35b12
|
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_filter_to_ad_tools
|
2015-12-20 19:43:04 +00:00 |
Stuart Morgan
|
3a89d3cc70
|
Turns out that we dont need the report or accounts includes in there, so removing them for tidyness
|
2015-12-20 02:37:25 +00:00 |
Stuart Morgan
|
c11c0ca7e0
|
Added comment about the UTF-8 encoding. This is an issue which is documented at https://github.com/rails/rails/issues/1965; namely that SQLite seems to treat ASCII text as a blob meaning that the text searches break. Encoding to UTF-8 seems to fix this.
|
2015-12-20 02:35:19 +00:00 |
Stuart Morgan
|
2301658611
|
Working
|
2015-12-20 02:20:59 +00:00 |
Stuart Morgan
|
7ce24969bb
|
rubocop fixes
|
2015-12-20 02:02:44 +00:00 |
Stuart Morgan
|
d5436c6fae
|
msftidy is now silent
|
2015-12-20 02:01:11 +00:00 |
Stuart Morgan
|
b8274cca01
|
Tested
|
2015-12-20 01:59:31 +00:00 |
Stuart Morgan
|
b0eba24c5f
|
Fixed verbosity bug and tidied up
|
2015-12-20 01:55:44 +00:00 |
Stuart Morgan
|
86294a869e
|
No longer need the sAMAccountType lookup table
|
2015-12-20 01:45:10 +00:00 |
Stuart Morgan
|
cdf430e689
|
Fixed bug relating to forgetting to add columns to the schema
|
2015-12-20 01:44:26 +00:00 |
Stuart Morgan
|
14f71eabdb
|
Completing processing the sAMAccountType value
|
2015-12-20 01:42:25 +00:00 |
Stuart Morgan
|
5f5a297324
|
Adding u_, g_ and c_ parameters to the tables directly avoids most of the views
|
2015-12-20 01:30:24 +00:00 |
Stuart Morgan
|
bb25c7606c
|
Restructuring to add SAM_ (userAccountControl) variables as fields directly
|
2015-12-20 01:28:25 +00:00 |
Stuart Morgan
|
872aeccbb6
|
Significant simplified the hex-to-SID parsing code because we only want the RID out of it
|
2015-12-19 02:02:40 +00:00 |
Stuart Morgan
|
07e5f03aba
|
Fixed
|
2015-12-19 01:58:29 +00:00 |
Stuart Morgan
|
c7f8450775
|
Appears to work correctly
|
2015-12-19 01:11:20 +00:00 |
Stuart Morgan
|
36392ac0cd
|
All works
|
2015-12-19 00:48:41 +00:00 |
Stuart Morgan
|
82c3ec5f4b
|
Added views for users and groups table
|
2015-12-19 00:26:31 +00:00 |
Stuart Morgan
|
ba9845818e
|
Appears to work for the computers table (tables and view)
|
2015-12-18 23:22:22 +00:00 |
Stuart Morgan
|
cf8f0e2483
|
Added userAccountControl to the computer table. Note that computer and user LDAP entries are more or less the same (user is the parent for computer), but it makes sense just for sanity and ease of use to keep them separate.
