Commit Graph

736 Commits (5b6938e9423e662446c52c8700ef54e9c52cbba5)

Author SHA1 Message Date
Jon Hart a692a5d36c
Remove Platform, this should work everywhere; correct grammar 2015-11-25 11:23:18 -08:00
Stuart Morgan 09d4bd8175 Added basic function definition for non-Win32API egress 2015-11-24 15:38:06 +00:00
Stuart Morgan 4ea732716a Added file 2015-11-24 15:37:44 +00:00
Jon Hart 718e928fe3
Control per-user config file 2015-11-23 11:11:03 -08:00
Jon Hart 93bb31dfa0
Make path to rsyncd configuration file configurable 2015-11-21 19:50:33 -08:00
Martin Vigo f34c7a8594 Support for new Firefox method to store credentials 2015-11-20 23:42:59 -08:00
Jon Hart aa962f30a9
Minor style/usability cleanup 2015-11-20 13:51:31 -08:00
Jon Hart a96102c20a
Minor cleanup 2015-11-20 13:19:38 -08:00
Jon Hart c75e3c8e84
Initial commit of a post module for looting rsync credentials 2015-11-20 12:57:33 -08:00
Rory McNamara 811167442c Re-disable debugging nodelete 2015-11-17 13:10:03 +00:00
PsychoMario 2b99969f9a quote paths to allow spaces 2015-11-15 00:14:30 +00:00
PsychoMario e3f25fd6e2 Add support for specifying path, file in bourne dropper 2015-11-14 18:31:11 +00:00
Jon Hart 38ca943219
Remove unneeded width arg 2015-11-13 11:49:50 -08:00
Jon Hart 4604f8cd83
Move cowsay to Rex::Text so that everyone can enjoy it ;) 2015-11-13 08:57:48 -08:00
Martin Vigo 211da2746e Support cookie auth key decryption 2015-11-11 16:26:07 -08:00
Jon Hart 15cfa925c8
Document the cloud mess 2015-11-11 12:06:53 -08:00
Jon Hart a328675f77
Add simulated cowsay support to wall 2015-11-11 11:54:46 -08:00
Jon Hart 8d21a91f3e
Add initial wall module 2015-11-11 09:15:32 -08:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
jvazquez-r7 20679ea6c6
Land #5720, @g0tmi1k's changes to firefox_creds post module 2015-11-05 15:36:08 -06:00
Martin Vigo b0f92b49a2 Print vault passwords 2015-11-01 21:47:00 -08:00
Martin Vigo e67065a7e9 Fix Firefox/Opera bugs 2015-10-26 22:40:47 -07:00
Martin Vigo da9420a915 Retrieve randkey from LastPass 2015-10-26 19:17:09 -07:00
jvazquez-r7 6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions 2015-10-02 15:26:42 -05:00
jvazquez-r7 8bfa5bcd09
Do some more minor code cleaning 2015-09-04 13:08:27 -05:00
jvazquez-r7 ac49c80367
Do minor code cleanup 2015-09-04 12:46:21 -05:00
jvazquez-r7 60d2856444
Use id instead of whoami 2015-09-04 12:02:21 -05:00
jvazquez-r7 4fa58efaa0
Allow to configure the DOWNLOAD_TIMEOUT 2015-09-04 11:54:22 -05:00
g0tmi1k eb43241425 Firefox_creds more stable/bug fixs (Linux/OSX) 2015-08-27 11:43:53 +01:00
HD Moore d264802ce0 Consistency and API conformance changes to LES 2015-08-21 12:38:58 -05:00
wchen-r7 4a91dfdcf5
Land #5873, report_note for local_exploit_suggester 2015-08-20 17:52:33 -05:00
Mo Sadek b20a283617 Added report_note to suggester 2015-08-20 13:57:16 -05:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
Brent Cook 9720e8e081 normalize osx to darwin so python meterp works 2015-08-15 19:49:55 -05:00
Brent Cook 422bba87d3 style fixes, moved google_geolocate to google/geolocate 2015-08-15 19:49:32 -05:00
Tod Beardsley 50041fad2a
Pre-Bloggery cleanup
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.

Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.

Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823, mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
Mo Sadek 7f0d992914 Fixed name typo 2015-08-11 11:51:52 -05:00
wchen-r7 34279776a6 Minor edit 2015-07-30 18:40:41 -05:00
wchen-r7 fc4fdba482 Merge branch 'suggestor' of https://github.com/MSadek-r7/metasploit-framework into pr5788 2015-07-30 18:31:49 -05:00
wchen-r7 08338b73b2 Add get_target_arch and get_target_os
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
Mo Sadek af55ef7352 Added session.present? 2015-07-30 10:10:42 -05:00
Mo Sadek 7aa78dfd4e Revamped os, platform, arch detection. Added count for exploits being tried 2015-07-30 09:36:02 -05:00
Mo Sadek 1521c8f87e Reworded to no suggestions available 2015-07-29 17:40:27 -05:00
Mo Sadek 66489202fc Added error message if no exploits are found 2015-07-29 17:31:23 -05:00
Mo Sadek b58c6248fe Fixed ShowDescription bug 2015-07-29 16:52:06 -05:00
Mo Sadek 2cddfda0a0 wchen-r7's fixes, fixed indentation, removed newlines, added desc. 2015-07-29 16:13:50 -05:00
Mo Sadek c725f74d46 Add Local Exploit Suggestor
Resolve #5647
2015-07-29 13:19:51 -05:00
Martin Vigo a3365a9c7f Add key, 2fa, iterations and otp support 2015-07-28 00:15:08 -07:00
g0tmi1k 7c3e79f72d Smarter way to download via meterpreter
...less chance of data crupterion
2015-07-27 19:49:06 +01:00
James Lee 52e4f45ecd
Use the new thing in wlan_geolocate 2015-07-20 20:24:07 -05:00
James Lee d6e12d431f
Style and whitespace 2015-07-20 19:40:25 -05:00
g0tmi1k d5c57d9d6e Use creds API 2015-07-16 16:05:59 +01:00
g0tmi1k 074ed20f1c Fix Firefox_Creds
...isn't perfect.
2015-07-14 13:33:48 +01:00
g0tmi1k d795b2f831 Module cleanup 2015-07-11 19:40:21 +01:00
Martin Vigo 0e5e8032ad Add Firefox 2FA support 2015-06-30 21:02:10 -07:00
Martin Vigo 5b0647a1f2 Add support to steal 2FA token 2015-06-29 22:20:38 -07:00
jvazquez-r7 834c0e594a
Update multi modules 2015-06-29 11:36:28 -05:00
jvazquez-r7 f216841d01
Update enum_vbox 2015-06-22 17:54:17 -05:00
jvazquez-r7 c20d2a1dd9
Update post/multi/gather/env
* Use cmd_exec
2015-06-22 16:20:46 -05:00
wchen-r7 5a548c3792
Land #5453, Update dbvis_enum to use the new cred API 2015-06-19 11:35:07 -05:00
g0tmi1k ce9481d2b7 Inconstancy - If datastore['VERBOSE'] vs vprint 2015-06-18 09:27:01 +01:00
William Vu ef825fb4bf
Land #5530, shell_to_meterpreter improvements 2015-06-16 14:29:15 -05:00
g0tmi1k 33139c4ecd shell_to_meterpreter minor improvements 2015-06-16 20:42:47 +01:00
g0tmi1k a53ca53a6a Fix inconstancy - multi/handler 2015-06-12 21:23:51 +01:00
wchen-r7 e43163135b Add module_fullname: fullname, 2015-06-02 12:33:34 -05:00
root 7485cf776e Remove unnecessary spaces 2015-06-02 14:18:36 +05:00
root b4cfe93977 Add creds API 2015-06-02 14:16:16 +05:00
wchen-r7 b98cc89f0c Update filezilla_client_cred to use the new cred API 2015-06-02 00:22:17 -05:00
root 17c0af6380 Consistent column names 2015-05-29 11:08:24 +05:00
root 101f12b9d2 Remove base64 require 2015-05-29 10:38:06 +05:00
root 3ac5088a9a Add decryption.final for proper padding 2015-05-29 10:33:55 +05:00
root 2756c7375e Add datastore options 2015-05-28 10:58:36 +05:00
root 1ab49397a2 Decrypt encrypted passwords 2015-05-28 10:21:00 +05:00
wchen-r7 43e9244b4c Fix #5134, Put store_loot back
Fix #5134

store_loot was used at one point, but we ended up removing it.
Turns out store_loot is handy in some cases so we're brining it back.
