Commit Graph

2209 Commits (6d9f6c9715e01b331648c7c6c379f8f04624e755)

Author SHA1 Message Date
Jonathan Claudius a9e480e44a Fixed tilde 2015-01-26 23:53:08 -05:00
Jonathan Claudius eed9fbe024 Lose assignment in conditional 2015-01-26 23:48:08 -05:00
Jonathan Claudius c496d2c987 Remove nil check 2015-01-26 23:43:31 -05:00
Jonathan Claudius c29b7488b2 Fix double new line 2015-01-26 23:40:19 -05:00
Jonathan Claudius d77f112e82 Minor Formatting 2015-01-26 23:31:36 -05:00
Jonathan Claudius 06485d8c89 Fix naming of things 2015-01-26 23:17:44 -05:00
Jonathan Claudius 685c4804e5 Add trailing return 2015-01-26 23:15:00 -05:00
Jonathan Claudius 6b6e47a237 Fix sessiontypes, again 2015-01-26 23:13:17 -05:00
Jonathan Claudius 747349a57a Fix sessiontypes 2015-01-26 23:11:48 -05:00
Jonathan Claudius ee7ecb349d Fix description 2015-01-26 23:10:08 -05:00
Jonathan Claudius 106170eddc Add multi to name 2015-01-26 23:08:43 -05:00
Jonathan Claudius a3c7cf70f8 Make MSF Tidy more happy 2015-01-26 22:30:26 -05:00
Jonathan Claudius d37b3cf0c3 Use next instead of return 2015-01-26 22:26:56 -05:00
Jonathan Claudius f58dc2789f Remove creds 2015-01-26 22:13:15 -05:00
Jonathan Claudius a27c376ae7 Add service port and host 2015-01-26 22:06:07 -05:00
Jonathan Claudius dd34b58e49 Add add loot 2015-01-26 22:01:38 -05:00
Jonathan Claudius 3889ed5784 Add cred login 2015-01-26 21:50:10 -05:00
Jonathan Claudius eead063375 Add RubyGems API Post Gather Module 2015-01-26 20:53:39 -05:00
sinn3r d7375e84ea Move modules/post/windows/escalate/net_runtime_modify.rb
This module was scheduled to be removed on 01/08/2015.
Please use exploit/windows/local/service_permissions instead.
2015-01-26 00:29:43 -06:00
Jon Hart e7c21f3205
Land #4503, @m7x's post module for extracting McAfee VSE hashes 2015-01-21 20:44:41 -08:00
Jon Hart 9cc58a8d69
Lastly, rename the file so that it is specific to McAfee VSE 2015-01-21 20:44:34 -08:00
Jon Hart 683a541064
Tighten up prints to make it specific to VSE, not McAfee in general 2015-01-21 20:33:54 -08:00
Jon Hart 52be3d80b7
Minor ruby style cleanup 2015-01-21 20:27:38 -08:00
Jon Hart ceed293969
Remove unnecessary requires 2015-01-21 20:23:03 -08:00
Jon Hart f73052710d
Correct recent msftidy change in outlook gather 2015-01-21 13:27:48 -08:00
Jon Hart 46a0ec8a68
Make timeout for Powershell scripts configurable 2015-01-21 13:24:43 -08:00
wez3 bd0a20a717 Update outlook.rb execute_script time_out
I have been using the script in real life cases which have bigger e-mailboxes then in the testing environment. Because of execute_script default time_out no results return, as the powershell scripts run longer then 15 seconds. Changed the timeout to 120.
2015-01-20 11:16:37 +01:00
jvazquez-r7 43e0afeaed Delete 's' typo 2015-01-19 12:55:35 -06:00
jvazquez-r7 79a24f80b8 Use constant for play options 2015-01-19 12:50:40 -06:00
jvazquez-r7 652400451e Delete extra k 2015-01-19 12:35:26 -06:00
IMcPwn 50d43f118b Make URLs better
Removes YouTube logo, loops, hides video controls at bottom, disables keyboard controls, doesn't show info about the video on the top, hides video annotations, and doesn't show related videos at the end.
