86c73e92d4
Add ability to remotely start registry for read
2012-10-21 01:34:34 -04:00
431dc31eac
proxy parsing post module
2012-10-20 23:25:40 -04:00
a16e3704d8
fix HOSTFILE parsing issues
2012-10-20 18:10:51 -04:00
fedef90937
Add PTR lookups and extend A to support list in file
2012-10-20 11:32:23 -04:00
201518b66f
msftidy corrections
2012-10-17 17:22:26 -05:00
97ac7fa184
Merge branch 'module-wle-service-permissions' of git://github.com/zeroSteiner/metasploit-framework
2012-10-14 18:27:32 -05:00
694eacfc4b
performance fix for host discovery post modules
2012-10-12 16:43:42 -04:00
f5302bfc49
add deprication warning to the original module
2012-10-12 13:49:25 -04:00
b8e880bf82
Merge branch 'post-module-sdel' of https://github.com/bmerinofe/metasploit-framework into bmerinofe-post-module-sdel
2012-10-10 13:42:20 -05:00
21d1a5857a
Adding Iterations options
2012-10-10 12:32:30 +02:00
7b45ef6038
Applying changes. Blocks -Begin .. End- deleted
2012-10-09 21:52:49 +02:00
f3e94d2ee2
extend dep to 3 months and use print_error
2012-10-04 16:42:08 -04:00
cf8501775a
re-add bypassuac post mod w/ deprication warning
2012-10-04 16:31:20 -04:00
3f2fe8d5b4
port bypassuac from post module to local exploit
2012-10-04 14:31:23 -04:00
8473aafdd5
added sdel post meterpreter module
2012-10-02 01:35:53 +02:00
c5f863b0b9
minor fixes and msftidy compliant
2012-09-29 23:35:53 +02:00
19675b3bea
changed report to be more verbose
2012-09-28 19:02:15 +01:00
fa03eddbdc
extended identification technique
2012-09-28 16:44:03 +01:00
ddb3f27035
added Tomacat Server Enumeration Module
2012-09-28 00:40:17 +01:00
e7281e0085
Merge branch 'master' into module-enumdb
...
Fixing up the merge conflicts caused mostly by the CRLF's (fixed in the
parent commit to this one), and probably by failing to merge from
master on sectorix's side.
Conflicts:
modules/post/windows/gather/enum_db.rb
2012-09-26 08:42:24 -05:00
5bd39536a2
Reformatting with Unix linefeeds.
...
For the curious, I like this procedure a lot, it's my new favorite:
http://vim.wikia.com/wiki/File_Format#Converting_the_current_file
2012-09-26 08:40:50 -05:00
3efe9ac761
removed dev comments
2012-09-26 13:37:17 +01:00
f51f4c1e6a
added support for oracle 11g XE
2012-09-26 13:28:16 +01:00
93dd96d4d3
fixing variable name
2012-09-25 15:40:12 +02:00
6939df8d98
Support Spanish thx to Adrian Pulido
...
See redmine feature: #7006
2012-09-24 22:42:17 -05:00
4cd244693f
Tabs
2012-09-24 19:13:44 -05:00
cb099d3431
fixing and cleanup for pull #802
2012-09-24 20:34:26 +02:00
91bc573fe8
Remove debug print
2012-09-24 01:26:39 -05:00
b1226ab87c
mysql search config + less verbose
2012-09-21 20:01:32 +01:00
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
eca8555a92
Applying changes
2012-09-07 11:29:42 +02:00
d16d004969
added windows post module rpcapd service
2012-09-05 19:26:26 +02:00
b8132cae5c
Add the redistribution comment splat
2012-09-04 15:58:43 -05:00
6e7cbe793c
Spamguard e-mail addresses, make auth name consistent
2012-09-04 15:58:43 -05:00
a925eef070
Removed meterpreter reference from desc
...
This post module relies on meterpreter as a SessionType, but the
description shouldn't call this out specifically.
2012-09-04 15:58:42 -05:00
ba0de5acd9
Retitled for consistency and accuracy
2012-09-04 15:58:42 -05:00
f80abaf0d1
Dropping trailing whitespace
2012-09-04 15:58:42 -05:00
69b2f95a6f
small update
2012-09-04 15:58:42 -05:00
cac1e0a585
small update
2012-09-04 15:58:42 -05:00
e1da14f786
access database with local os admin privs
2012-09-04 15:58:42 -05:00
a08d2359d7
access database with local os admin privs
2012-09-04 15:58:42 -05:00
b0661a33a3
Update modules/post/windows/gather/tcpnetstat.rb
...
forgot to change table name with table code reuse
'connection table' is a better table header than
'routing table'.