2015-04-17 16:33:51 -05:00
g0tmi1k fc6860672b Fix merge conflict due to #5527
...my mistake
2015-03-21 01:57:13 +00:00
g0tmi1k faa7ed2b68 shell_to_meterpreter - more options, more verbose
...less bugs!
2015-06-13 17:37:41 +01:00
William Vu 7d7139d769
Consistent-ize whitespace 2015-01-27 11:11:02 -06:00
Tod Beardsley d8200c65a8
Strip safely, avoid nil.strip errors 2015-01-27 11:06:55 -06:00
William Vu 5b3d877b25
Land #4648, for real 2015-01-27 11:00:22 -06:00
William Vu a88a631b66
Fix #strip 2015-01-27 10:58:24 -06:00
Tod Beardsley d2bf1a73ff
Don't need to require YAML anymore either 2015-01-27 10:40:57 -06:00
Tod Beardsley cafbd1af51
Prefer a regex over YAML parsing
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
William Vu d53f4e1178
Fix bugs and make final changes 2015-01-26 23:29:10 -06:00
Jonathan Claudius 2bb9314b4b Switch to unless conditional 2015-01-27 00:10:33 -05:00
Jonathan Claudius 1f9286da69 Undo logic reversage 2015-01-26 23:54:41 -05:00
Jonathan Claudius a9e480e44a Fixed tilde 2015-01-26 23:53:08 -05:00
Jonathan Claudius eed9fbe024 Lose assignment in conditional 2015-01-26 23:48:08 -05:00
Jonathan Claudius c496d2c987 Remove nil check 2015-01-26 23:43:31 -05:00
Jonathan Claudius c29b7488b2 Fix double new line 2015-01-26 23:40:19 -05:00
Jonathan Claudius d77f112e82 Minor Formatting 2015-01-26 23:31:36 -05:00
Jonathan Claudius 06485d8c89 Fix naming of things 2015-01-26 23:17:44 -05:00
Jonathan Claudius 685c4804e5 Add trailing return 2015-01-26 23:15:00 -05:00
Jonathan Claudius 6b6e47a237 Fix sessiontypes, again 2015-01-26 23:13:17 -05:00
Jonathan Claudius 747349a57a Fix sessiontypes 2015-01-26 23:11:48 -05:00
Jonathan Claudius ee7ecb349d Fix description 2015-01-26 23:10:08 -05:00
Jonathan Claudius 106170eddc Add multi to name 2015-01-26 23:08:43 -05:00
Jonathan Claudius a3c7cf70f8 Make MSF Tidy more happy 2015-01-26 22:30:26 -05:00
Jonathan Claudius d37b3cf0c3 Use next instead of return 2015-01-26 22:26:56 -05:00
Jonathan Claudius f58dc2789f Remove creds 2015-01-26 22:13:15 -05:00
Jonathan Claudius a27c376ae7 Add service port and host 2015-01-26 22:06:07 -05:00
Jonathan Claudius dd34b58e49 Add add loot 2015-01-26 22:01:38 -05:00
Jonathan Claudius 3889ed5784 Add cred login 2015-01-26 21:50:10 -05:00
Jonathan Claudius eead063375 Add RubyGems API Post Gather Module 2015-01-26 20:53:39 -05:00
jvazquez-r7 43e0afeaed Delete 's' typo 2015-01-19 12:55:35 -06:00
jvazquez-r7 79a24f80b8 Use constant for play options 2015-01-19 12:50:40 -06:00
jvazquez-r7 652400451e Delete extra k 2015-01-19 12:35:26 -06:00
IMcPwn 50d43f118b Make URLs better
Removes YouTube logo, loops, hides video controls at bottom, disables keyboard controls, doesn't show info about the video on the top, hides video annotations, and doesn't show related videos at the end.
