Commit Graph

1914 Commits (82d277741761a4e9ccb7a48e40ef45620f10dbf3)

Author SHA1 Message Date
David Maloney 9716b97e1c
split up the migration efforts
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
David Maloney ad50f9a047
move default targets to constants
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
Josh 4e99c873c8 Fix issue when target_pid == current_pid 2016-01-06 19:58:07 -06:00
Josh 60c506d7fb Replace error handling methods 2016-01-06 18:53:54 -06:00
Vincent Yiu 30a866a85b Update enable_rdp.rb
Fixed some typos.
2016-01-04 09:52:57 +00:00
Kyle Gray 47f9880690
Land #6395, grammar fixes for recovery_files.rb
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
William Vu cf0e982e83
Land #6386, VNC creds module fix 2015-12-28 02:32:26 -06:00
William Vu 6b9c74eec7 Prefer gsub and nix the return 2015-12-28 02:31:47 -06:00
Josh 0de69a9d40 Add post Windows privilege based migrate 2015-12-27 19:26:21 -06:00
Jon Hart f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
karllll 431c6001a8 Fix recovery_files.rb Description grammar errors 2015-12-24 10:10:39 -05:00
Stuart Morgan 391145a4af Checking if group_filter is empty 2015-12-23 15:14:37 +00:00
g0tmi1k 2f71730484 Gather VNC null byte fix + formatting 2015-12-22 17:30:37 +00:00
Stuart Morgan f950633d32 renamed 2015-12-21 18:16:06 +00:00
Stuart Morgan e09c2944cf Renamed module to be more descriptive 2015-12-21 18:15:39 +00:00
Stuart Morgan 4c27f381dc rubocop & msftidy 2015-12-21 18:15:19 +00:00
Stuart Morgan 8438774077 Bug 2015-12-21 18:13:58 +00:00
Stuart Morgan 0b6969afbc Rubocop. This encoding mess was the only way I could find to deal with a number of parsing errors when testing this against a multilingual domain. 2015-12-21 17:30:32 +00:00
Stuart Morgan 30e283b0ae fixup 2015-12-21 17:28:36 +00:00
Stuart Morgan 751a0708bf rubocop 2015-12-21 13:32:29 +00:00
Stuart Morgan 0c8aa0bd5c msftidy - fixed module name 2015-12-21 13:32:11 +00:00
Stuart Morgan 0081c79f39 Added comments 2015-12-21 13:31:26 +00:00
Stuart Morgan 03b904cc4e Initial version 2015-12-21 13:29:47 +00:00
Stuart Morgan 16cf3c6207 Further messing about with unicode conversions 2015-12-21 13:28:27 +00:00
Stuart Morgan e8c8c54cb0 Use a regex with a negative lookbehind to cope with CNs that contain commas 2015-12-21 11:44:37 +00:00
Stuart Morgan d8b3b15da6 Trying to fix encoding errors 2015-12-21 11:43:12 +00:00
Stuart Morgan 76f99cbc7f Fixing UTF-8 encoding errors with some strangely named groups 2015-12-21 11:11:01 +00:00
Stuart Morgan b0fca769d7 capitalisation 2015-12-21 10:39:30 +00:00
Stuart Morgan 4ed32ad3e8 Add manager user attribute 2015-12-20 22:51:37 +00:00
Stuart Morgan 9493b333df rubocop 2015-12-20 21:22:03 +00:00
Stuart Morgan c394caad27 actually made the securitygroups only option do something 2015-12-20 21:19:24 +00:00
Stuart Morgan 07caaf352b made comment match purpose 2015-12-20 21:18:21 +00:00
Stuart Morgan c0a93433af msftidy 2015-12-20 21:16:42 +00:00
Stuart Morgan 89728fd8fe Working version 2015-12-20 21:16:17 +00:00
Stuart Morgan ae09549057 New module, strating with managedby_groups 2015-12-20 20:17:06 +00:00
