be5f648969
manage-bde.exe path test if in System32 or sysnative
2015-12-08 16:14:13 +01:00
f6417df9ba
Update enum_av_excluded to work properly under wow64
2015-12-04 17:13:43 -08:00
ad60a4118e
Put admin and client exclusions in different tables
2015-12-04 13:01:28 -08:00
c92365090f
Simpler
2015-12-04 12:38:25 -08:00
e7d2eb6ad9
Wire in support for showing process and file extension exclusions
2015-12-04 12:35:42 -08:00
78a303974f
Handle empty exclusions better
2015-12-04 12:19:17 -08:00
81ee01a93e
Simplify exclusion extraction and printing
2015-12-04 11:42:03 -08:00
1968a76863
Simplify AV enumeration code
2015-12-04 10:27:14 -08:00
28ee056c32
Make enumeration of each individual AV optional
2015-12-03 16:07:49 -08:00
c007fffbce
Style cleanup
2015-12-03 15:55:12 -08:00
59bd88ff70
msftidy
2015-11-27 16:45:52 -05:00
9c016343c7
Update to logic and reliability
...
Included support for Windows Defender
Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
55b3e10390
Land #6258 , smart_migrate enhancement
2015-11-24 11:30:29 -06:00
493e476a43
Land #6243 , check nil for sock.read
2015-11-23 11:15:51 -06:00
5592e4e4ea
seek_relative suppression (use seek instead)
2015-11-20 18:30:51 +01:00
dd027982ae
if recovery_key specified, only method that is tried
2015-11-20 18:30:50 +01:00
f49d6905a6
Fix comments by @jhart-r7
2015-11-20 18:30:50 +01:00
8f135c07aa
Remove hard coded C:\Windows and use %SYSTEMROOT%
2015-11-20 18:30:49 +01:00
7d9d74f609
msftidy...
2015-11-20 18:30:49 +01:00
c8847182d7
Add module to dump Bitlocker master key (FVEK)
2015-11-20 18:30:48 +01:00
f1675f9ae4
Minor enhancement to smart_migrate
...
Adding a check to see if the user is currently already migrated to the "explorer.exe" and "winlogon.exe" processes prior to attempting migration.
2015-11-19 13:30:12 +00:00
17a1f2ee8a
Fix #6242 , Check nil for sock.read
...
Fix #6242
2015-11-16 14:24:46 -06:00
a1ab8f1dc7
added Session info display to module output
...
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action
MS-706
2015-11-16 12:13:26 -06:00
43229c16e7
Correct some authors with unbalanced angle brackets
2015-11-06 13:24:58 -08:00
c44ecfeb15
Spacing
2015-11-06 10:55:29 -05:00
e4d8909815
Initial Commit
2015-11-05 20:43:30 -05:00
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
0784370b98
more typo and whitespace fixes
2015-10-20 13:09:17 -05:00
2f1406e1c8
fix typo
...
not sure how this got in there
2015-10-20 13:48:00 -04:00
d551f421f8
Land #5799 , refactor WinSCP module and library code to be more useful and flexible
2015-10-01 14:35:10 -05:00
f3451eef75
Land #5380 , pageantjacker, an SSH agent proxy
2015-09-26 10:52:44 -04:00
853d822992
Merge pull request #1 from bcook-r7/land-5380-pageantjacker
...
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
415fa3a244
Fix #5968 , some modules not handling Rex::Post::Meterpreter::RequestError exceptions
...
* Related to the usage of ADSI on unsupported OSes
2015-09-21 14:33:00 -05:00
cdd39f52b1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension
2015-09-21 14:34:56 +02:00
e8e4f66aaa
Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension
2015-09-21 14:34:38 +02:00
61e7e1d094
update pageantjacker to run as part of extapi
2015-09-20 20:25:00 -05:00
5f9f66cc1f
Fix nil bug in SSO gather module
2015-09-11 02:21:01 -05:00
b59bc30160
Fixed stupid bracket error
2015-08-28 16:13:22 +01:00
8bf815c4bb
rubocop
2015-08-28 15:39:02 +01:00
b8b68983b0
Merge remote-tracking branch 'upstream/master' into adsi_group_enum_improvements
2015-08-28 15:11:27 +01:00
f371a1c4fc
Added the ability to list AD groups by POST module
2015-08-28 15:10:48 +01:00
8682ec77c5
Added group filtering to the enum_ad_users module
2015-08-28 15:10:27 +01:00
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
5633c1431f
Land #5821 , add explicit 64-bit pointer support to enum_cred_store
2015-08-24 09:44:36 -05:00
e7433b81bd
Reuse architecture check
2015-08-17 10:28:10 -05:00
8800d89424
Updated to reflect HD's comments on indents and name of local script.