2015-01-19 12:27:18 -05:00
EricGershman 0496bb16bc Minor spelling fix 2015-01-07 23:43:59 -05:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
jvazquez-r7 54de805b7a Report credentials
* Even when we are not associating them to hosts
* It's a post module so maybe we cannot solve some names
2014-11-17 12:49:18 -06:00
jvazquez-r7 b3b37c7c9f Use longer description lines 2014-11-17 12:23:22 -06:00
Jon Hart d5afb2b766 %q 2014-11-17 09:01:14 -08:00
Jon Hart ce73e32673 Doc and named captures 2014-11-17 09:01:14 -08:00
Jon Hart bf05fe1389 Refactoring, simplification, better print_* 2014-11-17 09:01:14 -08:00
Jon Hart 6e1cdfde36 Rip out create_credential* stuff. Use what works 2014-11-17 09:01:14 -08:00
Jon Hart e5bb13a609 If remmina config files are missing data for creds, tell me what 2014-11-17 09:01:14 -08:00
Jon Hart 875d1f9ea0 Convert Remmina credential gatherer to use new credentials model 2014-11-17 09:01:14 -08:00
Jon Hart 086f0c02d6 Remove excessive logging 2014-11-17 09:01:14 -08:00
Jon Hart 90e58e9e71 Binary encoding 2014-11-17 09:01:14 -08:00
Jon Hart e76373340e Correct some Rubocop things that I agree with 2014-11-17 09:01:14 -08:00
Jon Hart f729a6cf02 Add Remmina RDP/SSH/VNC password gathering 2014-11-17 09:01:13 -08:00
Jon Hart c765100efd
Land #4004, @martinvigo's LastPass master password extraction module 2014-10-22 16:34:54 -07:00
Jon Hart 29b61984c5 Update to use correctly joined path 2014-10-22 16:34:17 -07:00
Tim Wright b8c3fadb9e python 3 is supported now too :) 2014-10-22 20:10:48 +01:00
Tim Wright 8c3c73a72d inline the error message 2014-10-22 20:08:14 +01:00
Tim Wright 2ab73688dc use framework.threads to launch cleanup thread 2014-10-22 19:40:29 +01:00
Tim Wright 22fc6496ac Merge branch 'pr/3401' into landing-3401 2014-10-22 19:23:01 +01:00
Jon Hart 88c1647c80 Loot the passwords, obviously 2014-10-19 13:11:10 -07:00
Jon Hart 0971d7c3ac Remove ... from prints, only map a browser if we found something 2014-10-19 13:05:11 -07:00
Jon Hart 967800eed0 Track account name for more useful table and prints 2014-10-19 12:59:51 -07:00
Jon Hart 5a05246682 Consistent case in *print_* 2014-10-19 12:30:50 -07:00
Jon Hart a30663e412
Fix multiuser LastPass extraction, print/vprint cleanup 2014-10-17 17:40:19 -07:00
Jon Hart d2a00b208e Minor style cleanup to appease Rubocop 2014-10-17 12:50:18 -07:00
Jon Hart d97fe548b9 Store the browser name in LastPass loot 2014-10-17 11:33:31 -07:00
Jon Hart 43238c7324 Simplify LastPass extraction. Track what browser that puked creds 2014-10-17 11:19:36 -07:00
Jon Hart 9177b931fd Refactoring of LastPass module to use correct Firefox path on *nix 2014-10-17 10:20:55 -07:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Martin Vigo 36d6220f8f Make use of Rex::Ui::Text::Table 2014-10-15 23:13:53 -07:00
Martin Vigo bb421859d3 Refactor code and add support for all Windows 2014-10-15 22:15:54 -07:00
Martin Vigo c7e0ced02b Remove useless conditions 2014-10-15 21:29:47 -07:00
Martin Vigo 2bdc703930 Remove useless condition 2014-10-15 21:16:06 -07:00
Martin Vigo 5fa39782b8 Fix unused variable 2014-10-15 21:10:50 -07:00
Martin Vigo 8fc0f0955e Add support for Firefox 2014-10-15 20:44:20 -07:00
Martin Vigo 47794510c3 Add support for Firefox in XP 2014-10-15 20:44:19 -07:00
Martin Vigo 484d98d0a8 Meet rubocop and msftify rules 2014-10-15 20:17:36 -07:00
Martin Vigo 85e6febe09 Add module to extract/decrypt LastPass credentials 2014-10-15 20:17:36 -07:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Tom Sellers 6315710697 Update for most recent PowerShell.rb
This update makes the module compatible with Meatballs' march PowerShell changes mentioned earlier (lines 112/113).  It also includes changes recommended by Timwr and about 2/3 of the issues mentioned by Rubocop.  I didn't make some of the Rubocop changes based on HD's comments in IRC that it was still being tuned to meet the project's requirements.
2014-08-02 15:32:45 -05:00
sinn3r 6048f21875
Land #3552 - Correct DbVisualizer title name 2014-07-21 13:07:33 -05:00
sinn3r 73e665b863
Land #3542 - Multi Manage DbVisualizer Query 2014-07-21 13:02:19 -05:00
sinn3r fbbaaf2e2a Fix spaces and module description 2014-07-21 13:01:18 -05:00
Tod Beardsley a41768fd7d
Correct DbVisualizer title name
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.

Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
sinn3r c59d72b0c6
Land #3530 - dbvis database administrator 2014-07-17 14:36:34 -05:00
sinn3r 6d35867f7f Update module description 2014-07-17 14:24:57 -05:00
sinn3r 8e7361d952 Fix indent again 2014-07-17 14:12:04 -05:00
sinn3r aed8af3abc Retabbed 2014-07-17 14:03:27 -05:00
sinn3r d6ab418d6f Fix spaces 2014-07-17 13:52:00 -05:00
David Bloom b4e68a7c25 Update dbvis_query.rb 2014-07-17 19:21:35 +02:00
David Bloom 0f92b73f1a Update dbvis_add_db_admin.rb 2014-07-17 10:14:28 +02:00
David Bloom 561ef427cc Update dbvis_query.rb 2014-07-17 10:13:58 +02:00
David Bloom 60c71b2681 Update dbvis_add_db_admin.rb 2014-07-17 10:11:13 +02:00
David Bloom 8f9a1e485c Delete dbvis_query.rb 2014-07-17 08:05:18 +02:00
David Bloom 1c8cac359c Added video link 2014-07-17 08:02:27 +02:00
David Bloom 7bee4db1d7 dbvis_query.rb add 2014-07-17 07:48:17 +02:00
Trevor Rosen bebf11c969
Resolves some Login::Status migration issues
MSP-10730
2014-07-16 21:52:08 -05:00
David Bloom 4a25bb4247 Update dbvis_add_db_admin.rb 2014-07-17 02:01:50 +02:00
David Bloom 52bdc5364c Update dbvis_query.rb 2014-07-16 18:52:27 +02:00
David Bloom 200c122ecd Update dbvis_query.rb 2014-07-16 18:48:15 +02:00
David Bloom 31e38cee23 Update dbvis_add_db_admin.rb 2014-07-16 18:45:38 +02:00
David Bloom 5f38ad5e10 Update dbvis_add_db_admin.rb 2014-07-16 18:30:23 +02:00
David Bloom c3b87e2e6c Update rigth on dbviscmd check 2014-07-16 18:27:19 +02:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
David Bloom 90932116f8 Update dbvis_query.rb
Minor changes
2014-07-16 15:44:48 +02:00
David Bloom b4aca68406 Update dbvis_query.rb 2014-07-16 15:10:07 +02:00
David Bloom 17b2169b9d Create dbvis_query.rb
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases (With GUI).
The remote database can be accessed from the command line without the need to authenticate.
The module abuses this functionality to query the remote database and store the result.
2014-07-16 14:51:24 +02:00
David Bloom b602fc89a3 Update dbvis_add_db_admin.rb
Corrections
2014-07-16 13:42:58 +02:00
David Bloom 875c024243 create dbvis_add_db_admin.rb
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases (With GUI).
The remote database can be accessed from the command line without the need to authenticate.
The module abuses this functionality to create an administrator in the database if DB user rights allow it.
2014-07-15 21:43:14 +02:00
sinn3r 1d6f088eab Pass msftidy 2014-07-15 11:31:37 -05:00
David Bloom 526538ecd6 Added dbvis version find and print 2014-07-15 15:04:46 +02:00
David Bloom 97dcc56225 Update dbvis_enum.rb 2014-07-15 14:23:40 +02:00
David Bloom 400b0f4276 parse url to report host in old config 2014-07-15 14:21:09 +02:00
David Bloom f3d953f829 Old config file update
Added functions to parse old and new config files.
2014-07-15 14:00:29 +02:00
David Bloom ac3d453002 Update dbvis_enum.rb 2014-07-15 12:33:07 +02:00
David Bloom a53341f520 Added compatibility with dbvis <= 6
Checking for "config" folder existence if "config70" is not found.
