Commit Graph

3284 Commits (5435c7a5eb5d42c91fb19688355b1450c8939751)

Author SHA1 Message Date
Craig Smith 8f1856c5d1 Fixed a bug with DTC decoding.
DTC Codes now print the English error messages next to their code with getvinfo
Frozen DTCs can also be fetched via get_frozen_dtcs()
2017-02-15 16:26:23 -08:00
Tim 9e0cb9797b
python -c payload -> echo payload | python 2017-02-04 17:57:17 +08:00
Pearce Barry 23c2787d57
Land #7795, Hardware Bridge API.
Initial bridge API that supports the HW rest protocol.
2017-02-02 08:47:59 -06:00
Pearce Barry 16de745437
Minor code cleanups/corrections. 2017-02-01 16:12:45 -06:00
Brent Cook 15a4ec629b remove TRUE 2017-01-22 10:20:03 -06:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
bwatters_r7 bcbb7b86d6 Changed encoding on jscript contents before uploading it 2017-01-13 16:19:58 -06:00
Craig Smith 8635925658 Fixed a typo about gathering realtime PIDs. 2017-01-10 13:20:04 -08:00
Brent Cook cdcf4cce7d improve zip module windows script fallback
- handle non-English locales
 - wait more reliably, handle network paths where FS info gets stale
 - use absolute paths correctly
2017-01-07 12:27:03 -06:00
Craig Smith 5f07bca775 Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here:
http://opengarages.org/hwbridge  Supports an automotive extension with UDS calls for mdoule
development.
2017-01-06 19:51:41 -08:00
Brent Cook fae4751771
Land #7744, update kiwi extension to Mimikatz 2.1 2016-12-29 16:22:45 -06:00
OJ 18e69b85af
Update the golden ticket module to work with new kiwi 2016-12-23 10:30:06 +10:00
bwatters_r7 e646a8d5c2 Please the rubocop gods (unless they are dumb) 2016-12-21 16:13:53 -08:00
p3nt4 13ccfd7bb3 Update run_as_psh.rb 2016-12-21 09:44:57 +11:00
p3nt4 a9b78e37d2 Update typos 2016-12-21 09:43:18 +11:00
p3nt4 cc99aaafc6 Corrected as per reviews 2016-12-21 09:42:26 +11:00
p3nt4 b9fd1db5fa Add module to runas ysing powershell 2016-12-20 14:38:19 +11:00
Brendan 9b678c2bdd
Land #7685, Add mosule to change user passwords by editing SAM registry 2016-12-16 13:11:40 -06:00
Brent Cook 52346c3fa8 fix renamed rex text 2016-12-15 15:31:00 -06:00
p3nt4 deec6eccdf Update hashcarve.rb 2016-12-12 17:09:04 +11:00
p3nt4 3e80ee1d6a Better Error Handling 2016-12-12 17:07:47 +11:00
p3nt4 7b4dce5e7e One left! 2016-12-09 16:27:40 +11:00
p3nt4 74c48f5fa4 I'll get there! 2016-12-09 16:24:49 +11:00
p3nt4 c898e768f6 Struggling with tidyness 2016-12-09 16:00:32 +11:00
p3nt4 586b2d92e2 Corrected status prints 2016-12-09 15:45:30 +11:00
p3nt4 fb360e69c0 Initial Commit
This module "carves" a hash in the registries to set it as a user password.

The benefits are:
1/ It doesn't change the password last change field
2/ You can set a hash directly, so you can change  a user's password and revert it without cracking its hash.

I have tested it in Windows 7, and 8.1. Should work on every version though.

Usage:
 run post/windows/manage/hashcarve user=test pass=<password>
 run post/windows/manage/hashcarve user=test pass=<nthash>
 run post/windows/manage/hashcarve user=test pass=<lmhash:nthash>

This work is based on the hashdump implementation.
2016-12-09 15:41:01 +11:00
Javier Godinez 0d41160b03 Sanity checks, errors out with nil ptr if API call fails 2016-12-08 16:14:10 -08:00
Javier Godinez a17d1a7e19 Added options for setting the PASSWORD and GROUPNAME 2016-12-08 16:13:31 -08:00
Jon Hart 4614b7023d
Land #7604, @godinezj's post module for creating AWS IAM accounts 2016-12-08 14:26:22 -08:00
Jon Hart aa29fcad80
Update docs and pretty print the loot 2016-12-08 14:25:07 -08:00
Jon Hart 70668c289f
Use better loot args 2016-12-08 13:14:36 -08:00
Jon Hart 162204b338
Support creating a password for the user, etc 2016-12-08 12:56:00 -08:00
Javier Godinez a9cb08a352 Token should be passed as nil if not set 2016-12-07 10:16:41 -08:00
Jon Hart 1c3f0437ed
Move some options back to non-advanced 2016-12-06 17:39:37 -08:00
Jon Hart a13382c80b
Address most of rubocop's nits 2016-12-06 17:10:34 -08:00
Jon Hart 8f21a1f68c
move most options to advance, since they never change
Also, doc empty username
2016-12-06 16:29:00 -08:00
Javier Godinez 497e02955b Fixed checking for access keys being retrieved 2016-11-29 11:08:55 -08:00
Javier Godinez cb0313642b Fixed setting IAM_USERNAME 2016-11-29 00:54:49 +00:00
Javier Godinez 46ce1dfaab Now using random string as IAM_USERNAME unless specified 2016-11-28 16:32:53 -08:00
Javier Godinez f8789fef38 Moved METADATA_IP to advanced options 2016-11-28 16:32:26 -08:00
William Vu b6fe6c1d38 Fix #7597, minor changes to enum_messages 2016-11-28 17:37:32 -06:00
Javier Godinez b4add59a3d Moved metadata_creds() so Client can be included in Aux/Post modules 2016-11-24 21:03:38 -08:00
root dc64f63517 Removed useless comments 2016-11-24 01:33:20 +00:00
root 5284e20a52 Optimised SQL vars, removed unneeded requires and changed the "exec" function name 2016-11-24 01:27:03 +00:00
Javier Godinez c48587066d Added reference and minor fixes 2016-11-23 10:58:37 -08:00
Javier Godinez 43e1b5bdd1 Adds module to create an AWS IAM user from a pwned AWS host 2016-11-22 14:55:03 -08:00
root ce514ed3e5 Fixed broken fail_with function call and whitespace on line ending 2016-11-22 03:04:12 +00:00
root e0f8d622ec Added metasploit module for access OSX messages database 2016-11-22 02:53:38 +00:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
David Maloney 8e3888f20c the template ref in this module was missed
when we cleaned up all the other powershell template refs
we missed the one in this module which seems to e replicating
large ammounts of library code