2012-08-26 02:34:54 -03:00
433c9f6b28
Final cleanup
2012-08-21 14:17:21 -05:00
c5623cae4c
Fixing Bug w/ XP Method & Improving formatting for smart_hashdump
...
1.) Addressed obvious bug in registry read for XP hint gathering code
2.) Cleaned up the formatting for smart_hashdump which needed
additional tabs
2012-08-21 07:56:52 -05:00
a3bad0b3ae
Added XP Support and Changed Output Method for User Password Hints
...
1.) Now grabs clear-text user hint from XP systems in addition to
Win7/Win8 systems
2.) Changes output so it's no longer inline with hashes as not to
affect copy/paste of hashes output
3.) Adding alternate text in cases when no user hints are available
2012-08-20 21:30:12 -05:00
fbc36b57d0
Adding Windows User Password Hint Decoding to Hashdump Tools
...
* UserPasswordHint, a key that is used to store the users password
hint, can be easily decoded to clear-text to get the users hint
(Example: "My Favorite Color")
* Added decode_windows_hint() method to perform the decode process
* Added decoded hint output for hashdump.rb and smart_hashdump.rb
2012-08-19 23:04:11 -05:00
5cd20357d8
Updating URL for Bypass UAC
2012-08-15 22:34:44 -05:00
c8b8d7b8db
Fix handling of PAYLOAD_TYPE in persistence
...
post/windows/manage/persistence incorrectly checked the STARTUP option
to set the payload, which meant it was always the default (reverse_tcp).
Changed to check PAYLOAD_TYPE instead, as intended.
2012-08-10 13:34:09 -05:00
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
94c7415653
Remove typo
2012-07-31 16:30:41 -05:00
4efe84c609
Merge branch 'Fix_Threading' of https://github.com/darkoperator/metasploit-framework into darkoperator-Fix_Threading
2012-07-23 02:58:30 -05:00
2941755576
Fixed the threading for ARP Scanner and skipped making a note is OUI is not known
2012-07-21 23:38:41 -04:00
cccd3754a4
Fix load order problem
...
[FIXRM #7151 ]
2012-07-20 15:58:57 -06:00
9bff1c913b
Merge pull request #592 from alexmaloteaux/ipv6arpfix
...
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
fbe0cb7471
Merge branch 'post_win_gather_creds_gpp_pass' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_win_gather_creds_gpp_pass
2012-07-17 08:28:19 -05:00
b3eb7b1358
Clean up unicode names
2012-07-17 00:46:28 -05:00
8fef1479ed
Trim string fields at first null
2012-07-15 23:12:40 -05:00
81ba60169f
ipv6 and arp_scanner fix
2012-07-10 18:28:24 +01:00
0fbfa8e6f7
Merge branch 'enum_unattend_ii' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-enum_unattend_ii
2012-07-09 10:14:30 -05:00
5586aa6c1b
Move some code around
2012-07-09 09:44:22 -05:00
5db26beef7
Add more features
...
Please see the following ticket:
http://dev.metasploit.com/redmine/issues/7041
2012-07-09 05:17:40 -05:00
442eccd1d6
Merge pull request #578 from claudijd/master
...
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption in Hashdump Code
2012-07-08 12:24:46 -07:00
5938771e6c
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption
...
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.
If you have questions, please let us know.
-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
2012-07-08 14:02:22 -05:00
fc58e485c3
Added further protection to enum_dcs method to prevent crashes
2012-07-05 14:27:45 +01:00
a513b41283
Couple of readability changes suggested by TLC
2012-07-05 14:19:41 +01:00
cadbeafc4b
match dot and not any character
2012-07-03 20:41:03 -03:00
5bba81b738
or something equivalent... if enum_dcs returns nil
2012-07-03 20:38:26 -03:00
c30b2de35b
Removed comments in code!
2012-07-03 21:34:33 +01:00
9998ca928d
msftidy, bugfixes, and protection to prevent DNS style domains going into the DC enumeration (which causes a meterpreter crash)
2012-07-03 21:28:45 +01:00
bdd9364fa4
Refactored registry DC enumeration to occur by default, fixed nil DomainCaches exception
2012-07-03 21:08:12 +01:00
f74fe39280
fix error message to a more helpful one.
2012-07-03 12:54:02 -03:00
12e24dbd99
failback to target's PDC to get policies
2012-07-03 12:49:34 -03:00
7cfb7c1915
Update description
2012-07-03 10:26:02 -05:00
5fff195eba
DomainCache is a list of domainName = dnsDomainName
2012-07-03 12:20:00 -03:00
7262faac57
Correct a typo
2012-07-02 16:02:14 -05:00
fa0422c88a
Must respect the PlainText field to extract password info properly
2012-07-02 15:56:25 -05:00
e2a2789f78
Support Ruby 1.8 syntax. Thanks M M.