2015-08-16 10:47:20 +01:00
0a4651a553
Land #5359 , add PuTTY session enumeration module
2015-08-14 13:20:05 -05:00
ee7c418ca8
Rubocop and msftidy-ied :-)
2015-08-14 17:19:07 +01:00
02a58d459b
Merge remote-tracking branch 'upstream/master' into pageant_extension
2015-08-14 17:05:38 +01:00
e2b6c11a3e
Update
2015-08-14 16:24:52 +01:00
76f6312fab
Fix #3916 Support 64 bits targets on enum_cred_store
2015-08-10 15:16:12 -05:00
c197e5224d
Store loot
2015-08-01 20:52:25 +01:00
deb6f5638e
Update WinSCP Gather
...
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
affc86bfd9
Land #5779 , make cachedump / lsa_secrets work on 64-bit windows
2015-07-31 16:25:47 -05:00
a342a9db10
Another sticky keys ref, from @carnal0wnage
2015-07-29 12:32:38 -05:00
8043e5a88e
Add a reference to the sticky keys exploit
2015-07-29 12:31:43 -05:00
ee66cadde2
Don't use bullet points in descriptions
...
They never render correctly in anything other than a text editor.
modules/post/windows/manage/sticky_keys.rb first landed in #5760 ,
Sticky Keys post module
2015-07-29 12:29:09 -05:00
ff9b975576
Land #5701 , @g0tmi1k's filezilla_server refactor
2015-07-29 11:13:22 -05:00
e966545e08
Fix mask
2015-07-29 09:13:37 -05:00
38e952ba07
Python -> Ruby
2015-07-29 10:55:28 +01:00
ab7ffb1a08
Fich cachedump
2015-07-27 17:26:53 -05:00
704c8cadd9
Fix lsa_secrets
2015-07-27 16:19:01 -05:00
4dd2c31b44
Land #5760 , Sticky Keys post module
2015-07-23 17:12:31 -05:00
06ed7ba574
Add a comma
2015-07-23 17:12:17 -05:00
ebdbb179ce
Last of the style fixes
2015-07-24 08:09:25 +10:00
db7fadfc36
Fix indentation
2015-07-24 08:08:01 +10:00
616e1ddd68
Change enum to action, a couple of tidies
2015-07-24 08:01:58 +10:00
a818dc4460
Land #5657 , misc fixes to domain_hashdump
2015-07-23 16:58:46 -05:00
e60f590f09
Add DisplaySwitch.exe support with WINDOWS+P
...
As per @mubix's request.
2015-07-24 07:20:31 +10:00
1dd765d6e6
Remove trailing spaces
2015-07-23 13:17:34 +10:00
0f2692f24f
Fix up silly mistake with `fail_with`
2015-07-23 13:14:35 +10:00
691b13ebd8
Add the sticky_keys module
2015-07-23 12:53:47 +10:00
425a9dc266
credit OJ
2015-07-17 13:47:17 -05:00
663bcbe53b
Avoid checking these system process names
2015-07-17 13:46:02 -05:00
e1b1db9f88
Fix stupid typo
2015-07-16 23:03:49 +10:00
986463e489
Fix killav post module, handle errors, better output
2015-07-16 11:35:01 +10:00
2735c035b5
fixed issues as requested.
...
fixed.
2015-07-15 20:36:19 -04:00
579fb5fb1f
Fixed
...
Fixed
2015-07-15 20:09:42 -04:00
c762e9e8d6
Fixed as requested.
...
I added the possibility to read from file, instead of modifying the module each time.
2015-07-15 20:02:18 -04:00
7520bc9a8a
Exported Killav into a post-exploitation module
...
I was unsure if this was the place to send the update.
2015-07-15 14:04:37 -04:00
14d0d456f4
Fix FileZilla perm loot bug
2015-07-11 19:11:59 +01:00
c92d0d9df6
Fix FileZilla Server
2015-07-11 18:14:55 +01:00
632bcda345
Land #5652 , improve LAPS filter to reduce empty results
2015-07-03 15:02:39 -04:00
e843db78dc
put rhost option back
...
it is needed for the wmic query that
creates the shadowcopy
MSP-12867
2015-07-02 14:46:40 -05:00
7b2b526ea1
deregister unwated options
...
deregister mixin options that we don't need
for this module
2015-07-02 14:33:21 -05:00
8892cbdd10
Fix some minor things
2015-07-02 14:32:16 -05:00
cc51d1e8fd
use registry data for VSS grab
...
use the location data we got from the registry for copying
the NTDS.dit file correctly with the VSS method
2015-07-02 14:27:51 -05:00
89d283da09
check registry for ntds location
...
check the registry for the location of the ntds.dit
file
MSP-12867
2015-07-02 14:07:47 -05:00
95f19e6f1f
Minor description edits for clarity
...