7533
2016-11-11 14:24:33 -06:00
dmohanty-r7 2b5517f597
Land #7506, Add gather AWS keys post module 2016-11-11 13:56:12 -06:00
OJ e5ea4a53d3
Fix typo in windows cred phish module 2016-11-04 13:26:10 +10:00
OJ 47ec362148
Small fixes for dbvis enum 2016-11-01 07:35:36 +10:00
OJ ffb53b7ca3
Tidy arch check in meterpreter inject 2016-11-01 01:51:12 +10:00
OJ 557424d2ec
Small tidy of the multiport_egress_traffic module 2016-11-01 01:46:58 +10:00
OJ ec8536f7e9
Fix firefox module to use symbols where appopriate 2016-11-01 01:43:25 +10:00
OJ b9bbb5e857
Replace regex use with direct string checks in dbvis module 2016-11-01 01:35:01 +10:00
Konrads Smelkovs f754adad0c Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE 2016-10-29 11:20:32 +01:00
OJ 640827c24b
Final pass of regex -> string checks 2016-10-29 14:59:05 +10:00
OJ 57eabda5dc
Merge upstream/master 2016-10-29 13:54:31 +10:00
OJ 8b97183924
Update UUID to match detected platform, fail exploit on invalid session 2016-10-29 13:45:28 +10:00
OJ 0737d7ca12
Tidy code, remove regex and use comparison for platform checks 2016-10-29 13:41:20 +10:00
Jon Hart 8173e87756
Add references 2016-10-28 16:12:46 -07:00
Jon Hart 96c204d1ea
Add aws_keys docs; correct description 2016-10-28 15:27:47 -07:00
OJ 751742face
Fix typo in arch check for inject script 2016-10-29 08:25:23 +10:00
OJ 1ca2fe1398
More platform/arch/session fixes 2016-10-29 08:11:20 +10:00
Jon Hart 7dea613507
Initial commit of module for snagging AWS key material from shell/meterpreter sessions 2016-10-28 14:48:55 -07:00
OJ 1d617ae389
Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
David Maloney 6a31dad678
clean up some style guide issues with rubocop
applied rubocop to the module for some
tidying up
2016-10-25 11:24:32 -05:00
drforbin 94979f4541 changed formatting for else statements 2016-10-25 09:42:00 -05:00
drforbin 6f3c20069b fixed formatting errors for travis 2016-10-25 09:42:00 -05:00
drforbin 0ec153eb9c changed formatting, changed to OptPath. cleaned unneeded code 2016-10-25 09:41:59 -05:00
drforbin 3b9a441382 cleaned up write_target, and variables REXE 2016-10-25 09:41:59 -05:00
drforbin c3ada74728 changed formatting to comform with travis 2016-10-25 09:41:59 -05:00
drforbin 0395d57512 formatting changes and design changes. tested 2016-10-25 09:41:58 -05:00
drforbin 337e3b6cce added persistence_exe.rb to windows post modules 2016-10-25 09:41:58 -05:00
David Maloney 6b77f509ba
fixes bad file refs for cmdstagers
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
2016-10-21 12:31:18 -05:00
OJ 022830634b
Rejig platform to use windows instead of win32/win64 2016-10-14 10:10:04 +10:00
Brent Cook b77a910205
Land #7355, allwinner post to local exploit conversion 2016-10-08 21:38:54 -05:00
Brent Cook bd24e7eba0 more cleanups and print output on auto-run 2016-10-08 21:14:26 -05:00
Brent Cook 5284db6b58 module cleanup 2016-10-08 20:17:29 -05:00
Brent Cook 199bf8e726 cleanups and update to require 4.0 CLR by default 2016-10-08 15:24:13 -05:00
RageLtMan 44c5fc3250 Sync build_net_code post module upstream
Fix merge conflicts and add missing lines to framework version of
the DotNet compiler example module.

Test output to come in PR #5393
2016-10-08 14:06:35 -05:00
wchen-r7 0e57808914 Update to class name MetasploitModule 2016-10-08 14:06:35 -05:00
RageLtMan 36b989e6d7 Initial import of .NET compiler and persistence
Add Exploit::Powershell::DotNet namespace with compiler and
runtime elevator.