Stuart Morgan 28e563659f Added managedBy to group acquisition 2015-12-20 20:16:18 +00:00
Stuart Morgan d79fd9a9f3 Renamed the comments attribute to comment 2015-12-20 19:53:36 +00:00
Stuart Morgan 924017e606 Moved trust enumeration to separate PR 2015-12-20 19:46:20 +00:00
Stuart Morgan 43f8a35b12 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_filter_to_ad_tools 2015-12-20 19:43:04 +00:00
Stuart Morgan 3a89d3cc70 Turns out that we dont need the report or accounts includes in there, so removing them for tidyness 2015-12-20 02:37:25 +00:00
Stuart Morgan c11c0ca7e0 Added comment about the UTF-8 encoding. This is an issue which is documented at https://github.com/rails/rails/issues/1965; namely that SQLite seems to treat ASCII text as a blob meaning that the text searches break. Encoding to UTF-8 seems to fix this. 2015-12-20 02:35:19 +00:00
Stuart Morgan 2301658611 Working 2015-12-20 02:20:59 +00:00
Stuart Morgan 7ce24969bb rubocop fixes 2015-12-20 02:02:44 +00:00
Stuart Morgan d5436c6fae msftidy is now silent 2015-12-20 02:01:11 +00:00
Stuart Morgan b8274cca01 Tested 2015-12-20 01:59:31 +00:00
Stuart Morgan b0eba24c5f Fixed verbosity bug and tidied up 2015-12-20 01:55:44 +00:00
Stuart Morgan 86294a869e No longer need the sAMAccountType lookup table 2015-12-20 01:45:10 +00:00
Stuart Morgan cdf430e689 Fixed bug relating to forgetting to add columns to the schema 2015-12-20 01:44:26 +00:00
Stuart Morgan 14f71eabdb Completing processing the sAMAccountType value 2015-12-20 01:42:25 +00:00
Stuart Morgan 5f5a297324 Adding u_, g_ and c_ parameters to the tables directly avoids most of the views 2015-12-20 01:30:24 +00:00
Stuart Morgan bb25c7606c Restructuring to add SAM_ (userAccountControl) variables as fields directly 2015-12-20 01:28:25 +00:00
Stuart Morgan 872aeccbb6 Significant simplified the hex-to-SID parsing code because we only want the RID out of it 2015-12-19 02:02:40 +00:00
Stuart Morgan 07e5f03aba Fixed 2015-12-19 01:58:29 +00:00
Stuart Morgan c7f8450775 Appears to work correctly 2015-12-19 01:11:20 +00:00
Stuart Morgan 36392ac0cd All works 2015-12-19 00:48:41 +00:00
Stuart Morgan 82c3ec5f4b Added views for users and groups table 2015-12-19 00:26:31 +00:00
Stuart Morgan ba9845818e Appears to work for the computers table (tables and view) 2015-12-18 23:22:22 +00:00
Stuart Morgan cf8f0e2483 Added userAccountControl to the computer table. Note that computer and user LDAP entries are more or less the same (user is the parent for computer), but it makes sense just for sanity and ease of use to keep them separate. 2015-12-18 22:22:56 +00:00
Stuart Morgan eade245a9e Added groupType attribute interpretation 2015-12-18 22:06:20 +00:00
Stuart Morgan e716cd79e3 Needed to use .zero? in the ? : if shorthand for the UAC variables 2015-12-18 21:55:55 +00:00
Stuart Morgan 838f74ff74 Added table creation for userAccoutControl 2015-12-18 21:45:07 +00:00
William Vu 6afcc13774 Requote file path 2015-12-18 15:41:38 -06:00
Stuart Morgan a065fc803c fixed spacing 2015-12-18 21:38:54 +00:00