2014-07-15 12:14:38 +02:00
sinn3r cc1ba265cb Change module name for consistency 2014-07-14 15:49:19 -05:00
sinn3r 4d7bffd713 Change header 2014-07-14 15:45:17 -05:00
sinn3r 5a821cea9d Account for EOFError condition 2014-07-14 15:27:40 -05:00
sinn3r 89a877031f I mean "unless", not "if" 2014-07-14 15:24:53 -05:00
sinn3r bec32a01ab For for missing an end 2014-07-14 15:17:54 -05:00
sinn3r cecdcef2e2 + not preferred 2014-07-14 15:14:54 -05:00
sinn3r 0737deb2a3 Remove the last exception handler
We're already checking the file path with file?(), so we don't need
to use exception handling for this task anymore.
2014-07-14 15:02:23 -05:00
sinn3r 8fe3f1a077 File should be checked for existence before reading 2014-07-14 15:01:03 -05:00
sinn3r 20e5803592 Author's Twitter handle should be a comment
msfconsole treats whatever is in <> as the author's email, not
twitter handle
2014-07-14 14:57:36 -05:00
sinn3r 3b6947c1d7 Use Rex to check IPv4 instead of using resolv 2014-07-14 14:56:38 -05:00
sinn3r b5e556519b Change = to ==
This is an if condition, not an assignment
2014-07-14 14:53:27 -05:00
sinn3r 8f51fd0e45 Retabbed and reformatted 2014-07-14 14:39:34 -05:00
David Bloom 72d9587a50 DbVisualizer stores the user database configuration in dbvis.xml
This module retrieves the connections settings from this file
2014-07-14 20:08:48 +02:00
David Bloom 667b1363f3 Delete dbvis_enum.rb 2014-07-14 10:57:53 +02:00
David Bloom 0ef0f6aae1 Update dbvis_enum.rb 2014-07-14 10:54:43 +02:00
David Bloom bcbb0b4fde dbvis connections gathering
DbVisualizer stores the user database configuration in dbvis.xml.
This module retrieves the connections settings from this file.
2014-07-14 10:49:20 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
James Lee 62a2f1dc0a
Credential -> Model for realm key constants 2014-07-10 14:30:25 -05:00
Tom Sellers 0822713f2e Hide unneeded options 2014-06-21 11:39:52 -05:00
Tom Sellers cec3ca1df6 Improve detection of failed uploads
leaving aborted = nil was causing unexpected behavior when the upload failed.  Explicitly setting aborted = false by default corrects this issue.
2014-06-21 10:12:17 -05:00
David Maloney 2b0bb608b1
Merge branch 'master' into staging/electro-release 2014-06-18 10:49:58 -05:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
James Lee a3eea2f712
Add better handling of host and port 2014-06-13 15:22:09 -05:00
William Vu 4593c309f5 Fix a dummy because I can't read 2014-06-12 19:10:24 -05:00
William Vu 9d89730026
Use realm instead of private 2014-06-12 18:46:13 -05:00
William Vu 5d19410294
Don't use getaddress with session.session_host 2014-06-12 18:30:51 -05:00
William Vu 74cb5cd79e
Fix bad copypasta 2014-06-12 13:17:12 -05:00
William Vu 89434a75c3
Fix bad indent 2014-06-12 13:10:50 -05:00
William Vu 512395395b
Refactor pgpass_creds creds 2014-06-12 13:08:47 -05:00
Luke Imhoff 4d923a4809
Update to Rubyzip 1.X API
MSP-10004

`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
David Maloney 90c63efaeb
refactor ssh_creds post module
the sssh_ creds post module now stores
SSH Keys as Metasploit::Credential objects
2014-06-09 11:49:49 -05:00
Tom Sellers af569449d9 Code cleanup
Fixes based on response from @timwr and @kernelsmith.
Retested with Ubuntu and Metasploitable 2 to validate proper payload. Also tested for port conflict detection after the change.  Returning false on line 243 simplifies the if logic on line 251/252.
2014-05-29 18:27:17 -05:00
Tom Sellers 2f811381dc Update shell_to_meterpreter.rb 2014-05-29 06:17:31 -05:00
Tom Sellers 6a30a49bcf Update shell_to_meterpreter.rb 2014-05-29 06:08:42 -05:00
Tom Sellers f956c8d94f Create shell_to_meterpreter.rb 2014-05-27 06:12:09 -05:00
Tom Sellers 2b8dd9139c Fix cosmetic issue
Fix cosmetic issue /w email address when it is output via 'info' or the Rapid7 module page.
2014-05-11 16:14:51 -05:00
Tom Sellers d4c0d015c1 Update wlan_geolocate.rb
Updated based on feedback.  Also added enumeration only support for BSD and Solaris.