Add compiler modules for payloads and custom .NET code/blocks.

==============

Powershell-based persistence module to compile .NET templates
with MSF payloads into binaries which persist on host.
Templates by @hostess (way back in 2012).

C# templates for simple binaries and a service executable with
its own install wrapper.

==============

Generic .NET compiler post module

Compiles .NET source code to binary on compromised hosts.
Useful for home-grown APT deployment, decoy creation, and other
misdirection or collection activities.

Using mimikatz (kiwi), one can also extract host-resident certs
and use them to sign the generated binary, thus creating a
locally trusted exe which helps with certain defensive measures.

==============

Concept:

Microsoft has graciously included a compiler in every modern
version of Windows. Although executables which can be easily
invoked by the user may not be present on all hosts, the
shared runtime of .NET and Powershell exposes this functionality
to all users with access to Powershell.

This commit provides a way to execute the compiler entirely in
memory, seeking to avoid disk access and the associated forensic
and defensive measures. Resulting .NET assemblies can be run
from memory, or written to disk (with the option of signing
them using a pfx cert on the host). Two basic modules are
provided to showcase the functionality and execution pipeline.

Usage notes:

Binaries generated this way are dynamic by nature and avoid sig
based detection. Heuristics, sandboxing, and other isolation
mechanisms must be defeated by the user for now. Play with
compiler options, included libraries, and runtime environments
for maximum entropy before you hit the temmplates.

Defenders should watch for:
Using this in conjunction with WMI/PS remoting or other MSFT
native distributed execution mechanism can bring malware labs
to their knees with properly crafted templates.
The powershell code to generate the binaries also provides a
convenient method to leave behind complex trojans which are not
yet in binary form, nor will they be until execution (which can
occur strictly in memory avoiding disk access for the final
product).

