87eb600510
Land #10611 , mRemote creds gather module fixes
...
Also update #10612 to align with these changes.
2018-09-10 15:25:09 -05:00
3ec4d2f22b
Normalize loot type OID
...
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported
Can we get some sort of standard on the OID?
2018-09-10 15:06:07 -05:00
39a2d9d2a8
save xml files as xml
2018-09-09 21:24:39 -04:00
b7da75d860
fix #10576 , fix session upgrade HANDLE_TIMEOUT
2018-09-04 16:46:33 +08:00
79736406b2
Land #10394 , Cleanup aws_ec2_instance_metadata
2018-08-15 14:51:12 -05:00
d60aa55e07
Modified regex
...
Based on the comment: https://github.com/rapid7/metasploit-framework/pull/10394#discussion_r207042496
2018-08-02 15:55:24 +02:00
ece9a72d13
Removed tabs
2018-07-30 15:07:55 +02:00
5962fa752e
Fixes in aws_ec2_instance_metadata
...
@@ -36,7 +36,7 @@ def initialize(info = {})
- unless resp =~ /^instance-id.$/m
+ unless resp =~ /^instance-id$/m
The original regex requires one character after 'instance-id' which is not present in the instance.
@@ -50,15 +50,16 @@ def check_curl
- base_resp.split(/\r\n/).each do |l|
- new_uri = base_uri.merge("./#{l}")
+ base_resp.split(/\r?\n/).each do |l|
+ new_uri = "#{base_uri}#{l}"
- key_uri = new_uri.merge("./#{key_id}/")
- key_resp = simple_get(key_uri)
+ new_uri = new_uri.slice(0..(new_uri.index(%r{/public-keys/})+'/public-keys'.length))
+ key_uri = "#{new_uri}#{key_id}/"
+ key_resp = simple_get(key_uri)
1. merge function was causing 'rescue in merge' errors
2. the split function could not succeed, there were no '\r\n' between the lines but '\n' only
3. the special case was not handled correctly
was trying to curl http://169.254.169.254/latest/meta-data/public-keys/0=Key0/ instead of http://169.254.169.254/latest/meta-data/public-keys/0/
@@ -94,6 +95,6 @@ def setup
- cmd_exec("curl #{url}")
+ cmd_exec("curl -s #{url}")
Curl was causing issues when not in silent mode.
2018-07-30 14:02:15 +02:00
6790ac1998
Reset to original
2018-07-30 10:48:32 +02:00
0433cb92ba
Fix upload_exec for absolute paths
...
Also prefer chmod 700 over 755, since it's our file.
2018-07-26 19:48:12 -05:00
408dc7793f
Update aws_ec2_instance_metadata.rb
2018-07-23 10:00:12 +02:00
4c4f0c1d3e
Update
...
Fixes for Kali linux 4.14 with ruby 2.3.
2018-07-18 10:42:51 +00:00
b4b7bf03da
Land #10171 , Implement desktop shell and screensaver post modules
2018-07-05 17:33:06 -05:00
970c164e06
fix undefined method capitalize error for array
2018-07-05 14:33:51 -07:00
c4632f44aa
Fix windows
2018-06-21 16:46:15 +00:00
2008de4080
Support Windows screensaver and locking
2018-06-21 16:46:00 +00:00
a8e9c20d6c
Make open works on windows
2018-06-20 09:23:57 +00:00
4c0ac00f38
Make screensaver works on OSX
2018-06-20 09:13:51 +00:00
351a0bd37f
Cleanup command execution code
2018-06-18 07:24:54 +00:00
a750aedb6b
Move xdg_screensaver to multi module
2018-06-18 07:19:52 +00:00
1f6b9a51ea
Remove useless import
2018-06-18 06:56:39 +00:00
8342751b05
Move xdg_open to multi module
2018-06-18 06:54:13 +00:00
b733b79533
Land #10021 , post/multi/recon/sudo_commands module
2018-06-14 16:33:50 -05:00
4df01da49a
Add GTFOBins
2018-05-25 04:20:25 +00:00
7ebe0d6dc5
Use sudo -l rather than sudo -l -l
2018-05-15 18:53:52 +00:00
17bd9aafb3
Add post/multi/recon/sudo_commands
2018-05-14 18:31:24 +00:00
cb29b4cf7a
Update Local Exploit Suggester - Fix #9974
2018-05-05 04:41:58 +00:00
cd728defed
Merge branch 'master' into land-9607-
2018-02-23 11:09:20 -06:00
f10d58bc2d
upgrade osx shells to osx meterpreter
2018-02-21 02:54:38 +08:00
eae9c60430
Disclaimer and wget support added and syntax errors fixed.
2018-02-03 02:18:30 -03:00
ae93162faf
HSTS eraser module
2018-01-22 18:53:16 -03:00
ca4feb5136
fix session upgrading
2017-10-23 01:26:45 +08:00
9b219f42c5
Land #9029 , Fix Linux post module file assumptions
2017-10-12 17:56:40 -05:00
fc66683502
fixes #8928
2017-10-01 19:49:32 -04:00
a676f600d6
fixes to more modules
2017-09-30 15:45:52 -04:00
f1be6b720b
Tweaky bits.
2017-09-22 13:38:06 -05:00
08dea910e1
pbarry-r7 comments
2017-09-17 19:38:43 -04:00
c90f885938
Finished spelling issues
2017-09-17 16:00:04 -04:00
a992a3c427
Land #8774 , Post module for gather Docker credentials
2017-09-14 10:15:03 -05:00
a0181a4d54
Land #8831 , Add Maven post-exploitation credential extraction module
...
Merge remote-tracking branch 'upstream/pr/8831' into upstream-master
2017-09-08 00:37:03 +02:00
a8067070f2
Fix typo
2017-08-26 17:52:11 +02:00
801e3e2d68
Replace REXML with Nokogiri and try to cross id with mirror/repository tag
2017-08-25 18:28:09 +02:00
abaf80f3df
jmartin improvements (iter on keys + save as credentials)
2017-08-25 18:15:24 +02:00
be2739d335
Transform loots into creds
2017-08-22 11:57:51 +02:00
cde319a5ec
Optim module and add doc
2017-08-18 19:30:41 +02:00
b529c3551c
Remove unused variable
2017-08-18 19:00:32 +02:00
ea5370486f
minor unused variable fixes
2017-08-17 16:46:51 -04:00
9c196041ce
update youtube urls in post exploit module
2017-08-17 16:44:35 -04:00
b4055a8071
Rename command
2017-08-14 23:26:18 +02:00
55db70ec3e
Handle case when locate is not here by using enum_directories_map
2017-08-14 23:25:01 +02:00
William Vu
h00die
Tim W
Adam Cammack
reka193
Brent Cook
thesubtlety
Eliott Teissonniere
Brendan Coles
UnaPibaGeek
Pearce Barry
Jeffrey Martin
Brent Cook
Erik Lenoir
Jon P