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF
Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590 , @Meatballs1 adds MS LAPS Enum post mod
Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
42daf4d38b
fix up ordering of pre-checks
...
i hate early returns, but we need to bail out early
if some of these checks fail
MSP-12867
2015-07-02 11:52:02 -05:00
8a3873d730
Tweak filter to reduce empty results
2015-07-02 09:53:08 +01:00
a37ac1b089
Land #5590 , @Meatballs1 adds MS LAPS Enum post mod
2015-07-01 21:19:15 -04:00
656e6f5c73
Fix windows enum modules
2015-06-29 11:56:38 -05:00
093f339f6b
Land #5268 , @Meatballs1's post windows module to retrieve Bitlocker Recovery Keys from AD
2015-06-26 17:07:36 -05:00
600a296291
Do minor cleanup
2015-06-26 16:51:00 -05:00
9c4a96761e
Small tidyup
2015-06-23 23:10:29 +01:00
4392b7c1de
Enum LAPS
2015-06-23 23:02:22 +01:00
221980820a
Committed wrong file
...
This reverts commit 76c2198ef0
2015-06-23 23:01:59 +01:00
76c2198ef0
LAPS enum
2015-06-23 22:56:53 +01:00
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
2587595a92
Land #5556 , vprint_status fix
2015-06-19 11:24:54 -05:00
b349549754
Land #5464 , @wchen-r7 Updates razer_synapse to use the new cred API
2015-06-19 09:42:44 -05:00
6d2b7e05ef
Use downcase
2015-06-19 09:35:20 -05:00
80f6e902b6
Land #5463 , @wchen-r7 updates smartermail to use the new cred API
2015-06-19 09:29:34 -05:00
0d7ef6f04e
Pass username as symbol
2015-06-19 09:29:00 -05:00
fc35a53ac5
Pass options correctly
2015-06-19 00:14:58 -05:00
fc1417809e
Support hash format
2015-06-19 00:09:08 -05:00
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
f5b9be7814
Land #5468 , @wchen-r7's updates razorsql to use the new creds api
...
* Also fixes #5469
2015-06-16 17:51:18 -05:00
eb39eaac1d
Add support to decryption v2
2015-06-15 23:28:10 -05:00
6dcc9b7dab
More inconsistencies
2015-06-12 21:59:15 +01:00
a53ca53a6a
Fix inconstancy - multi/handler
2015-06-12 21:23:51 +01:00
89d03a1472
Symbol to String
2015-06-12 15:02:36 -05:00
20170bd630
Report as hash
2015-06-12 13:55:32 -05:00
bb56f6043e
explicitly use windows\temp
...
instead of using the user temp directory
trying to get around some intermittant permissions
issues
MSP-12358
2015-06-08 13:17:18 -05:00
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
a39539f8ef
Land #5457 , @wchen-r7 updates spark_im to use the new cred API
2015-06-07 20:45:42 -05:00
25aa96cfc1
Land #5456 , removes obsolete comment
2015-06-07 14:25:23 -05:00
dca2607d54
Land #5452 , @wchen-r7 Update tortoisesvn to use the new cred API
2015-06-06 01:35:40 -05:00
bf35b9bdf4
Minor fix
2015-06-06 01:35:09 -05:00
d4f418fe3f
Style corrections
...
See #5480
2015-06-04 15:52:07 -05:00
656f64d9bd
Update razorsql to use the new cred API
2015-06-03 13:49:06 -05:00
b038760be7
Update razer_synapse to use the new cred API
2015-06-03 01:44:20 -05:00
ef0d6490da
Update smartermail to use the new cred API
2015-06-03 00:48:52 -05:00
c64f025c4e
Add module_fullname: fullname
2015-06-02 12:35:06 -05:00
63708f2bba
Add module_fullname: fullname
2015-06-02 12:27:35 -05:00
28556ea6e2
Update spark_im to use the new cred API
2015-06-02 12:16:07 -05:00
aac2db826f
Remove comment about report_auth_info
...
This module isn't using report_auth_info, so this comment is no
longer needed.
2015-06-02 10:24:55 -05:00
1ae9265fb9
Update tortoisesvn to use the new cred API
2015-06-02 00:52:43 -05:00
c3e15059a7
Update total_commander to use the new cred API
2015-06-01 21:17:58 -05:00
f575fb8df9
Merge branch 'feature-merge_psh_updates_201505'
...
Conflicts:
lib/msf/core/post/windows/powershell.rb
Rename upload_script_via_psh to stage_psh_env within post PSH lib.
Perform the same rename within load_script post module.
2015-05-29 03:42:25 -04:00
e06f47b2bd
Updates load_script to have support for folders and to include the stager process in the mixin module for other post mods
2015-05-25 15:48:27 +01:00
23b69a0c22
license update
2015-05-21 00:32:31 -04:00
6d9f6c9715
retab exec_powershell.rb
2015-05-20 19:08:50 -04:00
27e12754fe
Import Powershell libraries and sample post module
...
Sync critical functionality from Rex and Msf namespaces dealing
with encoding and processing of powershell script for exploit
or post namespaces.
Import Post module. Primarily adds a psh_exec method which will be
replaced in the next PR with @benpturner's work integrated into
the Post module namespace.
Provide a sample metasploit windows post module to show the
execution pipeline - entire subs process can be removed and the
module reduced to a psh_exec(datastore['SCRIPT']).