==============

On responsible disclosure: I've received some heat over the years
for prior work in this arena. Everything here is already public,
and has been in closed PRs in the R7 repo for years. The bad guys
have had this for a while (they do their homework religiously),
defenders need to be made aware of this approach and prepare
themselves to deal with it.
2016-10-08 14:05:53 -05:00
Jon Hart b3c6ec09a0
Show status when gathering, which can take a bit 2016-09-30 06:42:22 -07:00
Jon Hart abed3bf6c2
Rename 2016-09-30 06:35:26 -07:00
Jon Hart 9ee6e1931a
target_uri simplification, cleanup 2016-09-30 06:24:50 -07:00
Jon Hart 60cfe6216a
mstfidy 2016-09-29 22:00:35 -07:00
Jon Hart 558adb5e1e
Uncork module and address style issues 2016-09-29 21:59:19 -07:00
Jon Hart b2e06bed66
Initial commit of post module to gather AWS EC2 instance metadata 2016-09-29 21:52:22 -07:00
jvoisin 2272e15ca2 Remove some anti-patterns, in the same spirit than #7372 2016-09-29 00:15:01 +02:00
Henry Pitcairn e5c05c05d2 Make OSX screencapture silent
By default, the `screencapture` command on OS X plays a camera sound effect. The -x option silences this.
2016-09-25 22:54:57 -04:00
h00die cba297644e post to local conversion 2016-09-22 22:08:24 -04:00
Brent Cook 60e728ec5c
Land #7065, Correct display errors for SHA-512 hashes with MS SQL Server 2012 2016-09-15 18:06:02 -05:00
Brent Cook 8b050fcc9b simplify cleanup code, remove duplicate logic 2016-09-15 18:05:34 -05:00
wchen-r7 89705cc803 Avoid potential undef method error '+' for nil 2016-09-13 11:13:02 -05:00
wchen-r7 50447fc4cf Fix post/windows/gather/credentials/steam for an empty env var 2016-09-13 11:04:42 -05:00
scriptjunkie a0e05d4c4c
Land #7287, mdaemon cred dumper 2016-09-10 08:43:07 -05:00
Brent Cook a81f351cb3
Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Agora Security 00f09d19b1 SMTP Typo
Correct SMTP Type (before SMPT)
2016-09-09 01:36:37 -05:00
wchen-r7 a9c3c5d391 Fix typos 2016-09-07 15:40:10 -05:00
wchen-r7 831c7a08a8 Check environment variables before using for winscp module 2016-09-07 15:24:22 -05:00
William Vu fed2ed444f Remove deprecated modules
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
AgoraSecurity d65ca818ea Add validation of session type 2016-08-31 11:29:04 -05:00
AgoraSecurity ce7d4cf7f7 Removed "shell" from SessionTypes
Remove the need to check for the session type manually. It will be automatically validated at the time of module run.
2016-08-31 00:12:31 -05:00
AgoraSecurity 401044ee43 Fix error when saving creds 2016-08-30 16:49:31 -05:00
Brendan bc6a529388 Added some error checking to CredEnuerateA() railgun call 2016-08-26 16:21:54 -05:00
Louis Sato 4a6b2ef8de
fixing typo for reference for golden ticket 2016-08-24 10:55:36 -05:00
Brendan 83160b7e49
Land #7173, Add post module to compress (zip) a file or directory 2016-08-24 09:38:04 -05:00
wchen-r7 89c3b6f399 Remove the -d flag for Linux machines 2016-08-23 18:43:50 -05:00
wchen-r7 b081dbf703 Make destination required 2016-08-18 15:56:16 -05:00
William Vu 2fa4c7073b
Land #6995, SSH key persistence module 2016-08-17 22:44:57 -05:00
wchen-r7 60937ec5e9 If user is SYSTEM, then steal a token before decompression 2016-08-17 16:56:09 -05:00
Brent Cook 870669bdf7 handle exception in getsystem module 2016-08-15 23:51:05 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Pearce Barry ae59c4ae74
Land #6687, Fix meterpreter platform to include OS in the tuple for all meterpreters 2016-08-07 05:00:24 -05:00
wchen-r7 45801bc44e get_env 2016-08-03 11:11:34 -05:00
wchen-r7 bddf5edcf1 Fix typo 2016-08-03 11:04:53 -05:00
wchen-r7 8f7d0eae0c Fix #7155 - Add post module to compress (zip) a file or directory
Fix #7155
2016-08-02 14:44:58 -05:00
AgoraSecurity b61aaef03e Fix undercase issue with userlist.dat
Remove the 2nd element of the array at line 102.
Add .downcase for line 103.
Fix to find filenames on systems that created the userlist.dat on uppercase.
2016-07-29 15:54:34 -05:00
Pearce Barry 6c7cc061ea Minor formatting tweaks. 2016-07-28 16:29:42 -05:00
Robert Kugler ef2899dfd4 msftidy updates 2016-07-28 16:29:42 -05:00
Robert Kugler 7b4bb75294 Create avira_password.rb 2016-07-28 16:29:42 -05:00
wchen-r7 df15eebdf8
Land #7106, multiple keylog_recorder improvements 2016-07-25 14:54:06 -05:00
Josh Hale 352d63480d scriptjunkie's recs and fixes additional issues 2016-07-21 22:54:48 -05:00
Josh Hale 722133491d Wording change in advanced options and doc 2016-07-16 22:57:36 -05:00
Josh Hale 9cb9a2f69d Update for windows keylog_recorder 2016-07-16 22:38:10 -05:00