|
2015-12-18 22:22:56 +00:00 |
Stuart Morgan
|
eade245a9e
|
Added groupType attribute interpretation
|
2015-12-18 22:06:20 +00:00 |
Stuart Morgan
|
e716cd79e3
|
Needed to use .zero? in the ? : if shorthand for the UAC variables
|
2015-12-18 21:55:55 +00:00 |
Stuart Morgan
|
838f74ff74
|
Added table creation for userAccoutControl
|
2015-12-18 21:45:07 +00:00 |
William Vu
|
6afcc13774
|
Requote file path
|
2015-12-18 15:41:38 -06:00 |
Stuart Morgan
|
a065fc803c
|
fixed spacing
|
2015-12-18 21:38:54 +00:00 |
Stuart Morgan
|
8821caa199
|
Added UserAccountControl constants
|
2015-12-18 21:37:31 +00:00 |
William Vu
|
06a2bb53bd
|
Clean up module
|
2015-12-18 15:29:15 -06:00 |
Stuart Morgan
|
6d6306f6e7
|
Added sAMAccountType constants from MSDN
|
2015-12-18 21:14:39 +00:00 |
Stuart Morgan
|
5b07a35cef
|
Added LDAP filter to identify groups of interest
|
2015-12-18 14:10:00 +00:00 |
Stuart Morgan
|
662010fce7
|
Added thread capability
|
2015-12-18 14:06:50 +00:00 |
Stuart Morgan
|
0a75fa333c
|
msftidy
|
2015-12-18 12:14:22 +00:00 |
Stuart Morgan
|
91c8c2b9dd
|
Trying to fix threads
|
2015-12-18 12:14:08 +00:00 |
Stuart Morgan
|
6f50635ab2
|
Strange bug with memberOf param and trying to fix up threads
|
2015-12-18 11:49:17 +00:00 |
Stuart Morgan
|
39bc23629a
|
Getting ready to add thread support
|
2015-12-18 10:56:41 +00:00 |
Stuart Morgan
|
3c8ac89ba8
|
Added options to dump user membership and group membership to screen
|
2015-12-18 10:29:53 +00:00 |
Stuart Morgan
|
8f95ad315e
|
Added extra user fields to database schema
|
2015-12-18 10:02:18 +00:00 |
Stuart Morgan
|
fc45d70d25
|
Added extra user fields
|
2015-12-18 09:59:21 +00:00 |
Stuart Morgan
|
b186aaa08d
|
Added extra computer fields
|
2015-12-18 09:55:13 +00:00 |
Stuart Morgan
|
f8b402165c
|
Added extra computer fields
|
2015-12-18 09:51:04 +00:00 |
Stuart Morgan
|
805ba1d7dd
|
Enumerate computers
|
2015-12-18 08:28:40 +00:00 |
Stuart Morgan
|
98c6b56494
|
Added computer recon
|
2015-12-18 08:14:30 +00:00 |
Stuart Morgan
|
f13ca17de0
|
rubocop
|
2015-12-18 02:01:38 +00:00 |
Stuart Morgan
|
38b6ad4dbf
|
msftidy
|
2015-12-18 02:00:57 +00:00 |
Stuart Morgan
|
36adbadb11
|
Tidied up SQL searching and added file size indicator
|
2015-12-18 01:59:19 +00:00 |
Stuart Morgan
|
eb38859ecc
|
Finally worked out how to use .map to make the SQL stuff far more elegant
|
2015-12-18 01:40:37 +00:00 |
Stuart Morgan
|
1ba6b91968
|
More accurate description
|
2015-12-18 01:24:43 +00:00 |
Stuart Morgan
|
0ddb40b55e
|
Added UNIQUE and FOREIGN KEY constraints to SQLite DB
|
2015-12-18 01:23:29 +00:00 |
Stuart Morgan
|
15dc542544
|
Initial module works
|
2015-12-18 01:13:44 +00:00 |
Stuart Morgan
|
f31c1c24db
|
Added schema and code to populate SQLite db
|
2015-12-18 01:01:20 +00:00 |
Stuart Morgan
|
e3483a2ac3
|
Getting RIDs from hex mess to decimal. Needs fixing
|
2015-12-18 00:20:16 +00:00 |
Stuart Morgan
|
460778738d
|
Initial version works
|
2015-12-18 00:00:21 +00:00 |
Stuart Morgan
|
41c2d12e0c
|
Tidy up initial print
|
2015-12-17 23:41:18 +00:00 |
Stuart Morgan
|
09fb37db6b
|
Add status updates (useful if there are a large number of groups)
|
2015-12-17 23:07:02 +00:00 |
Stuart Morgan
|
2bcea91b15
|
Differentiate between user and group errors
|
2015-12-17 22:57:30 +00:00 |
Stuart Morgan
|
85c4e89526
|
Process user levels
|
2015-12-17 22:55:02 +00:00 |
Stuart Morgan
|
7c145c45e8
|
add LDAP_MATCHING_RULE_IN_CHAIN oid (from my adsi rework earlier)
|
2015-12-17 22:44:35 +00:00 |
Stuart Morgan
|
f2b038f4b3
|
Begin loop to grab effective users of each group
|
2015-12-17 22:39:56 +00:00 |
Stuart Morgan
|
c98519e0b9
|
Get groups using ADSI
|
2015-12-17 22:35:51 +00:00 |
Stuart Morgan
|
7b019bddf4
|
Initial version, just basing it on the ad_users module
|
2015-12-17 22:14:14 +00:00 |
Stuart Morgan
|
e17a7a5d8c
|
Fix attributes
|
2015-12-17 21:38:42 +00:00 |
Stuart Morgan
|
59d5626ef7
|
Bugfix
|
2015-12-17 21:36:19 +00:00 |
Stuart Morgan
|
cba1ddbdc2
|
rubocop
|
2015-12-16 22:38:05 +00:00 |
Stuart Morgan
|
47e484408f
|
rubocop
|
2015-12-16 22:31:54 +00:00 |
Stuart Morgan
|
9eef27e4c1
|
Removed snake case and added SID translation call
|
2015-12-16 22:31:22 +00:00 |
Stuart Morgan
|
cc3ac3ad95
|
Removed trailing line spaces
|
2015-12-16 22:28:27 +00:00 |
Stuart Morgan
|
58635be237
|
Try to unpack the SID from hex to normal cut/paste format. Its a mess.