This commit is designed to provide sync between the SVIT fork and
upstream. Pending commits to be based on this work will provide
access to .NET compiler in the Post namespace to be used for
dynamic persistent payload creation on target and the import of
@benpturner's work.
2015-05-20 18:18:51 -04:00
cdea522c3e
Use the Rex::Powershell::Command function to encode the stream
2015-05-20 10:34:54 +01:00
6e682e2da3
Sometimes the SSH tools seem to do something strange with sockets, so just cope with tihs
2015-05-19 17:59:34 +01:00
514e382d3b
Remove require
2015-05-19 16:20:32 +01:00
4a808af40a
Typo
2015-05-19 16:17:11 +01:00
1a6404dc08
Typo
2015-05-19 16:09:30 +01:00
93d6903272
New verbose
2015-05-19 16:08:43 +01:00
07986a1ed2
Updated author
2015-05-19 16:06:44 +01:00
8916ccf9e5
new numbers
2015-05-19 16:00:49 +01:00
763d960d2b
new
2015-05-19 15:55:00 +01:00
b513304756
new changes
2015-05-19 15:47:30 +01:00
6a7943a662
Added check for UNIX sockets support
2015-05-19 15:13:15 +01:00
3d466b7e6b
Credit where credit is due, Ben has given a huge amount of support and guidance
2015-05-19 14:51:08 +01:00
fac09a6bcf
Added a clarification comment
2015-05-19 14:46:44 +01:00
2eae9e2614
Rubocop
2015-05-19 14:44:32 +01:00
b2aef62a40
MSFTidy
2015-05-19 14:42:30 +01:00
f8fce7b7f6
Further tidying up of code, adding descriptions etc
2015-05-19 14:29:56 +01:00
811c45ab90
new
2015-05-19 14:06:41 +01:00
ea4d3415ec
Continued to tidy up code, added verbose mode to assist in debugging
2015-05-19 12:21:00 +01:00
d704e95890
Tidying up
2015-05-19 11:34:25 +01:00
0c0758bf03
Added socketpath
2015-05-19 10:56:04 +01:00
e152ceb05d
Tidied up code, added MWR labs logo
2015-05-19 10:33:32 +01:00
a4fc8aefd5
Working, tested & cleans up after itself
2015-05-19 10:21:08 +01:00
b749d44c6a
Tidied up working version, logic has now moved to a POST module
2015-05-19 10:00:50 +01:00
a37714379d
Working version
2015-05-19 09:55:38 +01:00
3d4490cafd
Trying to do this as a POST module instead of through command dispatcher
2015-05-19 09:49:27 +01:00
79db696c15
fix EOL character
2015-05-18 15:46:55 -05:00
e1eed6e9d9
single quotes and slashes..
2015-05-18 16:33:57 +02:00
8b8ed04a73
Rubocop
2015-05-18 11:56:12 +01:00
cf05e69536
Removed database storage for now (need to convert keys to OpenSSH format and resolve IP addresses first)
2015-05-18 11:51:27 +01:00
7f16b7164f
Added database writing code
2015-05-18 11:43:08 +01:00
77cf2ec60e
Added basic private key detection and parsing
2015-05-18 11:20:53 +01:00
7d65095472
fix quotes
2015-05-18 12:20:42 +02:00
30f7c651c9
use REGISTRY_VIEW_32_BIT
2015-05-18 10:19:32 +02:00
f1955cb15d
Rubocopped the file
2015-05-17 16:09:19 +01:00
5e4566712a
Added more detailed description
2015-05-17 16:00:44 +01:00
a4f67bce6f
Tidied up code
2015-05-17 15:48:05 +01:00
b12db7b633
Retrieves saved session lists etc to loot and exports information in CSV format
2015-05-17 14:59:26 +01:00
1177f42263
Renamed module to remain consistent with other enum modules
2015-05-17 14:38:25 +01:00
18a9dfd6da
Added PAGEANT_REGISTRY_KEY variable to enhance readability
2015-05-17 14:37:59 +01:00
4a416bba3c
Fixed notes using :unique_data
2015-05-17 13:24:38 +01:00
8aa27eee94
report_note only appears to allow one note per host/type combo...
2015-05-17 13:06:17 +01:00
53311fda2e
Fixed logic & added notes storage
2015-05-17 13:02:58 +01:00
5d273d53b4
Fixed module logic so that the key fingerprints now get displayed properly:
2015-05-15 22:02:12 +01:00
fd1a24d6f9
some more minor cleanup noise
...
apparently we standardized on using get_env
instead of expand_path in these cases. Not sure
on the effective difference here but no big deal
MSP-12358
2015-05-15 13:33:48 -05:00
4a88790c8c
Added SSH host keys
2015-05-15 17:57:15 +01:00
631dfc0a0e
increase timeout on ntdsutil
...
default timeout is 15 seconds. we'll give it 90
seconds for now. This may still be too short for
really really large domains, but too long of a timeout
can create other issues
MSP-12358
2015-05-15 11:19:35 -05:00
a3d91dff0b
clean up ntds.dit file when done
...
delete the ntds.dit file we copied when
we are done
MSP-12358
2015-05-15 11:13:19 -05:00
ac04b8d1e7
a little bit of cleanup
...
constantise some of the magic numbers in
the NTDS Account class
MSP-12358
2015-05-15 10:47:31 -05:00
14035a46b1
Fixed description
2015-05-15 16:28:51 +01:00
f65207ac40
Initial version, working
...