Stuart Morgan 8821caa199 Added UserAccountControl constants 2015-12-18 21:37:31 +00:00
William Vu 06a2bb53bd Clean up module 2015-12-18 15:29:15 -06:00
Stuart Morgan 6d6306f6e7 Added sAMAccountType constants from MSDN 2015-12-18 21:14:39 +00:00
Stuart Morgan 5b07a35cef Added LDAP filter to identify groups of interest 2015-12-18 14:10:00 +00:00
Stuart Morgan 662010fce7 Added thread capability 2015-12-18 14:06:50 +00:00
Stuart Morgan 0a75fa333c msftidy 2015-12-18 12:14:22 +00:00
Stuart Morgan 91c8c2b9dd Trying to fix threads 2015-12-18 12:14:08 +00:00
Stuart Morgan 6f50635ab2 Strange bug with memberOf param and trying to fix up threads 2015-12-18 11:49:17 +00:00
Stuart Morgan 39bc23629a Getting ready to add thread support 2015-12-18 10:56:41 +00:00
Stuart Morgan 3c8ac89ba8 Added options to dump user membership and group membership to screen 2015-12-18 10:29:53 +00:00
Stuart Morgan 8f95ad315e Added extra user fields to database schema 2015-12-18 10:02:18 +00:00
Stuart Morgan fc45d70d25 Added extra user fields 2015-12-18 09:59:21 +00:00
Stuart Morgan b186aaa08d Added extra computer fields 2015-12-18 09:55:13 +00:00
Stuart Morgan f8b402165c Added extra computer fields 2015-12-18 09:51:04 +00:00
Stuart Morgan 805ba1d7dd Enumerate computers 2015-12-18 08:28:40 +00:00
Stuart Morgan 98c6b56494 Added computer recon 2015-12-18 08:14:30 +00:00
Stuart Morgan f13ca17de0 rubocop 2015-12-18 02:01:38 +00:00
Stuart Morgan 38b6ad4dbf msftidy 2015-12-18 02:00:57 +00:00
Stuart Morgan 36adbadb11 Tidied up SQL searching and added file size indicator 2015-12-18 01:59:19 +00:00
Stuart Morgan eb38859ecc Finally worked out how to use .map to make the SQL stuff far more elegant 2015-12-18 01:40:37 +00:00
Stuart Morgan 1ba6b91968 More accurate description 2015-12-18 01:24:43 +00:00
Stuart Morgan 0ddb40b55e Added UNIQUE and FOREIGN KEY constraints to SQLite DB 2015-12-18 01:23:29 +00:00
Stuart Morgan 15dc542544 Initial module works 2015-12-18 01:13:44 +00:00
Stuart Morgan f31c1c24db Added schema and code to populate SQLite db 2015-12-18 01:01:20 +00:00
Stuart Morgan e3483a2ac3 Getting RIDs from hex mess to decimal. Needs fixing 2015-12-18 00:20:16 +00:00
Stuart Morgan 460778738d Initial version works 2015-12-18 00:00:21 +00:00
Stuart Morgan 41c2d12e0c Tidy up initial print 2015-12-17 23:41:18 +00:00
Stuart Morgan 09fb37db6b Add status updates (useful if there are a large number of groups) 2015-12-17 23:07:02 +00:00
Stuart Morgan 2bcea91b15 Differentiate between user and group errors 2015-12-17 22:57:30 +00:00
Stuart Morgan 85c4e89526 Process user levels 2015-12-17 22:55:02 +00:00
Stuart Morgan 7c145c45e8 add LDAP_MATCHING_RULE_IN_CHAIN oid (from my adsi rework earlier) 2015-12-17 22:44:35 +00:00
Stuart Morgan f2b038f4b3 Begin loop to grab effective users of each group 2015-12-17 22:39:56 +00:00
Stuart Morgan c98519e0b9 Get groups using ADSI 2015-12-17 22:35:51 +00:00
Stuart Morgan 7b019bddf4 Initial version, just basing it on the ad_users module 2015-12-17 22:14:14 +00:00
Stuart Morgan e17a7a5d8c Fix attributes 2015-12-17 21:38:42 +00:00