2012-07-02 14:15:14 -05:00
4eec5a5288
msftidy
2012-07-02 16:51:15 +01:00
261989dddf
Fixed get_domain_reg where value returned was '.'
2012-07-02 16:46:02 +01:00
bd2368d6ab
Added specific details for each policy type to output table, modified REX:Ui:Table to prevent sorting when SortIndex == -1
2012-07-02 11:47:44 +01:00
299ed9d1d5
Local loot storage of retrieved XML files with option to disable storage
2012-07-02 10:48:04 +01:00
5c2c1ccc39
Added extra logic and fixes for user supplied domains option
2012-07-02 10:15:58 +01:00
b549c9b767
Added a number of registry locations to enumerate the domain as this was inconsistant across testing environments
2012-07-02 09:35:47 +01:00
994074948a
Removed @enumed_domains which inadvertantly skipped processing after the first file on a domain
2012-07-02 09:17:29 +01:00
21776697b2
Merged with upstream
2012-07-02 08:57:54 +01:00
1b02f17d52
Shamelessly add my name too, because I made a lot of changes.
2012-07-01 19:23:34 -05:00
e1c43c31bd
Title change
2012-07-01 16:43:25 -05:00
326230b34b
Don't need to print the xml path twice
2012-07-01 13:58:04 -05:00
fcf5e02708
Be aware of bad XML format
2012-07-01 13:50:43 -05:00
ac52b0cc9f
Filter out 'AdministratorPassword' and 'Password'
2012-07-01 13:45:12 -05:00
61983b21b9
Add documentation about unattend.xml's specs
2012-07-01 04:15:11 -05:00
bf03995e30
Add veritysr's unattend.xml collector. See #548 .
2012-07-01 04:08:18 -05:00
e37a71192d
Make msftidy happy
2012-06-28 12:10:38 -05:00
77326edc45
fixed tcpnetstat table displaying
2012-06-28 12:56:29 -04:00
6f37ccbcae
tcp netstat post module via railgun
2012-06-28 09:17:05 -04:00
94e28933c8
Whitespace fixes. msftidy.rb yall
2012-06-27 10:06:15 -05:00
2dd51690c2
Add a missing require
2012-06-27 00:47:32 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
46dd286cc8
Merge pull request #519 from rapid7/gpp-passwords
...
Gpp passwords
2012-06-24 16:18:34 -07:00
6e19dddf2a
Alleviate duplicated work in gpp module
2012-06-24 16:21:35 -05:00
aa09cd7f82
More collaboration stuff on gpp module
2012-06-24 13:08:19 -05:00
eefea8d9d3
Add newname attr in gpp module
2012-06-23 17:51:58 -05:00
7bcb9d1a45
Reintegrated extra options into gpp module
...
reintegrated meatballs control options into the gpp module
2012-06-23 17:38:07 -05:00
b320679d1f
Exception message fix for gpp
2012-06-23 12:56:12 -05:00
5497d091fc
fix gpp attribution and description
2012-06-23 12:45:56 -05:00
534008b010
Major rework of the gpp module
...
Took the combination work Meatballs did
on pulling togetehr the three seperate gpp modules.
Cleaned it up and cut it down to a smaller, smoother form.
2012-06-23 12:42:33 -05:00
26d99c6e41
Added more detail to description and stop execution if no DCs are enumerated.
2012-06-22 22:36:52 +01:00
6a80b21124
Final tidyup
2012-06-22 19:12:42 +01:00
27b884ca87
Fixed drives userName match
2012-06-22 18:47:44 +01:00
90eaceef70
Fixed enum_domains exception when domains found = 0
2012-06-22 18:45:56 +01:00
141195a5ae
Adjusted attribute strings to match MSDN cases
2012-06-22 18:33:54 +01:00
3519aff146
Added protection for division by 0 in the enum_domain code
2012-06-22 18:20:45 +01:00
0d4feb9fce
Various fixed suggested by trolldbois
2012-06-22 18:11:15 +01:00
ca2c401cac
Modified username to userName in XML parsing
2012-06-22 17:46:19 +01:00
19a37c28b8
Fixed and added paths for user preferences
2012-06-22 17:21:32 +01:00
506a91f7a8
Changed runas to runAs for scheduled tasks
2012-06-22 16:04:17 +01:00
91cad8ee77
Fixed printer path
2012-06-22 14:41:51 +01:00
7a4bd26132
Fixed msftidy eol
2012-06-22 14:36:29 +01:00
b2cb5c1c8e
Included other policy files for enumeration
2012-06-22 14:31:54 +01:00
15a020dbda
Clear EOL chars
2012-06-22 11:36:27 +01:00
391a92ccfd
More verbose and specific exception handling
2012-06-22 11:27:06 +01:00
0ed49998e2
Allowed to run as SYSTEM
2012-06-22 11:17:24 +01:00
2a3cd6e343
References
2012-06-22 11:14:19 +01:00
9da2dd816c
Fixed changed time to point to parent node
2012-06-22 11:03:34 +01:00
e0966d5a3a
Incorporated trolldbois comments about SYSTEM and changed date
2012-06-21 19:20:34 +01:00
6768549c6d
Fixed msftidy error
2012-06-21 18:46:20 +01:00
5e64c2fb2e
Will only enumerate one DC for each domain using the DOMAINS arg
2012-06-21 18:28:06 +01:00
2729f33ff2
Merge Justin's TortoiseSVN module
...