2014-04-24 07:04:50 -05:00
Tom Sellers 2fd004b69e New module: Multiplatform Wireless LAN Geolocation
This is a new POST module that allows Windows, Linux, and OSX targets to be geolocated using Google services if the target has an active and functional wireless adapter.
2014-04-19 17:31:48 -05:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
OJ 3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
2014-03-11 23:13:39 +10:00
David Maloney 42a730745e
Land #2418, Use meterpreter hostname resolution 2014-02-28 14:45:39 -06:00
William Vu a4035252d6 Land #1910, DISCLAIMER for firefox_creds
Fixed conflict in Author.
2014-02-12 16:32:08 -06:00
sinn3r d1d45059f2 use session_host instead 2014-01-10 18:27:03 -06:00
sinn3r 8534f7948a Change the post module's default api key as well (to Metasploit's) 2014-01-10 17:59:51 -06:00
sinn3r 238d052073 Update description
key is no longer required.
2014-01-10 04:02:01 -06:00
sinn3r da273f1440 Update the use of report_note 2014-01-10 01:49:07 -06:00
sinn3r 807d8c12c7 Have a default API key
Modules now should have a default API key. See the following for
details:
http://blog.virustotal.com/2012/12/public-api-request-rate-limits-and-tool.html
2014-01-10 01:26:42 -06:00
sinn3r a99e2eb567 Update the post module 2014-01-08 18:41:22 -06:00
sinn3r 130a99f52b Add a post module that checks with VirusTotal with a checksum
This post module will submit a SHA1 checksum to VirusTotal to see
if it's a malicious file.
2014-01-08 18:26:40 -06:00
OJ 9fb081cb2d Add getenvs, update getenv, change extract_path use
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.

Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.

The meterpreter console `getenv` command now uses `getenvs`
2013-12-19 11:54:34 +10:00
Tod Beardsley c4b8178663
Correct camelCase of YouTube 2013-12-18 14:06:45 -06:00
Tod Beardsley 040619c373
Minor description changes
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
sinn3r 1bcaffccc8 Make sure profile name is random 2013-12-12 16:19:06 -06:00
sinn3r 036955983d Add support for Linux, thanks @jvennix-r7! 2013-12-12 16:12:36 -06:00
sinn3r 7d12ced66e Remove unnecessary require statements 2013-12-12 13:49:54 -06:00
sinn3r ce18ac4c62 fix comment 2013-12-12 12:49:46 -06:00
sinn3r 97e9daaa6a Change title 2013-12-12 12:42:07 -06:00
sinn3r de087d134a Account for error 2013-12-12 12:41:05 -06:00
sinn3r 7ff0f4a2e7 move to multi for real 2013-12-12 12:35:58 -06:00
Meatballs 7f048bcd2c
Merge HOSTFILE and CSV input
And remember to uniq the array.
2013-11-24 15:28:44 +00:00
Meatballs 511d176128
Add hostfile resolution 2013-11-24 15:20:04 +00:00
James Lee faf6be4529
Missed an errant require
Wasn't even using it anyway
2013-11-05 14:00:55 -06:00
James Lee 9e30c58495 Blow away remnants of Local::Unix 2013-11-05 13:51:45 -06:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley f0aedd932d
More stragglers 2013-10-16 16:29:55 -05:00
Tod Beardsley 5d86ab4ab8
Catch mis-formatted bracket comments. 2013-10-15 14:52:12 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
Tod Beardsley 63e40f9fba
Release time fixes to modules
* Period at the end of a description.
  * Methods shouldn't be meth_name! unless the method is destructive.
  * "Setup" is a noun, "set up" is a verb.
  * Use the clunky post module naming convention.
2013-10-14 15:17:39 -05:00
Meatballs 378f403fab
Land #2453, Add stdapi_net_resolve_host(s) to Python Meterpreter.