Needs tidying up.
Current version:
* Searches for PuTTY registry keys
* Downloades the Hostname, port, private key filename, username to log in as and any port forwarding instructions
* If the private keys are accessible on the box, download them to loot
To do:
* Detect whether pageant is running or not and report back
* Tidy up code (used another plugin as a template)
2015-05-15 16:23:39 +01:00
2721be946a
also check Wow6432Node keys
2015-05-15 14:28:12 +02:00
724b7c6f16
save the ntlm hases as creds
...
the last step is now complete. the current and historical
hashes are all saved to the database for cracking and/or
replay
MSP-12358
2015-05-14 13:52:11 -05:00
452fc6b149
Merge branch 'feature/MSP-12357/meterp-ntds' into feature/MSP-12358/ntds-dump-module
2015-05-14 10:31:28 -05:00
0e666d5732
gaurd against arch mismatch
...
this will not work from an x86 proc
on an x64 machine, so guard against that.
MSP-12358
2015-05-13 15:28:11 -05:00
9308da7956
2003 code path working
...
using VSS directly on server 2003 and repairing
the database with esentutl is now working
MSP-12358
2015-05-13 12:25:44 -05:00
21004046c1
begin parsing of the database
...
clean up and begin aprsing the database
after we have copied it
MSP-12358
2015-05-11 14:48:12 -05:00
028f9dd43b
Tidy and rubocop
2015-05-09 10:48:07 +01:00
e9dc93f345
Use cmd_exec
2015-05-09 10:44:02 +01:00
8c3a97667a
use get_env instead of client.sys.config.getenv
2015-05-08 15:25:20 -04:00
b2ce2ddb05
determine the domain using env vars instead of parsing net.exe output
2015-05-08 14:17:49 -04:00
3c9c578a3d
ntdsutil method in place
...
ntdsutil method built out to make a copy
of ntds.dit on later version of Winbdows Server
MSP-12358
2015-05-04 15:35:36 -05:00
e0c64038a7
start new ddomain hashdump post module
...
module checks for all preconditions so far
including that Domain Services are running,
that we are Admin, that we have bypassed uac
and that it is a supported version of windows.
MSP-12358
2015-05-04 15:07:27 -05:00
eb8fdcc2f2
Typo
2015-04-29 10:45:49 +01:00
4072cbd4d3
Bitlocker -> BitLocker
2015-04-29 10:02:21 +01:00
7e5b03c44e
Tidyup and update for new ADSI format
2015-04-29 09:48:44 +01:00
0d81ad4db4
Remove max search
2015-04-29 09:40:53 +01:00
96a9313e7e
Initial commit
2015-04-29 09:40:53 +01:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
a3b0f2e424
Land #5175 , Update mcafee_vse_hashdump description
2015-04-20 21:49:24 -05:00
e3ce4eb88e
Update mcafee_vse_hashdump.rb
2015-04-17 09:47:02 -04:00
3422501d91
Land #5174 , deprecated module cleanup
2015-04-16 17:43:28 -05:00
2b9fd93729
remove deprecated modules
2015-04-16 22:49:22 +02:00
cb2e8f4949
Update mcafee_vse_hashdump description
...
The description of this module has been added upon to include cracking details.
2015-04-16 16:09:43 -04:00
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
ba6548db75
be consistent about naming
2015-04-16 21:44:56 +02:00
7aceb9218e
Use bitwise OR to select both primary and backup DCs
...
SV_TYPE_DOMAIN_CTRL || SV_TYPE_DOMAIN_BAKCTRL returns
SV_TYPE_DOMAIN_CTRL rather than ORing the bits together.
2015-04-05 11:05:42 +01:00
6d5bcb93a8
Normalize the SecurityXploded Team credits
...
[See #5012 ]
2015-04-02 15:15:37 -05:00
63da27ece0
add missing HKLM root to regkey
...
the chevkm windows psot module had HKLM
missing from the front of one of it's reg key
paths. This was missed in Rails 3 due to the
error being swallowed unexpectedly. in rails 4
we actually see this cause a stack trace
MSP-12384
2015-03-31 14:17:18 -05:00
d1318d1b48
Fixups for release
2015-03-31 11:02:12 -05:00
c430e5fab1
@m7x forgot to put a reference in
2015-03-29 02:13:31 +01:00
2ed9489f38
Delete load line
2015-03-28 20:31:35 +00:00
99f79e8533
Use incognito token stealing rather than process migration if we have
...