2015-01-19 12:27:18 -05:00
root 3a5d6b4717 Store password hash as loot 2015-01-17 14:17:41 +00:00
Tod Beardsley 375a7e1fe9
Typo. Filtering. 2015-01-16 16:30:52 -06:00
Jon Hart 8889f95920
Correct McAfee credential storage, prepare for store_loot 2015-01-16 12:10:01 -08:00
root f4f4787efe Move run method 2015-01-14 23:54:02 +00:00
David Maloney f42bda1a51
refactor parsing the results
moved the result parsing into its own method
cleaned up run method a bit more, added YARD docs
to the new methods
2015-01-14 14:15:57 -06:00
David Maloney c687ecca2e
refactor filter building
move the filter_string into a seperate method
and use shovel oeprator to keep it a little cleaner
2015-01-14 14:04:28 -06:00
David Maloney 9b344a9605
move query fields to a constant
these fields should never change, so put the array
in a constant and freeze it to prevent accidental tampering
2015-01-14 13:20:00 -06:00
David Maloney 82939595f8
Merge branch 'master' into feature/metaballs1/enum_ad_users 2015-01-14 13:06:18 -06:00
root 52b929c5ca Fix https://github.com/m7x/metasploit-framework/pull/1#issuecomment-69454590 2015-01-10 14:15:53 +00:00
Jon Hart 5c12f9da75
More cleanup
Handle multiple versions
Better print_
Actually extract
2015-01-09 18:01:17 -08:00
Jon Hart 35fd17c4f1
Cleanup style 2015-01-09 11:00:25 -08:00
Brent Cook fb5170e8b3
Land #2766, Meatballs1's refactoring of ExtAPI services
- Many code duplications are eliminated from modules in favor of shared
   implementations in the framework.
 - Paths are properly quoted in shell operations and duplicate operations are
   squashed.
 - Various subtle bugs in error handling are fixed.
 - Error handling is simpler.
 - Windows services API is revised and modules are updated to use it.
 - various API docs added
 - railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
Brent Cook e447a17795 bump deprecated date 2015-01-08 16:20:06 -06:00
EricGershman 0496bb16bc Minor spelling fix 2015-01-07 23:43:59 -05:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
m7x 89699d1549 Typo workspace_id 2015-01-07 10:58:59 +00:00
William Vu 46aa165ca5
Land #4481, enum_users_history improvements 2015-01-06 01:52:38 -06:00
William Vu 745bfb2f35
Clean things up 2015-01-06 01:48:18 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
root c348663204 Add McAfee Hashdump 2015-01-02 10:22:11 +00:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Brendan Coles cc75c33d60 Use user home directories
Replace hard-coded '/home/' and '/root/' with `~username` shorthand.
2014-12-31 09:12:35 +11:00
Brendan Coles 013e45e83d Add support for MongoDB history 2014-12-31 08:38:58 +11:00
Brendan Coles d2e6f90569 Use a list of users 2014-12-31 08:12:16 +11:00
Brendan Coles 897e993971 Update description 2014-12-30 08:05:53 +11:00
Brendan Coles 8719a36d84 DRY status messages 2014-12-30 08:03:40 +11:00
Brendan Coles 0de80e9c76 Minor changes to style 2014-12-30 07:58:54 +11:00
Brendan Coles 0085bcf075 Use `blank?' instead of `nil?' 2014-12-30 07:38:34 +11:00
Brendan Coles a50ac4050c Add support for PostgreSQL history 2014-12-30 07:33:22 +11:00
Brendan Coles 4ebe0fc0a8 Add support for different shells 2014-12-30 07:26:12 +11:00
Mark Judice 30228bcfe7 Added underscore to user regex in smart_hashdump.rb to support usernames that contain underscores. Issue #4349. 2014-12-23 22:36:11 -06:00
jvazquez-r7 01cf14d44e Fix banner 2014-12-23 01:02:09 -06:00
jvazquez-r7 4928cd36e4
Land #4187, @BorjaMerino's post module to get output rules 2014-12-23 01:01:03 -06:00
jvazquez-r7 49fef9e514 Do minor module clean up 2014-12-23 01:00:21 -06:00
Meatballs 6a822cca61
Move code out of begin/rescue block 2014-12-17 06:45:00 +00:00
Meatballs dd63d793e5
Bring in @darkoperator's filters 2014-12-17 06:14:21 +00:00
Meatballs 8c7ff728ef
Gather some more info 2014-12-17 05:46:01 +00:00
sinn3r 4c714b3eaf
Land #4386 - Fix issue #3852 (support for other languages for enable_rdp) 2014-12-15 11:37:05 -06:00
root 6480ae2c03 Show message at the end 2014-12-15 16:26:39 +01:00
root 288954afa0 recvfrom allocation changed 2014-12-14 18:58:48 +01:00
Meatballs 00b802cc68
Reindent description 2014-12-14 10:04:18 +00:00
Meatballs 6ecf537f40
Grab user creds to database 2014-12-13 20:30:20 +00:00
Meatballs e914061745
Gsub out funny character when storing to database 2014-12-13 18:35:31 +00:00
Meatballs 316710329b
Fix field.value 2014-12-13 18:31:29 +00:00
Meatballs d3d744a7cb
Make sure we get the field :value 2014-12-13 18:13:36 +00:00
jvazquez-r7 5eb510f7bc Use the correct variable for the filename 2014-12-12 17:40:26 -06:00
jvazquez-r7 27323bcaa5 Fix #3852, make enable_rdp with other languages 2014-12-12 17:30:14 -06:00
wez3 3b6e92726c Update outlook rb, "NL" to "nl_NL"
Update outlook rb, "NL" to "nl_NL"
2014-12-12 20:09:34 +01:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Jon Hart e5e40307e6
Land #4373 2014-12-11 18:45:53 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
Tod Beardsley af9979d30b
Ruby style on methods please
Introduced in #4220. This ain't no JavaScript!