Stuart Morgan 59d5626ef7 Bugfix 2015-12-17 21:36:19 +00:00
Stuart Morgan cba1ddbdc2 rubocop 2015-12-16 22:38:05 +00:00
Stuart Morgan 47e484408f rubocop 2015-12-16 22:31:54 +00:00
Stuart Morgan 9eef27e4c1 Removed snake case and added SID translation call 2015-12-16 22:31:22 +00:00
Stuart Morgan cc3ac3ad95 Removed trailing line spaces 2015-12-16 22:28:27 +00:00
Stuart Morgan 58635be237 Try to unpack the SID from hex to normal cut/paste format. Its a mess. 2015-12-16 22:27:52 +00:00
Stuart Morgan 421a29d998 Added the trust types from MSDN 2015-12-16 22:18:28 +00:00
Stuart Morgan fbe0cfde8f Fixed URL for trustDirection reference 2015-12-16 22:16:33 +00:00
Stuart Morgan fd8405f52d added trustDirection 2015-12-16 22:15:10 +00:00
Stuart Morgan 4da8859e57 added trustAttributes 2015-12-16 22:13:00 +00:00
Stuart Morgan 207a964117 Loop through results 2015-12-16 21:52:30 +00:00
Stuart Morgan 087a01f27f Templated table 2015-12-16 21:40:49 +00:00
Stuart Morgan fdf1a8c235 Updated with the LDAP fields to retrieve 2015-12-16 21:39:33 +00:00
Stuart Morgan ed4cf71ca8 Initial add (templated from Ben's bitlocker module) 2015-12-16 21:26:02 +00:00
Stuart Morgan c9c1dd22ee Added custom LDAP filter to ad_groups and ad_users to save having to use meterpreter's adsi interface 2015-12-16 10:38:38 +00:00
Stuart Morgan 2c29298485 undoing this, put in a separate module 2015-12-15 23:16:21 +00:00
Stuart Morgan 5dd8cb7648 proper type conversions 2015-12-15 23:13:02 +00:00
Stuart Morgan fef9a84548 rubocop 2015-12-15 23:12:14 +00:00
Stuart Morgan a2b30ff16e msftidy 2015-12-15 23:11:40 +00:00
Stuart Morgan 281966023c Final version 2015-12-15 23:10:06 +00:00
Stuart Morgan 7fa453b7ff Added module 2015-12-15 22:31:00 +00:00
Stuart Morgan 059de62400 Editing an existing module rather than adding a new one 2015-12-15 21:36:39 +00:00
Stuart Morgan 4a66b487de Based on putty enum module 2015-12-15 21:28:13 +00:00
Jon Hart 39da306b1d
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK) 2015-12-08 18:16:39 -08:00
Jon Hart ed8076f361
Merge branch 'master' into pr/6197 2015-12-08 12:08:15 -08:00
Jon Hart 2177b979fd
Update SessionTypes command to describe why shell is not listed 2015-12-08 12:06:47 -08:00
Jon Hart 3890961155
Correct SEP client exclusion enumeration 2015-12-08 10:16:25 -08:00
BAZIN-HSC be5f648969 manage-bde.exe path test if in System32 or sysnative 2015-12-08 16:14:13 +01:00
Jon Hart f6417df9ba
Update enum_av_excluded to work properly under wow64 2015-12-04 17:13:43 -08:00
Jon Hart ad60a4118e
Put admin and client exclusions in different tables 2015-12-04 13:01:28 -08:00
Jon Hart c92365090f
Simpler 2015-12-04 12:38:25 -08:00
Jon Hart e7d2eb6ad9
Wire in support for showing process and file extension exclusions 2015-12-04 12:35:42 -08:00
Jon Hart 78a303974f
Handle empty exclusions better 2015-12-04 12:19:17 -08:00
Jon Hart 81ee01a93e
Simplify exclusion extraction and printing 2015-12-04 11:42:03 -08:00
Jon Hart 1968a76863
Simplify AV enumeration code 2015-12-04 10:27:14 -08:00
Jon Hart 28ee056c32
Make enumeration of each individual AV optional 2015-12-03 16:07:49 -08:00