This adds Justin's TortoiseSVN module with minor edits.
[Closes #508 ]
2012-06-21 11:56:08 -05:00
504d3d477e
Resolve http_proxy_host before reporting, too.
2012-06-21 11:55:13 -05:00
c795c2e438
Resolve hosts for tortoisesvn module reporting
...
report_host() does not expect a DNS name, but an IPv4 or IPv6 address.
In many cases, an SVN password is going to be associated with only a
hostname.
This may be a bug in report_host -- it's certainly inconveninent.
However, we don't usually wnat report_host to be making tons of DNS
lookups when importing hosts, so this forced step is likely intended.
Also, begin/rescue/end blocks that don't hint at what errors are
intended to be caught are rarely a good idea, so this at least informs
the user which exception was raised.
2012-06-21 11:47:37 -05:00
9b943bc763
Removed redundant file
2012-06-21 17:29:52 +01:00
82318f0dac
Merge branch 'post_win_gather_creds_gpp_pass' of github:Meatballs1/metasploit-framework into post_win_gather_creds_gpp_pass
2012-06-21 17:27:45 +01:00
81411374bc
Removed old file
2012-06-21 17:23:14 +01:00
56a8dda739
Reworking of module to incorporate all contributions
2012-06-21 17:23:13 +01:00
bb60eacde7
Added store_loot
2012-06-21 17:23:12 +01:00
be255d53c0
Initial post/windows/gather/credentials Windows Group Policy Preferences Passwords
2012-06-21 17:23:12 +01:00
4004b544c0
The condition for "else" doesn't really do anything for us
2012-06-21 02:53:44 -05:00
d957c021cb
Handle another possible condition
...
If the path actually doesn't exist on the victim, we may run into
a RequestError. Need to handle that... should be pretty common.
2012-06-21 01:38:51 -05:00
6a386b7a88
Rename the file for naming style consistency
2012-06-21 01:25:55 -05:00
367e75bb06
Multiple changes to file_collector.rb
...
This module received the following changes:
* Make msftidy happy
* Remove the GETDRIVES option, and make the SEARCH_FROM option
smarter.
* MSF license
* Other minor changes
2012-06-21 01:21:53 -05:00
327e86e08c
Merge branch 'file_collector' of https://github.com/3vi1john/metasploit-framework into 3vi1john-file_collector
2012-06-20 23:46:04 -05:00
a4c98f9627
Fix title to be consistent
2012-06-19 12:58:42 -05:00
b9a2c88733
New Post Module: TortoiseSVN Saved Password Extraction
2012-06-19 09:57:22 -04:00
c388cba421
Fix up modules calling report_vuln() to use new syntax
2012-06-17 23:39:20 -05:00
cb1144c4ec
Added Revised windows file collector and loot module
2012-06-16 11:14:08 -04:00
5e19918020
Updated MS Outlook post module
2012-06-15 15:06:18 -04:00
6f1d5b3193
Added store_loot
2012-06-15 18:27:59 +01:00
1b64fee5d2
Initial post/windows/gather/credentials Windows Group Policy Preferences Passwords
2012-06-15 17:50:36 +01:00
89e554de2b
Adds post module for stealing GPP Passwords
...
Post module steals Group Policy Preferences account
passwords.
2012-06-11 21:20:18 -05:00
83d21df9f6
Merge branch 'master' of https://github.com/darkoperator/metasploit-framework into darkoperator-master
2012-06-07 22:58:50 -05:00
Rob Fuller
sinn3r
Raphael Mudge
Spencer McIntyre
Borja Merino
jvazquez-r7
Barry Shteiman
Tod Beardsley
James Lee
David Maloney
nullbind
Jonathan Claudius
Daniel Miller
Carlos Perez
HD Moore
Alexandre Maloteaux
Meatballs1
Loic Jaquemet
dmaloney-r7
Meatballs1
justincmsf
3vi1john