2014-12-11 15:24:30 -06:00
Tod Beardsley 909971e0bf
Margins on description, PowerShell not Powershell 2014-12-08 10:57:49 -06:00
Tod Beardsley 80dc781625
Email over E-mail
While I believe "e-mail" is the actually correct spelling, we tend to
say "email" everywhere else. See:

````
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri "print.*email"
modules/ | wc -l
19
[ruby-2.1.5@metasploit-framework](fixup-grammar)
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri
"print.*e-mail" modules/ | wc -l
1
````
2014-12-08 10:55:26 -06:00
Christian Mehlmauer 738fc78883
Land #4220, outlook gather post module 2014-12-07 22:41:28 +01:00
Christian Mehlmauer cc63d435c7
another whitespace 2014-12-06 09:32:22 +01:00
Christian Mehlmauer f0a47f98bc
final formatting 2014-12-06 00:38:05 +01:00
Christian Mehlmauer f1f743804e
more formatting 2014-12-06 00:31:38 +01:00
Christian Mehlmauer 9187a409ec
outlook post module fixes 2014-12-06 00:28:44 +01:00
wez3 7c62fa5c95 Add Windows post module for reading/searching Outlook e-mail #8 2014-12-04 14:28:40 +01:00
wez3 3cadcb942a Add Windows post module for reading/searching Outlook e-mail #7 2014-12-03 18:30:22 +01:00
wez3 611e8c72eb Add Windows post module for reading/searching Outlook e-mail #6 2014-12-02 14:05:08 +01:00
peregrino 84bb5b5215 Rex::Socket.to_sockaddr changed 2014-11-26 17:51:38 +01:00
peregrino 16b64ff42a Rex::Socket.to_sockaddr changed 2014-11-26 17:51:05 +01:00
peregrino 16a9450d43 session.tunnel_peer changed by session.session_host. Other minor changes 2014-11-26 12:08:54 +01:00
jvazquez-r7 5615d65aee Do minor cleanup 2014-11-25 17:35:07 -06:00
wez3 5294594379 dd Windows post module for reading/searching Outlook e-mail #5 Add DE 2014-11-25 14:36:14 +01:00
jvazquez-r7 71669b9f9e Change module filename 2014-11-24 20:34:12 -06:00
jvazquez-r7 5c4b1b0283 Output some information 2014-11-24 20:31:26 -06:00
jvazquez-r7 6e9cd331b3 Modify description 2014-11-24 20:28:38 -06:00
jvazquez-r7 261da9306e Use store_loot 2014-11-24 20:22:21 -06:00
jvazquez-r7 cf52dd895f Refactor search 2014-11-24 20:20:37 -06:00
jvazquez-r7 2fa5223d3b move check out of the begin block 2014-11-24 19:28:53 -06:00
jvazquez-r7 90bdc770b5 Use literal creation notation 2014-11-24 19:27:50 -06:00
jvazquez-r7 2c4caeed29 Clean metadata 2014-11-24 19:26:12 -06:00
jvazquez-r7 443dd7b6c0 Use constants 2014-11-24 19:04:02 -06:00
jvazquez-r7 250250beb0 Fix indentation 2014-11-24 18:58:07 -06:00
jvazquez-r7 88ccffacb4 Update from upstream master 2014-11-24 18:32:35 -06:00
wez3 53b69583f4 Add Windows post module for reading/searching Outlook e-mail #4 2014-11-21 20:00:30 +01:00
wez3 435c6eef81 Add Windows post module for reading/searching Outlook e-mail #3 2014-11-18 16:27:33 +01:00
wez3 91a53dc36c Add Windows post module for reading/searching Outlook e-mail 2014-11-18 12:41:24 +01:00
jvazquez-r7 54de805b7a Report credentials
* Even when we are not associating them to hosts
* It's a post module so maybe we cannot solve some names