Jon Hart c007fffbce
Style cleanup 2015-12-03 15:55:12 -08:00
Andrew Smith 59bd88ff70 msftidy 2015-11-27 16:45:52 -05:00
Andrew Smith 9c016343c7 Update to logic and reliability
Included support for Windows Defender

Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
Louis Sato 55b3e10390
Land #6258, smart_migrate enhancement 2015-11-24 11:30:29 -06:00
Louis Sato 493e476a43
Land #6243, check nil for sock.read 2015-11-23 11:15:51 -06:00
BAZIN-HSC 5592e4e4ea seek_relative suppression (use seek instead) 2015-11-20 18:30:51 +01:00
BAZIN-HSC dd027982ae if recovery_key specified, only method that is tried 2015-11-20 18:30:50 +01:00
BAZIN-HSC f49d6905a6 Fix comments by @jhart-r7 2015-11-20 18:30:50 +01:00
BAZIN-HSC 8f135c07aa Remove hard coded C:\Windows and use %SYSTEMROOT% 2015-11-20 18:30:49 +01:00
BAZIN-HSC 7d9d74f609 msftidy... 2015-11-20 18:30:49 +01:00
BAZIN-HSC c8847182d7 Add module to dump Bitlocker master key (FVEK) 2015-11-20 18:30:48 +01:00
sammbertram f1675f9ae4 Minor enhancement to smart_migrate
Adding a check to see if the user is currently already migrated to the "explorer.exe" and "winlogon.exe" processes prior to attempting migration.
2015-11-19 13:30:12 +00:00
wchen-r7 17a1f2ee8a Fix #6242, Check nil for sock.read
Fix #6242
2015-11-16 14:24:46 -06:00
David Maloney a1ab8f1dc7
added Session info display to module output
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action

MS-706
2015-11-16 12:13:26 -06:00
Jon Hart 43229c16e7
Correct some authors with unbalanced angle brackets 2015-11-06 13:24:58 -08:00
Andrew Smith c44ecfeb15 Spacing 2015-11-06 10:55:29 -05:00
jakxx e4d8909815 Initial Commit 2015-11-05 20:43:30 -05:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
Brent Cook 0784370b98 more typo and whitespace fixes 2015-10-20 13:09:17 -05:00
Rob Fuller 2f1406e1c8 fix typo
not sure how this got in there
2015-10-20 13:48:00 -04:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
Brent Cook f3451eef75
Land #5380, pageantjacker, an SSH agent proxy 2015-09-26 10:52:44 -04:00
Stuart 853d822992 Merge pull request #1 from bcook-r7/land-5380-pageantjacker
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
jvazquez-r7 415fa3a244
Fix #5968, some modules not handling Rex::Post::Meterpreter::RequestError exceptions
* Related to the usage of ADSI on unsupported OSes
2015-09-21 14:33:00 -05:00
Stuart Morgan cdd39f52b1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension 2015-09-21 14:34:56 +02:00
Stuart Morgan e8e4f66aaa Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension 2015-09-21 14:34:38 +02:00
Brent Cook 61e7e1d094 update pageantjacker to run as part of extapi 2015-09-20 20:25:00 -05:00
William Vu 5f9f66cc1f Fix nil bug in SSO gather module 2015-09-11 02:21:01 -05:00
Stuart Morgan b59bc30160 Fixed stupid bracket error 2015-08-28 16:13:22 +01:00
Stuart Morgan 8bf815c4bb rubocop 2015-08-28 15:39:02 +01:00
Stuart Morgan b8b68983b0 Merge remote-tracking branch 'upstream/master' into adsi_group_enum_improvements 2015-08-28 15:11:27 +01:00