AgoraSecurity dcd09f17bd New Post Module
New post module for windows.
It gathers the users and cracks the password of MDaemon Mail server.
NOTE: The module have a bug and I would appreciate help fixing it (problem when storing credentials)
2016-07-16 19:07:27 -05:00
ktreimann e3801c425b Fix typo in USB error message 2016-07-16 09:43:48 -04:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
h00die 7734279147 round 2 of updates 2016-07-15 08:21:17 -04:00
Brent Cook fcdb32795d
Land #6777, Linux Xen 4.2.0 DoS 2016-07-13 00:40:42 -05:00
Brent Cook 7b5e3a880d added module docs and some output tweaks for consistency with other modules 2016-07-13 00:38:46 -05:00
Brent Cook 3e6fed7958 update metadata 2016-07-13 00:13:02 -05:00
Brent Cook 0304b2c1e2 simplify logic, Ubuntu support 2016-07-12 23:50:32 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Stephen Deck 9d13df3a25 Corrected for console width errors causing erroneous carriage returns, resulting in incorrect hash extraction on ms sql server 2012 2016-07-04 16:23:07 -04:00
Louis Sato d5d0b9e9b8 Revert "Land #6729, Speed up the datastore"
This reverts commit c6b1955a5a, reversing
changes made to 4fb7472391.
2016-06-28 13:39:52 -05:00
h00die 42697b46ac append over read and write 2016-06-21 16:52:40 -04:00
Meatballs 81f30ca962
Land #6966, Microsoft Office Trusted Locations Enumeration 2016-06-21 21:45:39 +01:00
h00die c50f935412 shell > cmd all day 2016-06-20 17:59:01 -04:00
Pearce Barry 95517b4a45 Avoid exception on missing key in prefs. 2016-06-20 09:26:10 -05:00
William Vu 6cb2a6970e Fix unused SessionType in two modules
Pretty sure it should be "shell."
2016-06-19 23:41:34 -05:00
h00die 6905a29b10 sshkey persistence 2016-06-19 22:40:03 -04:00
wchen-r7 c6b1955a5a
Land #6729, Speed up the datastore 2016-06-15 17:55:42 -05:00
Meatballs 0451d4f079
Cleanup 2016-06-15 22:41:59 +01:00
Vincent Yiu 8a68e86a0a Update enum_trusted_locations.rb
Changed some colours
2016-06-15 13:42:38 +01:00
Vincent Yiu 48714184f3 Update enum_trusted_locations.rb
Added product it found the locations in.
2016-06-15 13:41:19 +01:00
Vincent Yiu 1ba33ff7f8 Fixed MSFTidy
Fixed MSFTidy stuff
2016-06-12 13:00:44 +01:00
Vincent Yiu a2a97d0271 Update enum_trusted_locations.rb
Fix some changes, I had emet references.
2016-06-12 11:06:20 +01:00
Vincent Yiu 2e03c3511e Add enum_trusted_locations.rb
Quickly enumerates trusted locations for file planting :)
2016-06-12 10:59:57 +01:00
Crypt0-M3lon 233186c833 Check presence in local admin group
As the "is_admin?" function only checks if the current session effectively has admin rights, I offer to add a check to know if the current user is in the local admin group using the "is_in_admin_group?" function. This information is better suited to check if admin rights are obtainable using the "bypassuac" module.
2016-06-09 17:47:09 +02:00
Crypt0-M3lon eaaa9177d5 Fix "username" key to add login in creds database 2016-06-08 10:38:38 +02:00
William Vu ca76e8f290 Update allwinner_backdoor report_vuln hash 2016-05-24 00:57:37 -05:00
Brent Cook 928a706135
Land #6890, Allwinner CPU kernel module local privilege escalation 2016-05-23 22:00:52 -05:00
Brent Cook 2f8562fba4 added documentation and minor style tweaks 2016-05-23 21:59:44 -05:00
h00die 4242bbdf55 change report_note to report_vuln per note 2016-05-23 17:36:50 -04:00
h00die c621f689b2 more descriptive note per @sempervictus 2016-05-18 19:08:01 -04:00
h00die 815a2600a8 additional description 2016-05-17 22:07:33 -04:00
h00die 640e0b9ff7 working ready for pr 2016-05-17 21:58:32 -04:00
Brent Cook 2e3e4f0069
Land #6296, Added a multi-platform post module to generate TCP & UDP egress traffic 2016-05-14 00:03:00 -05:00
Brent Cook 3542d907f7 simplify description, move the bulk of documentation to documentation/ 2016-05-14 00:01:51 -05:00
h00die 314d73546c additional details, not working on tablet via malicious apk meterpreter 2016-05-13 23:12:44 -04:00
h00die 5099124f3d module compiles, fails correctly but cant yet verify it works 2016-05-12 22:18:43 -04:00
Brent Cook a69432abe5 update module class and move to recon from manage 2016-05-12 12:42:04 -05:00
Brent Cook 9f923cdb00 Merge branch 'master' into land-6296-egress 2016-05-12 12:36:47 -05:00
Brent Cook 57a3a2871b remove various session manipulation hacks since session.platform should always contain an os identifier 2016-05-08 22:39:41 -05:00
wchen-r7 2f66442f1d Fix #5191, bad LHOST format causes shell_to_meterpreter to backtrace
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.