|
2015-12-16 22:27:52 +00:00 |
Stuart Morgan
|
421a29d998
|
Added the trust types from MSDN
|
2015-12-16 22:18:28 +00:00 |
Stuart Morgan
|
fbe0cfde8f
|
Fixed URL for trustDirection reference
|
2015-12-16 22:16:33 +00:00 |
Stuart Morgan
|
fd8405f52d
|
added trustDirection
|
2015-12-16 22:15:10 +00:00 |
Stuart Morgan
|
4da8859e57
|
added trustAttributes
|
2015-12-16 22:13:00 +00:00 |
Stuart Morgan
|
207a964117
|
Loop through results
|
2015-12-16 21:52:30 +00:00 |
Stuart Morgan
|
087a01f27f
|
Templated table
|
2015-12-16 21:40:49 +00:00 |
Stuart Morgan
|
fdf1a8c235
|
Updated with the LDAP fields to retrieve
|
2015-12-16 21:39:33 +00:00 |
Stuart Morgan
|
ed4cf71ca8
|
Initial add (templated from Ben's bitlocker module)
|
2015-12-16 21:26:02 +00:00 |
Stuart Morgan
|
c9c1dd22ee
|
Added custom LDAP filter to ad_groups and ad_users to save having to use meterpreter's adsi interface
|
2015-12-16 10:38:38 +00:00 |
Stuart Morgan
|
2c29298485
|
undoing this, put in a separate module
|
2015-12-15 23:16:21 +00:00 |
Stuart Morgan
|
5dd8cb7648
|
proper type conversions
|
2015-12-15 23:13:02 +00:00 |
Stuart Morgan
|
fef9a84548
|
rubocop
|
2015-12-15 23:12:14 +00:00 |
Stuart Morgan
|
a2b30ff16e
|
msftidy
|
2015-12-15 23:11:40 +00:00 |
Stuart Morgan
|
281966023c
|
Final version
|
2015-12-15 23:10:06 +00:00 |
Stuart Morgan
|
7fa453b7ff
|
Added module
|
2015-12-15 22:31:00 +00:00 |
Stuart Morgan
|
059de62400
|
Editing an existing module rather than adding a new one
|
2015-12-15 21:36:39 +00:00 |
Stuart Morgan
|
4a66b487de
|
Based on putty enum module
|
2015-12-15 21:28:13 +00:00 |
Jon Hart
|
39da306b1d
|
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK)
|
2015-12-08 18:16:39 -08:00 |
Jon Hart
|
ed8076f361
|
Merge branch 'master' into pr/6197
|
2015-12-08 12:08:15 -08:00 |
Jon Hart
|
2177b979fd
|
Update SessionTypes command to describe why shell is not listed
|
2015-12-08 12:06:47 -08:00 |
Jon Hart
|
3890961155
|
Correct SEP client exclusion enumeration
|
2015-12-08 10:16:25 -08:00 |
BAZIN-HSC
|
be5f648969
|
manage-bde.exe path test if in System32 or sysnative
|
2015-12-08 16:14:13 +01:00 |
Jon Hart
|
f6417df9ba
|
Update enum_av_excluded to work properly under wow64
|
2015-12-04 17:13:43 -08:00 |
Jon Hart
|
ad60a4118e
|
Put admin and client exclusions in different tables
|
2015-12-04 13:01:28 -08:00 |
Jon Hart
|
c92365090f
|
Simpler
|
2015-12-04 12:38:25 -08:00 |
Jon Hart
|
e7d2eb6ad9
|
Wire in support for showing process and file extension exclusions
|
2015-12-04 12:35:42 -08:00 |
Jon Hart
|