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
2013-10-10 20:13:06 +01:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
Spencer McIntyre be139beb20 Remove windows from title of multi module. 2013-10-09 17:11:47 -04:00
Spencer McIntyre 6c382c8eb7 Return nil on error, and move the module to post/multi. 2013-10-09 16:52:53 -04:00
Tod Beardsley 4266b88a20
Move author name to just 'joev'
[See #2476]
2013-10-07 12:50:04 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
James Lee 9a555d8701 Fix the modules added since the branch 2013-09-17 18:25:12 -05:00
James Lee 150f0f644e Merge branch 'rapid7' into bug/osx-mods-load-order
Conflicts:
	modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
James Lee 58b634dd27 Remove unnecessary requires from post mods 2013-09-12 14:36:01 -05:00
jvazquez-r7 4f1db80c24 Fix requires in new post modules 2013-09-10 11:13:07 -05:00
Tod Beardsley aff35a615b Grammar fixes in descriptions 2013-09-09 15:09:53 -05:00
jvazquez-r7 ffa600ff8b Fix really the check method 2013-09-06 10:21:18 -05:00
jvazquez-r7 9b9e1592fd Retab changes 2013-09-06 10:13:38 -05:00
jvazquez-r7 a64f960bfc Merge for retab 2013-09-06 10:12:55 -05:00
jvazquez-r7 d9fed860a5 Fix check method 2013-09-06 10:11:06 -05:00
Tab Assassin b720fc215b Retab changes for PR #1910 2013-09-05 14:40:18 -05:00
Tab Assassin fc8ad8c633 Merge for retab 2013-09-05 14:40:11 -05:00
Tab Assassin 845bf7146b Retab changes for PR #2304 2013-09-05 13:41:25 -05:00
Tab Assassin adf9ff356c Merge for retab 2013-09-05 13:41:23 -05:00
Tab Assassin 9f3a5dc5d0 Retab new modules 2013-09-04 12:32:53 -05:00
Tab Assassin 999b802468 Merge branch 'master' into retab/rumpus 2013-09-04 12:32:05 -05:00
sinn3r bcc0152274 Correct metasploit_pcaplog's naming style
The naming style nazi is in town. ph33r.
2013-08-31 18:25:06 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
James Lee 63adde2429 Fix load order in posts, hopefully forever 2013-08-29 13:37:50 -05:00
Joe Vennix f823290a4c Add nc check. Prints successful binary match.
* kills session nil check
2013-08-27 17:21:18 -05:00
Joe Vennix 067b8f3c59 Adds session existence check. Moves error log path to datastore option. 2013-08-27 11:44:21 -05:00
Joe Vennix 8a8f80e097 Move error log path to datastore option. 2013-08-27 11:43:20 -05:00
Joe Vennix 5cc4ef09d1 Move previous error log path to method. Renames the #check method. 2013-08-27 11:25:00 -05:00
Joe Vennix 87c03237a9 Fix discrepencies between unix/osx with whereis cmd. 2013-08-27 03:17:14 -05:00
Joe Vennix 98b21471ed fix some bugs in cups_root_file_read module. 2013-08-27 03:03:08 -05:00
Joe Vennix 34404ee067 Commit cups module. Tested on osx 10.7, 10.8, and unpatched ubuntu 12.0.4. 2013-08-25 14:30:11 -05:00
Tod Beardsley 8431eb7a79 Msftidy fixes, also use correct possessive plurals
http://englishplus.com/grammar/00000132.htm
2013-08-05 09:43:38 -05:00
xard4s 1953473e1f added advanced option 2013-06-10 16:09:31 -04:00
xard4s bc7066a8b6 added user warnings 2013-06-06 08:02:32 -04:00
xard4s 182863f1a4 addressing feedback/updated description 2013-06-04 17:15:42 -04:00
sinn3r cb31772302 Fix indent 2013-06-04 11:37:16 -05:00
xard4s 423a33b1fc Added firefox pw decryption support 2013-06-03 13:13:59 -04:00
David Maloney b0f5255de8 fix ssh_creds username
ssh_creds post module as not saving
the username in the cred objects
2013-05-05 16:31:28 -05:00
James Lee e3ee0d7913 Don't try to download '.' or '..' as files 2013-02-08 11:25:17 -06:00
jvazquez-r7 fbbac2bd51 make module msftidy compliant 2013-01-24 21:37:04 +01:00
jvazquez-r7 2419e55603 Merge branch 'feature/rm7581-sudo-improved-with-PASSWORD-option' of https://github.com/lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7581-sudo-improved-with-PASSWORD-option 2013-01-24 21:36:40 +01:00
lmercer 3b65f31d95 post/multi/manage/sudo improved with the PASSWORD option
as described in Redmine Feature #7581
2013-01-23 15:23:40 -05:00
sinn3r 8b70a94b34 Updates the progress function
Because the previous one was wrong.
2013-01-21 00:30:43 -06:00