Fix #5191
2016-04-28 23:03:54 -05:00
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
wchen-r7 da9f156913 Print IP in print_* 2016-04-22 16:03:31 -05:00
wchen-r7 3aa02891e9
Bring #6801 up to date with upstream-master 2016-04-22 14:04:26 -05:00
join-us 16ff74e293 syntax check / code reduce 2016-04-22 10:53:03 +08:00
Vincent Yiu ca4bcfe62a Update enum_emet.rb
Cleaned up a bit more
2016-04-22 00:41:10 +01:00
Vincent Yiu c81d0ade3f Update, implemented
Took @bcook-r7's advice
2016-04-22 00:37:03 +01:00
Vincent Yiu 30ac6b4a93 enum_emet
A module to enumerate all the EMET wildcard paths.
2016-04-22 00:20:25 +01:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Josh Hale 57467b94d9 Fix RegExp evaluation in is_routable? function 2016-04-20 10:22:46 -05:00
Adam Cammack 3da451795c
Fix potential case issue
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
Josh Hale 48556483b5 Fix a few comments 2016-04-17 19:16:52 -05:00
Josh Hale 32590c89b7 Add interface name to routing status message 2016-04-17 14:15:50 -05:00
Josh Hale fb7194c125 Work on autoroute.md 2016-04-17 00:04:42 -05:00
Josh Hale a5e48b6112 Add default option and clean up comments 2016-04-16 19:50:08 -05:00
Josh Hale 6550e0bc1b Finish up autoadd_interface_routes 2016-04-16 18:42:41 -05:00
Josh Hale b3d199c055 Add get_subnet_octet and test 2016-04-16 14:57:39 -05:00
Josh Hale b1064af082 Initial get_subnet testing 2016-04-16 13:50:15 -05:00
Josh Hale 018e7807fe Identify routable networks 2016-04-15 22:21:54 -05:00
Josh Hale e8863ba09d Initial autoadd_interface_routes work 2016-04-15 22:13:17 -05:00
Josh Hale 5f5c330f2b Initial Testing of Interface Info Gather 2016-04-14 21:59:48 -05:00
Josh Hale c39410a070 Fix autoadd problem 2016-04-13 23:31:27 -05:00
CSendner 2319629dd8 Update comments 2016-04-13 05:03:11 +02:00
Christoph Sendner 4970047198 ./modules/post/linux/dos/xen_420_dos.rb 2016-04-13 03:31:02 +02:00
wchen-r7 cba7353e1d Fix another typo? 2016-04-07 17:12:11 -05:00
wchen-r7 ff9d94218d Fix a typo? 2016-04-07 17:11:42 -05:00
wchen-r7 a3c390ee9d Change class name to MetasploitModule 2016-04-07 17:11:08 -05:00
wchen-r7 f09637a1c7
Bring #6377 up to date with upstream-master 2016-04-07 17:06:49 -05:00
wchen-r7 0d3eb4f055 Change class name to MetasploitModule 2016-04-07 12:15:32 -05:00
wchen-r7 0f56dbd858
Bring #6378 up to date with upstream-master 2016-04-07 12:10:55 -05:00
wchen-r7 ac051bda7f Add check is_routable?, and change netmask if needed 2016-04-06 15:28:54 -05:00
wchen-r7 d240e0b3a2
Bring #6515 up to date with upstream-master 2016-04-06 11:27:32 -05:00
wchen-r7 4074634a13
Land #6713, Add post exploit module for HeidiSQL's stored passwords 2016-03-30 12:10:30 -05:00
wchen-r7 0c6b4d81c8 More proper exception handling 2016-03-30 12:09:40 -05:00
wchen-r7 aaa1515ba0 Print rhost:rport 2016-03-30 11:56:09 -05:00
Meatballs 397d5580be
Use MetasploitModule convention 2016-03-30 15:44:37 +01:00
Meatballs f8628e3438
Merge remote-tracking branch 'upstream/master' into wdigest_enable 2016-03-30 15:44:21 +01:00
Meatballs 9e45f0c104
Minor tidies 2016-03-30 15:29:03 +01:00
Hans-Martin Münch (h0ng10) 976932ed43 Initial commit 2016-03-26 12:00:25 +01:00
James Lee d54bbdf9a3
Land #6566, filezilla xml file locations 2016-03-17 16:27:24 -05:00
James Lee 115a033036
Fix parsing the Last Server xml 2016-03-17 16:27:02 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Tim f83cb4ee32 fix set_wallpaper 2016-03-16 13:07:41 +00:00
Brent Cook cd84ac37d6
Land #6569, check if USERNAME env var exists before using in enum_chrome post module 2016-03-13 15:12:51 -05:00
Brent Cook c89e53d0a3
Land #6666, fix filezilla_server display bug showing the session ID 2016-03-13 13:56:44 -05:00
wchen-r7 51cdb57d42 Fix #6569, Add a check for USERNAME env var in enum_chrome post mod
Fix #6569