78a303974f
|
Handle empty exclusions better
|
2015-12-04 12:19:17 -08:00 |
Jon Hart
|
81ee01a93e
|
Simplify exclusion extraction and printing
|
2015-12-04 11:42:03 -08:00 |
Jon Hart
|
1968a76863
|
Simplify AV enumeration code
|
2015-12-04 10:27:14 -08:00 |
Jon Hart
|
28ee056c32
|
Make enumeration of each individual AV optional
|
2015-12-03 16:07:49 -08:00 |
Jon Hart
|
c007fffbce
|
Style cleanup
|
2015-12-03 15:55:12 -08:00 |
Andrew Smith
|
59bd88ff70
|
msftidy
|
2015-11-27 16:45:52 -05:00 |
Andrew Smith
|
9c016343c7
|
Update to logic and reliability
Included support for Windows Defender
Rewrote logic to support hosts with multiple AV products installed
|
2015-11-27 16:41:40 -05:00 |
BAZIN-HSC
|
5592e4e4ea
|
seek_relative suppression (use seek instead)
|
2015-11-20 18:30:51 +01:00 |
BAZIN-HSC
|
dd027982ae
|
if recovery_key specified, only method that is tried
|
2015-11-20 18:30:50 +01:00 |
BAZIN-HSC
|
f49d6905a6
|
Fix comments by @jhart-r7
|
2015-11-20 18:30:50 +01:00 |
BAZIN-HSC
|
8f135c07aa
|
Remove hard coded C:\Windows and use %SYSTEMROOT%
|
2015-11-20 18:30:49 +01:00 |
BAZIN-HSC
|
7d9d74f609
|
msftidy...
|
2015-11-20 18:30:49 +01:00 |
BAZIN-HSC
|
c8847182d7
|
Add module to dump Bitlocker master key (FVEK)
|
2015-11-20 18:30:48 +01:00 |
wchen-r7
|
17a1f2ee8a
|
Fix #6242, Check nil for sock.read
Fix #6242
|
2015-11-16 14:24:46 -06:00 |
Jon Hart
|
43229c16e7
|
Correct some authors with unbalanced angle brackets
|
2015-11-06 13:24:58 -08:00 |
Andrew Smith
|
c44ecfeb15
|
Spacing
|
2015-11-06 10:55:29 -05:00 |
jakxx
|
e4d8909815
|
Initial Commit
|
2015-11-05 20:43:30 -05:00 |
Brent Cook
|
d551f421f8
|
Land #5799, refactor WinSCP module and library code to be more useful and flexible
|
2015-10-01 14:35:10 -05:00 |
jvazquez-r7
|
415fa3a244
|
Fix #5968, some modules not handling Rex::Post::Meterpreter::RequestError exceptions
* Related to the usage of ADSI on unsupported OSes
|
2015-09-21 14:33:00 -05:00 |
William Vu
|
5f9f66cc1f
|
Fix nil bug in SSO gather module
|
2015-09-11 02:21:01 -05:00 |
Stuart Morgan
|
b59bc30160
|
Fixed stupid bracket error
|
2015-08-28 16:13:22 +01:00 |
Stuart Morgan
|
8bf815c4bb
|
rubocop
|
2015-08-28 15:39:02 +01:00 |
Stuart Morgan
|
f371a1c4fc
|
Added the ability to list AD groups by POST module
|
2015-08-28 15:10:48 +01:00 |
Stuart Morgan
|
8682ec77c5
|
Added group filtering to the enum_ad_users module
|
2015-08-28 15:10:27 +01:00 |
Brent Cook
|
5633c1431f
|
Land #5821, add explicit 64-bit pointer support to enum_cred_store
|
2015-08-24 09:44:36 -05:00 |