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
f83f4ae764
Move hashdump to gather
2015-03-28 20:31:35 +00:00
e2af15a0df
Refactor MSSQL Post
2015-03-28 20:31:35 +00:00
1558190a9d
Add module mssql_local_hashdump
2015-03-28 20:31:35 +00:00
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
2a525958bd
fixed typo
...
Does no one tested this script on x64 yet ?
2015-03-16 20:15:26 +01:00
4d3a1a2f71
fix all duplicated keys in modules
2015-03-14 13:10:42 +01:00
1d03b9a166
Maj debug output
2015-02-26 21:06:20 +01:00
a0ba078801
add debug output
2015-02-24 14:15:30 +01:00
be5a0ee9c2
Land #4777 , @todb-r7's release fixes
2015-02-17 13:45:00 -06:00
053de8e62c
Fix whitespace in author name
...
[See #4777 ]
2015-02-17 12:57:36 -06:00
214146beaa
Correct author attribution
2015-02-17 10:52:55 -06:00
ecefad946e
Spellingz
2015-02-17 14:39:34 +00:00
6559b43f1e
EOL Spaces argh
2015-02-16 15:46:45 +00:00
12f2828829
Allow additional fields
2015-02-16 15:24:28 +00:00
b77aed1c56
UPN is optional, should use sAMAccountName
2015-02-16 15:08:09 +00:00
3a894a29de
Dont use magic values and use the userPrincipalName as the
...
username
2015-02-16 15:02:01 +00:00
e42bbcbcbb
Enum_ad modules should retrive userPrincipalName as it may differ
...
to the sAMAccountName value.
2015-02-16 14:03:15 +00:00
d7fa06de06
Fix off-by-one whitespace
2015-02-12 13:12:13 -06:00
d89eda65fa
Moar fixes, thanks @wvu-r7
...
See #4755
2015-02-12 12:46:38 -06:00
e78d08e20d
Fix up titles, descriptions
2015-02-12 12:11:40 -06:00
02fe57e2a1
Bump out to April, 60ish days
2015-02-11 12:56:37 -06:00
fd11afff1a
Deprecate manage/pxexploit
...
modules/post/windows/manage/pxeexploit.rb
2015-02-11 12:39:10 -06:00
6294cbf4de
Fix manage/pxexploit datastore
2015-02-11 12:19:59 -06:00
133ae4cd04
Land #4679 , Windows Post Gather File from raw NTFS.
2015-02-08 18:50:50 +00:00
69e53a46cb
Final tidyups, description etc
2015-02-08 18:49:17 +00:00
9518090b8b
Ignore some error conditions
2015-02-08 18:46:48 +00:00
cc4fc1aefa
use GetFileAttributesW and CreateFileW
2015-02-08 17:36:49 +01:00
a5b2e99136
Correct punctuation on outlook, too.
2015-02-07 22:26:14 -06:00
1390c81420
Fix fail_with text
...
Fix fail_with text, when the target system is locked.
2015-02-07 21:20:24 +01:00
358ab2590e
Small tidyup
2015-02-07 11:35:47 +00:00
970c5d115a
spellcheck
2015-02-05 22:08:39 +01:00
5b2eb986c9
Land #4678 Add post module to phish credentials
2015-02-04 23:43:02 -06:00
9e030143e7
Fix slow search due to method name conflict
...
Changed "search_filter" in enum_ad_users module to "query_filter" to
avoid conflicting with "search_filter" in command_dispatcher/core.rb.
2015-02-02 16:36:20 -06:00
904a99965d
Sleep 1 added
...
Sleep 1 added to reduce network usage
2015-02-01 11:55:01 +01:00
03fcfc496a
add a test to check if the file exist
2015-01-31 06:00:02 +01:00
2cf9a17f25
variable name clarification (file, file_path, path)
2015-01-31 05:07:07 +01:00
5d4a8e2f90
using store_loot
2015-01-31 05:01:28 +01:00
d6fb445522
add begin...ensure block so that the CloseHandle call occurs
2015-01-31 04:46:02 +01:00
1205c0045f
using r['ErrorMessage']
2015-01-31 04:37:16 +01:00
f7d2e2a27a
twitter in comment
2015-01-31 04:36:07 +01:00
c831de35a2
Land #4392 , @Meatballs1's post module to enumerate AD users
2015-01-30 17:21:10 -06:00
25ac9c1ed9
Add post module to phish windows user credentials
2015-01-30 19:50:04 +01:00
68b735dbda
Add a NTFS parser and a post module to dump files
...