Stuart Morgan f371a1c4fc Added the ability to list AD groups by POST module 2015-08-28 15:10:48 +01:00
Stuart Morgan 8682ec77c5 Added group filtering to the enum_ad_users module 2015-08-28 15:10:27 +01:00
HD Moore a2d5511e39
Land #5379, new post modules to load into powershell sessions 2015-08-26 17:11:40 -05:00
Brent Cook 5633c1431f
Land #5821, add explicit 64-bit pointer support to enum_cred_store 2015-08-24 09:44:36 -05:00
jvazquez-r7 e7433b81bd
Reuse architecture check 2015-08-17 10:28:10 -05:00
benpturner 8800d89424 Updated to reflect HD's comments on indents and name of local script. 2015-08-16 10:47:20 +01:00
Brent Cook 0a4651a553
Land #5359, add PuTTY session enumeration module 2015-08-14 13:20:05 -05:00
Stuart Morgan ee7c418ca8 Rubocop and msftidy-ied :-) 2015-08-14 17:19:07 +01:00
Stuart Morgan 02a58d459b Merge remote-tracking branch 'upstream/master' into pageant_extension 2015-08-14 17:05:38 +01:00
Stuart Morgan e2b6c11a3e Update 2015-08-14 16:24:52 +01:00
jvazquez-r7 76f6312fab Fix #3916 Support 64 bits targets on enum_cred_store 2015-08-10 15:16:12 -05:00
Meatballs c197e5224d
Store loot 2015-08-01 20:52:25 +01:00
Meatballs deb6f5638e
Update WinSCP Gather
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
Brent Cook affc86bfd9
Land #5779, make cachedump / lsa_secrets work on 64-bit windows 2015-07-31 16:25:47 -05:00
Tod Beardsley a342a9db10
Another sticky keys ref, from @carnal0wnage 2015-07-29 12:32:38 -05:00
Tod Beardsley 8043e5a88e
Add a reference to the sticky keys exploit 2015-07-29 12:31:43 -05:00
Tod Beardsley ee66cadde2
Don't use bullet points in descriptions
They never render correctly in anything other than a text editor.

modules/post/windows/manage/sticky_keys.rb first landed in #5760,
Sticky Keys post module
2015-07-29 12:29:09 -05:00
William Vu ff9b975576
Land #5701, @g0tmi1k's filezilla_server refactor 2015-07-29 11:13:22 -05:00
jvazquez-r7 e966545e08
Fix mask 2015-07-29 09:13:37 -05:00
g0tmi1k 38e952ba07 Python -> Ruby 2015-07-29 10:55:28 +01:00
jvazquez-r7 ab7ffb1a08
Fich cachedump 2015-07-27 17:26:53 -05:00
jvazquez-r7 704c8cadd9
Fix lsa_secrets 2015-07-27 16:19:01 -05:00
William Vu 4dd2c31b44
Land #5760, Sticky Keys post module 2015-07-23 17:12:31 -05:00
William Vu 06ed7ba574 Add a comma 2015-07-23 17:12:17 -05:00
OJ ebdbb179ce Last of the style fixes 2015-07-24 08:09:25 +10:00
OJ db7fadfc36 Fix indentation 2015-07-24 08:08:01 +10:00
OJ 616e1ddd68 Change enum to action, a couple of tidies 2015-07-24 08:01:58 +10:00
Samuel Huckins a818dc4460
Land #5657, misc fixes to domain_hashdump 2015-07-23 16:58:46 -05:00
OJ e60f590f09 Add DisplaySwitch.exe support with WINDOWS+P
As per @mubix's request.
2015-07-24 07:20:31 +10:00
OJ 1dd765d6e6 Remove trailing spaces 2015-07-23 13:17:34 +10:00
OJ 0f2692f24f Fix up silly mistake with `fail_with` 2015-07-23 13:14:35 +10:00
OJ 691b13ebd8 Add the sticky_keys module 2015-07-23 12:53:47 +10:00
wchen-r7 425a9dc266 credit OJ 2015-07-17 13:47:17 -05:00
wchen-r7 663bcbe53b Avoid checking these system process names 2015-07-17 13:46:02 -05:00
OJ e1b1db9f88 Fix stupid typo 2015-07-16 23:03:49 +10:00