Depending on the context, the USERNAME environment variable might
not always be there.
2016-03-11 15:36:44 -06:00
James Lee 8217d55e25
Fix display issue when SESSION is -1 2016-03-11 11:37:22 -06:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names"
This reverts commit 3da9535e22.
2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook a1190f4344
Land #6598, add post module for setting wallpaper 2016-03-06 15:00:10 -06:00
Brent Cook 86845222ef add meterpreter platform workaround 2016-03-06 14:51:34 -06:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Meatballs c7f9fbcdfa Change to enable/disable 2016-03-06 04:31:24 +00:00
Meatballs 6b510005da Reverse os checks 2016-03-06 04:31:23 +00:00
Meatballs 0e52fda708 Initial tidy 2016-03-06 04:31:23 +00:00
Brent Cook d955c6a8f6 style fixes 2016-02-29 14:06:49 -06:00
Brent Cook 89b0c8a27a
Land #6571, use intent to unlock Android screens, support <= 4.3 2016-02-26 05:55:35 -06:00
wchen-r7 f3cf5a8a41 Resolve merge conflict with upstream-master
Out of date author field
2016-02-25 14:49:53 -06:00
Tim 27af59ea7c minor tweaks 2016-02-20 08:35:56 +00:00
William Vu 8a15c36770
Land #6563, VNC creds scraper uninstall location 2016-02-19 15:01:23 -06:00
William Vu bfd204ac50 Fix some cosmetic issues 2016-02-19 15:00:56 -06:00
Louis Sato 873250dbec
Land #6557, bug fix priv_migrate user migration 2016-02-19 12:03:30 -06:00
Brent Cook b58166a9a8 add android platform to the hash 2016-02-18 20:13:39 -06:00
Tim 5c92076a1e more cleanup 2016-02-14 09:15:25 +00:00
nk bc74ceb8c5 Handle errors when parsing interfaces.xml, add check for several locations 2016-02-11 15:56:58 +01:00
Tim e738b5922d fix play_youtube to work on Android 2016-02-11 07:16:40 +00:00
Tim 9791e66683 fix remove_lock to work with 4.3 devices 2016-02-11 07:10:05 +00:00
Nicolas Devillers 8118198628 Add vprint of the exception message 2016-02-10 22:47:51 +01:00
nk 1637891ece Add check for the uninstall location in vnc post module 2016-02-10 20:30:41 +01:00
Josh Hale 62dd82e653 Make fix easier to read 2016-02-10 11:24:45 -06:00
Tim a93f200851
cosmetic fixes 2016-02-10 07:51:13 +00:00
Josh Hale 4653c27167 Fix minor grammar error in description 2016-02-09 21:24:40 -06:00
Josh Hale 08a41b0a31 Fix issue when target PID not owned by session 2016-02-09 21:22:50 -06:00
Tim d544bf9311 android set wallpaper 2016-02-01 01:16:17 +00:00
Tim 96ab598835 set wallpaper 2016-02-01 01:01:24 +00:00
Josh Hale 3d4b7af6bb Update description 2016-01-30 14:35:03 -06:00
Josh Hale 413ea53984 Add found flag and touchup code 2016-01-30 14:31:45 -06:00
Josh Hale 3abb6feb3f Add autoadd feature to autoroute.rb 2016-01-29 21:34:22 -06:00
wchen-r7 6fb27a3da9 Undo path and move the out of bound check 2016-01-28 23:49:50 -06:00
wchen-r7 d515e4db64 Unwanted comment 2016-01-21 00:55:08 -06:00
wchen-r7 bda76c7340 Update lastpass_creds module 2016-01-21 00:53:16 -06:00
Martin Vigo 348ae586a7 Handle vault parsing exceptions 2016-01-15 14:54:59 -08:00
wchen-r7 315d079ae8
Land #6402, Add Post Module for Windows Priv Based Meterpreter Migration
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
wchen-r7 6deb57dca3 Deprecate post/windows/manage/smart_migrate and other things
This includes:

* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
Meatballs 7128c408c8
Land #6375, Active Directory Managed Groups Enumeration 2016-01-12 11:21:31 +00:00
Meatballs 4ba2d56f49
Just search on DN for samaccountname 2016-01-12 11:20:20 +00:00
Martin Vigo 3bee2fff70 Use native method dir 2016-01-08 16:06:24 -08:00
David Maloney 5e6620f2cf
add yard doc and lexical sorting
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
David Maloney 536378e023
move datastore kill check to kill method
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
David Maloney 9716b97e1c
split up the migration efforts
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney ad50f9a047
move default targets to constants
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Martin Vigo 8c6bdd532b Use ? for SQL queries 2016-01-07 22:50:23 -08:00
Martin Vigo b46095f3d6 Remove custom method checking file exists 2016-01-07 22:21:10 -08:00
Martin Vigo e7701b6d5f Fix incoherent method to always return a list 2016-01-07 22:17:04 -08:00
Josh 4e99c873c8 Fix issue when target_pid == current_pid 2016-01-06 19:58:07 -06:00
Josh 60c506d7fb Replace error handling methods 2016-01-06 18:53:54 -06:00
Vincent Yiu 30a866a85b Update enable_rdp.rb
Fixed some typos.
2016-01-04 09:52:57 +00:00
Kyle Gray 47f9880690
Land #6395, grammar fixes for recovery_files.rb
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
William Vu cf0e982e83
Land #6386, VNC creds module fix 2015-12-28 02:32:26 -06:00
William Vu 6b9c74eec7 Prefer gsub and nix the return 2015-12-28 02:31:47 -06:00
Josh 0de69a9d40 Add post Windows privilege based migrate 2015-12-27 19:26:21 -06:00
Jon Hart f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
karllll 431c6001a8 Fix recovery_files.rb Description grammar errors 2015-12-24 10:10:39 -05:00
Stuart Morgan d6dacd1580 Fixed bug when generating native traffic with one thread 2015-12-23 15:28:33 +00:00
Stuart Morgan 391145a4af Checking if group_filter is empty 2015-12-23 15:14:37 +00:00
g0tmi1k 2f71730484 Gather VNC null byte fix + formatting 2015-12-22 17:30:37 +00:00
Rory McNamara 45b9230efb Redirect python stderr to stdout, darwin python platform 2015-12-22 11:32:31 +00:00
Tim be9197fc97 quick fix for issues #6359 2015-12-22 03:26:31 +00:00
Tim f9d74143c3 fix typo 2015-12-22 03:25:34 +00:00
Stuart Morgan f950633d32 renamed 2015-12-21 18:16:06 +00:00
Stuart Morgan e09c2944cf Renamed module to be more descriptive 2015-12-21 18:15:39 +00:00
Stuart Morgan 4c27f381dc rubocop & msftidy 2015-12-21 18:15:19 +00:00
Stuart Morgan 8438774077 Bug 2015-12-21 18:13:58 +00:00
Stuart Morgan 0b6969afbc Rubocop. This encoding mess was the only way I could find to deal with a number of parsing errors when testing this against a multilingual domain. 2015-12-21 17:30:32 +00:00
Stuart Morgan 30e283b0ae fixup 2015-12-21 17:28:36 +00:00
Stuart Morgan 751a0708bf rubocop 2015-12-21 13:32:29 +00:00
Stuart Morgan 0c8aa0bd5c msftidy - fixed module name 2015-12-21 13:32:11 +00:00
Stuart Morgan 0081c79f39 Added comments 2015-12-21 13:31:26 +00:00
Stuart Morgan 03b904cc4e Initial version 2015-12-21 13:29:47 +00:00
Stuart Morgan 16cf3c6207 Further messing about with unicode conversions 2015-12-21 13:28:27 +00:00
Stuart Morgan e8c8c54cb0 Use a regex with a negative lookbehind to cope with CNs that contain commas 2015-12-21 11:44:37 +00:00
Stuart Morgan d8b3b15da6 Trying to fix encoding errors 2015-12-21 11:43:12 +00:00
Stuart Morgan 76f99cbc7f Fixing UTF-8 encoding errors with some strangely named groups 2015-12-21 11:11:01 +00:00
Stuart Morgan b0fca769d7 capitalisation 2015-12-21 10:39:30 +00:00
Stuart Morgan 4ed32ad3e8 Add manager user attribute 2015-12-20 22:51:37 +00:00
Stuart Morgan 9493b333df rubocop 2015-12-20 21:22:03 +00:00
Stuart Morgan c394caad27 actually made the securitygroups only option do something 2015-12-20 21:19:24 +00:00
Stuart Morgan 07caaf352b made comment match purpose 2015-12-20 21:18:21 +00:00
Stuart Morgan c0a93433af msftidy 2015-12-20 21:16:42 +00:00
Stuart Morgan 89728fd8fe Working version 2015-12-20 21:16:17 +00:00
Stuart Morgan ae09549057 New module, strating with managedby_groups 2015-12-20 20:17:06 +00:00
Stuart Morgan 28e563659f Added managedBy to group acquisition 2015-12-20 20:16:18 +00:00
Stuart Morgan d79fd9a9f3 Renamed the comments attribute to comment 2015-12-20 19:53:36 +00:00
Stuart Morgan 924017e606 Moved trust enumeration to separate PR 2015-12-20 19:46:20 +00:00
Stuart Morgan 43f8a35b12 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_filter_to_ad_tools 2015-12-20 19:43:04 +00:00
Martin Vigo 2ddac42be7 Perform Rubocop cleanup 2015-12-19 23:33:32 -08:00
Martin Vigo 2fc940cc3e Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 22:19:20 -08:00
Martin Vigo ab630166bb Decrypt Chrome and Opera cookies and msdftify code 2015-12-19 21:40:30 -08:00
Stuart Morgan 3a89d3cc70 Turns out that we dont need the report or accounts includes in there, so removing them for tidyness 2015-12-20 02:37:25 +00:00
Stuart Morgan c11c0ca7e0 Added comment about the UTF-8 encoding. This is an issue which is documented at https://github.com/rails/rails/issues/1965; namely that SQLite seems to treat ASCII text as a blob meaning that the text searches break. Encoding to UTF-8 seems to fix this. 2015-12-20 02:35:19 +00:00
Stuart Morgan 2301658611 Working 2015-12-20 02:20:59 +00:00
Stuart Morgan 7ce24969bb rubocop fixes 2015-12-20 02:02:44 +00:00
Stuart Morgan d5436c6fae msftidy is now silent 2015-12-20 02:01:11 +00:00
Stuart Morgan b8274cca01 Tested 2015-12-20 01:59:31 +00:00
Stuart Morgan b0eba24c5f Fixed verbosity bug and tidied up 2015-12-20 01:55:44 +00:00
Stuart Morgan 86294a869e No longer need the sAMAccountType lookup table 2015-12-20 01:45:10 +00:00
Stuart Morgan cdf430e689 Fixed bug relating to forgetting to add columns to the schema 2015-12-20 01:44:26 +00:00
Stuart Morgan 14f71eabdb Completing processing the sAMAccountType value 2015-12-20 01:42:25 +00:00
Stuart Morgan 5f5a297324 Adding u_, g_ and c_ parameters to the tables directly avoids most of the views 2015-12-20 01:30:24 +00:00
Stuart Morgan bb25c7606c Restructuring to add SAM_ (userAccountControl) variables as fields directly 2015-12-20 01:28:25 +00:00
Stuart Morgan 872aeccbb6 Significant simplified the hex-to-SID parsing code because we only want the RID out of it 2015-12-19 02:02:40 +00:00
Stuart Morgan 07e5f03aba Fixed 2015-12-19 01:58:29 +00:00
Stuart Morgan c7f8450775 Appears to work correctly 2015-12-19 01:11:20 +00:00
Stuart Morgan 36392ac0cd All works 2015-12-19 00:48:41 +00:00
Stuart Morgan 82c3ec5f4b Added views for users and groups table 2015-12-19 00:26:31 +00:00
Stuart Morgan ba9845818e Appears to work for the computers table (tables and view) 2015-12-18 23:22:22 +00:00
Stuart Morgan cf8f0e2483 Added userAccountControl to the computer table. Note that computer and user LDAP entries are more or less the same (user is the parent for computer), but it makes sense just for sanity and ease of use to keep them separate. 2015-12-18 22:22:56 +00:00
Stuart Morgan eade245a9e Added groupType attribute interpretation 2015-12-18 22:06:20 +00:00
Stuart Morgan e716cd79e3 Needed to use .zero? in the ? : if shorthand for the UAC variables 2015-12-18 21:55:55 +00:00
Stuart Morgan 838f74ff74 Added table creation for userAccoutControl 2015-12-18 21:45:07 +00:00
William Vu 6afcc13774 Requote file path 2015-12-18 15:41:38 -06:00
Stuart Morgan a065fc803c fixed spacing 2015-12-18 21:38:54 +00:00
Stuart Morgan 8821caa199 Added UserAccountControl constants 2015-12-18 21:37:31 +00:00
William Vu 06a2bb53bd Clean up module 2015-12-18 15:29:15 -06:00
Stuart Morgan 6d6306f6e7 Added sAMAccountType constants from MSDN 2015-12-18 21:14:39 +00:00
Stuart Morgan 5b07a35cef Added LDAP filter to identify groups of interest 2015-12-18 14:10:00 +00:00
Stuart Morgan 662010fce7 Added thread capability 2015-12-18 14:06:50 +00:00
Stuart Morgan 0a75fa333c msftidy 2015-12-18 12:14:22 +00:00
Stuart Morgan 91c8c2b9dd Trying to fix threads 2015-12-18 12:14:08 +00:00
Stuart Morgan 6f50635ab2 Strange bug with memberOf param and trying to fix up threads 2015-12-18 11:49:17 +00:00
Stuart Morgan 39bc23629a Getting ready to add thread support 2015-12-18 10:56:41 +00:00
Stuart Morgan 3c8ac89ba8 Added options to dump user membership and group membership to screen 2015-12-18 10:29:53 +00:00
Stuart Morgan 8f95ad315e Added extra user fields to database schema 2015-12-18 10:02:18 +00:00
Stuart Morgan fc45d70d25 Added extra user fields 2015-12-18 09:59:21 +00:00
Stuart Morgan b186aaa08d Added extra computer fields 2015-12-18 09:55:13 +00:00
Stuart Morgan f8b402165c Added extra computer fields 2015-12-18 09:51:04 +00:00
Stuart Morgan 805ba1d7dd Enumerate computers 2015-12-18 08:28:40 +00:00