This commit add a draft of an NTFS Parser and a post module
to gather file using the raw NTFS device (\\.\C:)
bypassing restriction like already open file with lock
Can be used to retreive file like NTDS.DIT without volume shadow copy
2015-01-30 19:16:44 +01:00
39004d265b
Increase default buffer sizes to reduce railgun calls
2015-01-30 11:20:03 +00:00
d4707b8e07
Spellingz
2015-01-30 11:20:03 +00:00
9670608380
Reformat, remove unnecessary guard statement
2015-01-30 11:20:02 +00:00
0e976041b7
Small description fix
2015-01-30 11:20:02 +00:00
14f6ef13f4
Remove hardcoded domain
2015-01-30 11:20:02 +00:00
79a3a48348
Correct description
2015-01-30 11:20:02 +00:00
e492f56ac0
Error if no database
2015-01-30 11:20:02 +00:00
e6dbc15f40
Line length modification
2015-01-30 11:20:02 +00:00
044e3bd608
Golden Ticketz Post module
2015-01-30 11:20:02 +00:00
81fa509b50
Only clean up handles if process started
2015-01-27 21:11:12 +00:00
3d0dc1a19d
Rubocop
2015-01-27 16:34:52 +00:00
215a590940
Refactor and fixes for post module
2015-01-27 16:14:59 +00:00
d7375e84ea
Move modules/post/windows/escalate/net_runtime_modify.rb
...
This module was scheduled to be removed on 01/08/2015.
Please use exploit/windows/local/service_permissions instead.
2015-01-26 00:29:43 -06:00
e7c21f3205
Land #4503 , @m7x's post module for extracting McAfee VSE hashes
2015-01-21 20:44:41 -08:00
9cc58a8d69
Lastly, rename the file so that it is specific to McAfee VSE
2015-01-21 20:44:34 -08:00
683a541064
Tighten up prints to make it specific to VSE, not McAfee in general
2015-01-21 20:33:54 -08:00
52be3d80b7
Minor ruby style cleanup
2015-01-21 20:27:38 -08:00
ceed293969
Remove unnecessary requires
2015-01-21 20:23:03 -08:00
f73052710d
Correct recent msftidy change in outlook gather
2015-01-21 13:27:48 -08:00
46a0ec8a68
Make timeout for Powershell scripts configurable
2015-01-21 13:24:43 -08:00
bd0a20a717
Update outlook.rb execute_script time_out
...
I have been using the script in real life cases which have bigger e-mailboxes then in the testing environment. Because of execute_script default time_out no results return, as the powershell scripts run longer then 15 seconds. Changed the timeout to 120.
2015-01-20 11:16:37 +01:00
3a5d6b4717
Store password hash as loot
2015-01-17 14:17:41 +00:00
375a7e1fe9
Typo. Filtering.
2015-01-16 16:30:52 -06:00
8889f95920
Correct McAfee credential storage, prepare for store_loot
2015-01-16 12:10:01 -08:00
f4f4787efe
Move run method
2015-01-14 23:54:02 +00:00
f42bda1a51
refactor parsing the results
...
moved the result parsing into its own method
cleaned up run method a bit more, added YARD docs
to the new methods
2015-01-14 14:15:57 -06:00
c687ecca2e
refactor filter building
...
move the filter_string into a seperate method
and use shovel oeprator to keep it a little cleaner
2015-01-14 14:04:28 -06:00
9b344a9605
move query fields to a constant
...
these fields should never change, so put the array
in a constant and freeze it to prevent accidental tampering
2015-01-14 13:20:00 -06:00
82939595f8
Merge branch 'master' into feature/metaballs1/enum_ad_users
2015-01-14 13:06:18 -06:00
52b929c5ca
Fix https://github.com/m7x/metasploit-framework/pull/1#issuecomment-69454590
2015-01-10 14:15:53 +00:00
5c12f9da75
More cleanup
...
Handle multiple versions
Better print_
Actually extract
2015-01-09 18:01:17 -08:00
35fd17c4f1
Cleanup style
2015-01-09 11:00:25 -08:00
e447a17795
bump deprecated date
2015-01-08 16:20:06 -06:00
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
89699d1549
Typo workspace_id
2015-01-07 10:58:59 +00:00
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
c348663204
Add McAfee Hashdump
2015-01-02 10:22:11 +00:00
264d3f9faa
Minor grammar fixes on modules
2014-12-31 11:45:14 -06:00
30228bcfe7
Added underscore to user regex in smart_hashdump.rb to support usernames that contain underscores. Issue #4349 .