2014-11-17 12:49:18 -06:00
wez3 7a2b7208e7 Add Windows post module for reading/searching Outlook e-mail 2014-11-17 19:38:55 +01:00
jvazquez-r7 b3b37c7c9f Use longer description lines 2014-11-17 12:23:22 -06:00
jvazquez-r7 145e610c0f Avoid shadowing new method 2014-11-17 12:22:30 -06:00
Jon Hart d5afb2b766 %q 2014-11-17 09:01:14 -08:00
Jon Hart ce73e32673 Doc and named captures 2014-11-17 09:01:14 -08:00
Jon Hart bf05fe1389 Refactoring, simplification, better print_* 2014-11-17 09:01:14 -08:00
Jon Hart 6e1cdfde36 Rip out create_credential* stuff. Use what works 2014-11-17 09:01:14 -08:00
Jon Hart e5bb13a609 If remmina config files are missing data for creds, tell me what 2014-11-17 09:01:14 -08:00
Jon Hart 875d1f9ea0 Convert Remmina credential gatherer to use new credentials model 2014-11-17 09:01:14 -08:00
Jon Hart 086f0c02d6 Remove excessive logging 2014-11-17 09:01:14 -08:00
Jon Hart 90e58e9e71 Binary encoding 2014-11-17 09:01:14 -08:00
Jon Hart e76373340e Correct some Rubocop things that I agree with 2014-11-17 09:01:14 -08:00
Jon Hart f729a6cf02 Add Remmina RDP/SSH/VNC password gathering 2014-11-17 09:01:13 -08:00
Peregrino Gris 80a9fa4b5d Ports default values added, is_internal REX function added, reference added 2014-11-13 10:10:25 +01:00
Peregrino Gris 529f749abb Add post-exploitation module to get FW filtering rules 2014-11-12 17:38:49 +01:00
Jon Hart c765100efd
Land #4004, @martinvigo's LastPass master password extraction module 2014-10-22 16:34:54 -07:00
Jon Hart 29b61984c5 Update to use correctly joined path 2014-10-22 16:34:17 -07:00
Tim Wright b8c3fadb9e python 3 is supported now too :) 2014-10-22 20:10:48 +01:00
Tim Wright 8c3c73a72d inline the error message 2014-10-22 20:08:14 +01:00
Tim Wright 2ab73688dc use framework.threads to launch cleanup thread 2014-10-22 19:40:29 +01:00
Tim Wright 22fc6496ac Merge branch 'pr/3401' into landing-3401 2014-10-22 19:23:01 +01:00
Jon Hart 88c1647c80 Loot the passwords, obviously 2014-10-19 13:11:10 -07:00
Jon Hart 0971d7c3ac Remove ... from prints, only map a browser if we found something 2014-10-19 13:05:11 -07:00
Jon Hart 967800eed0 Track account name for more useful table and prints 2014-10-19 12:59:51 -07:00
Jon Hart 5a05246682 Consistent case in *print_* 2014-10-19 12:30:50 -07:00
Jon Hart a30663e412
Fix multiuser LastPass extraction, print/vprint cleanup 2014-10-17 17:40:19 -07:00
Jon Hart d2a00b208e Minor style cleanup to appease Rubocop 2014-10-17 12:50:18 -07:00
Jon Hart d97fe548b9 Store the browser name in LastPass loot 2014-10-17 11:33:31 -07:00
Jon Hart 43238c7324 Simplify LastPass extraction. Track what browser that puked creds 2014-10-17 11:19:36 -07:00
Jon Hart 9177b931fd Refactoring of LastPass module to use correct Firefox path on *nix 2014-10-17 10:20:55 -07:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Martin Vigo 36d6220f8f Make use of Rex::Ui::Text::Table 2014-10-15 23:13:53 -07:00
Martin Vigo bb421859d3 Refactor code and add support for all Windows 2014-10-15 22:15:54 -07:00