2014-12-23 22:36:11 -06:00
01cf14d44e
Fix banner
2014-12-23 01:02:09 -06:00
4928cd36e4
Land #4187 , @BorjaMerino's post module to get output rules
2014-12-23 01:01:03 -06:00
49fef9e514
Do minor module clean up
2014-12-23 01:00:21 -06:00
6a822cca61
Move code out of begin/rescue block
2014-12-17 06:45:00 +00:00
dd63d793e5
Bring in @darkoperator's filters
2014-12-17 06:14:21 +00:00
8c7ff728ef
Gather some more info
2014-12-17 05:46:01 +00:00
4c714b3eaf
Land #4386 - Fix issue #3852 (support for other languages for enable_rdp)
2014-12-15 11:37:05 -06:00
6480ae2c03
Show message at the end
2014-12-15 16:26:39 +01:00
288954afa0
recvfrom allocation changed
2014-12-14 18:58:48 +01:00
00b802cc68
Reindent description
2014-12-14 10:04:18 +00:00
6ecf537f40
Grab user creds to database
2014-12-13 20:30:20 +00:00
e914061745
Gsub out funny character when storing to database
2014-12-13 18:35:31 +00:00
316710329b
Fix field.value
2014-12-13 18:31:29 +00:00
d3d744a7cb
Make sure we get the field :value
2014-12-13 18:13:36 +00:00
5eb510f7bc
Use the correct variable for the filename
2014-12-12 17:40:26 -06:00
27323bcaa5
Fix #3852 , make enable_rdp with other languages
2014-12-12 17:30:14 -06:00
3b6e92726c
Update outlook rb, "NL" to "nl_NL"
...
Update outlook rb, "NL" to "nl_NL"
2014-12-12 20:09:34 +01:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
e5e40307e6
Land #4373
2014-12-11 18:45:53 -08:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
af9979d30b
Ruby style on methods please
...
Introduced in #4220 . This ain't no JavaScript!
2014-12-11 15:24:30 -06:00
909971e0bf
Margins on description, PowerShell not Powershell
2014-12-08 10:57:49 -06:00
80dc781625
Email over E-mail
...
While I believe "e-mail" is the actually correct spelling, we tend to
say "email" everywhere else. See:
````
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri "print.*email"
modules/ | wc -l
19
[ruby-2.1.5@metasploit-framework](fixup-grammar)
todb@mazikeen:~/git/rapid7/metasploit-framework$ grep -ri
"print.*e-mail" modules/ | wc -l
1
````
2014-12-08 10:55:26 -06:00
738fc78883
Land #4220 , outlook gather post module
2014-12-07 22:41:28 +01:00
cc63d435c7
another whitespace
2014-12-06 09:32:22 +01:00
f0a47f98bc
final formatting
2014-12-06 00:38:05 +01:00
f1f743804e
more formatting
2014-12-06 00:31:38 +01:00
9187a409ec
outlook post module fixes
2014-12-06 00:28:44 +01:00
7c62fa5c95
Add Windows post module for reading/searching Outlook e-mail #8
2014-12-04 14:28:40 +01:00
3cadcb942a
Add Windows post module for reading/searching Outlook e-mail #7
2014-12-03 18:30:22 +01:00
611e8c72eb
Add Windows post module for reading/searching Outlook e-mail #6
2014-12-02 14:05:08 +01:00
84bb5b5215
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:38 +01:00
16b64ff42a
Rex::Socket.to_sockaddr changed
2014-11-26 17:51:05 +01:00
16a9450d43
session.tunnel_peer changed by session.session_host. Other minor changes
2014-11-26 12:08:54 +01:00
5615d65aee
Do minor cleanup
2014-11-25 17:35:07 -06:00
5294594379
dd Windows post module for reading/searching Outlook e-mail #5 Add DE
2014-11-25 14:36:14 +01:00
71669b9f9e
Change module filename
2014-11-24 20:34:12 -06:00
5c4b1b0283
Output some information
2014-11-24 20:31:26 -06:00
6e9cd331b3
Modify description
2014-11-24 20:28:38 -06:00
261da9306e
Use store_loot
2014-11-24 20:22:21 -06:00
cf52dd895f
Refactor search
2014-11-24 20:20:37 -06:00
2fa5223d3b
move check out of the begin block
2014-11-24 19:28:53 -06:00
90bdc770b5
Use literal creation notation
2014-11-24 19:27:50 -06:00
2c4caeed29
Clean metadata
2014-11-24 19:26:12 -06:00
443dd7b6c0
Use constants
2014-11-24 19:04:02 -06:00
250250beb0
Fix indentation
2014-11-24 18:58:07 -06:00
88ccffacb4
Update from upstream master
2014-11-24 18:32:35 -06:00
53b69583f4
Add Windows post module for reading/searching Outlook e-mail #4
2014-11-21 20:00:30 +01:00
435c6eef81
Add Windows post module for reading/searching Outlook e-mail #3
2014-11-18 16:27:33 +01:00
BAZIN-HSC
Jon Hart
Andrew Smith
Louis Sato
sammbertram
wchen-r7
David Maloney
Brent Cook
Rob Fuller
Stuart
jvazquez-r7
Stuart Morgan
William Vu
HD Moore
benpturner
Meatballs
Tod Beardsley
g0tmi1k
OJ
Samuel Huckins
Marc-Andre Meloche
Spencer McIntyre
root
RageLtMan
Donny Maasland (Fox-IT)
rwhitcroft
rwhitcroft
karllll
Christian Mehlmauer
Jon Cave
root
Felix Wehnert
Sven Vetsch
Bazin Danil
wez3
scriptjunkie
m7x
Mark Judice
root
peregrino