944761a1dc
[FixRM:#8126] - Use functions from Msf::Post::File
...
Some functions already exist in Msf::Post::File, should use them.
2013-07-03 11:30:05 -05:00
864f4e9d37
post/local_admin_search_enum~Regex fails,module 2
...
If the regex fails then the entire moudle would too
2013-07-03 00:43:08 +01:00
6815eef8f4
Fix multiple issues with memory_grep
...
This fixes the following:
[FixRM:#8118] - Allows the module to be able to enumerate from
multiple processes with the same name.
[FixRM:#8120] - Allows the module to be able to actually read data
from the heap.
2013-07-01 18:57:00 -05:00
43c4f07e06
Use "unless"
...
Guidelines favor "unless".
2013-06-30 18:32:15 -05:00
82eed1582f
No need for the 2nd element
2013-06-28 17:05:43 -05:00
a7ee95381b
Updates module description, and uses the proper func for hex dump
...
As an user, it's important to know that using this module may result
a lost session because it must migrate to grep memory, but does not
migrate back.
The module also has its own hex dump routine, which is no longer
needed because we have a built-in Rex::Text.to_hex_dump
2013-06-28 16:28:00 -05:00
ecfe083b0e
Correct module naming style
...
I was just looking at these modules on the web gui, and these names
need to be fixed to maintain style consistency.
2013-06-25 00:26:53 -05:00
ef56e48274
Fix datastore name
2013-06-20 22:22:00 +01:00
6c62463f83
Add ipv6 resolution and remove nix
2013-06-20 22:17:31 +01:00
a9df55c27a
Add Windows 2012 to regex matching
2013-06-09 20:46:44 -04:00
8e83f0ee30
Add Windows 8 and 2012 to regex matching
2013-06-09 20:41:46 -04:00
f4498c3916
Remove $Id tags
...
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
55fc1458de
Simplify and clean up some
...
I'd really love to make this work on Linux as well, since it's really
just a file grabber/parser. Unfortunately, the Post API for enumerating
users and homedirs isn't great for cross-platform stuff like this.
A few small changes, all verified on Windows 7:
* Reuse the key storing code instead of copy-paste with minor changes
* Use binary mode when opening the stored prefs
* Don't bother checking for incognito since we're using `steal_token`
anyway
* Check for existence of directories instead of guessing based on OS
match
2013-05-10 16:58:35 -05:00
84ff72eb92
use file_exist? instead of fs.file.stat
2013-05-10 11:17:42 -04:00
25f7af43b4
use gsub instead of split/join
2013-05-10 11:12:56 -04:00
2f543d3080
extension and pref parsing
2013-05-09 13:23:28 -04:00
567d2bb14b
Land #1687 , @bmerinofe's forensic file recovery post module
2013-05-01 08:13:08 -05:00
a201391ee6
Clean recovery_files
2013-04-30 13:18:32 -05:00
e2bf4882f0
Add domain join parse
2013-04-26 00:20:10 +01:00
235887ccb5
Finished
2013-04-25 23:25:05 +01:00
0115833724
SyntaxError fixes
2013-04-21 20:22:41 +00:00
830715dc07
Applying changes
2013-04-16 00:28:39 +02:00
4b4f77eb0f
Finalize
2013-04-14 10:32:56 +01:00
ba86e14d43
Whitespace and caps fixes
2013-04-09 08:57:53 -05:00
f369584bbd
Timeout added
2013-04-08 23:32:07 +02:00
3660ad8c0a
Initial attempt
2013-04-07 23:03:43 +01:00
ad46b46684
Landing #1463 , Meatballs' cdecl fixes
2013-04-04 22:58:59 -05:00
d08640726b
added post module forensics recovery files
2013-03-30 01:59:41 +01:00
353f02cdcc
move word_unc_injector to gather dir
2013-03-27 16:23:19 +01:00
096ec9a5d7
Fix to print out correct/full username
2013-03-22 10:22:24 -04:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
3334257aa4
Merge branch 'bug/fix_screenspy' of github.com:kernelsmith/metasploit-framework into kernelsmith-bug/fix_screenspy
2013-02-26 13:54:47 -06:00
8a91f0d7ec
rescue ENOENT as well
2013-02-14 14:04:45 -06:00
a6fea39583
Change to wldap to allow cdecl
2013-02-08 21:01:22 +00:00
4d7daacfb4
I wanna know where it's stored
2013-01-31 11:55:11 -06:00
13da4181c5
Merge branch 'feature/rm7605-version-for-MSCACHE-v1-and-v2' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7605-version-for-MSCACHE-v1-and-v2
2013-01-31 11:51:55 -06:00
174ab31010
Moving reused methods to Accounts mixin
2013-01-31 12:59:55 +01:00
345c5f32cc
keep it from migrating more than once into explorer.exe
...
thanks for noticing egypt
we should add a migrate_explorer to the post api
2013-01-30 15:40:02 -06:00
1e1cbd7445
Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun
2013-01-30 21:01:31 +01:00
e1c037e523
Better error handling
2013-01-30 12:06:57 -06:00
f649cd53ad
removed commented out code (again)
...
thanks egypt
2013-01-30 11:31:10 -06:00
32a5a009d6
change loot type to image/jpg
...
thanks egypt
2013-01-30 11:28:47 -06:00
6659459de5
del Version ref and change platform windows -> win
...
per sinner's comments, thanks sinner.
2013-01-30 10:56:49 -06:00
80a0f0694d
add 'auto' & 'none' VIEW_CMD, fixed looting, ch defaults
2013-01-30 00:49:48 -06:00
da5436e565
Made changes as described in Redmine issue 7605
2013-01-28 23:29:50 -05:00
933f807745
Msftidy cleanup + handling return values better
2013-01-22 23:53:00 -06:00
dab2952d60
Merge branch 'picasa' of github.com:charles-n2netsec/metasploit-framework into charles-n2netsec-picasa
2013-01-22 22:54:45 -06:00
9671df4488
Picasa 2 credentials are now also saved as loot
...
This module used to save only Picasa 3 credentials as loot. Picasa
2 creds were displayed, but not saved. I've updated the module to
save Picasa 2 credentials, and I also updated the output code to
use print_good instead of print_status.
2013-01-22 15:46:47 -05:00
08062597b9
fix data added to table
2013-01-22 12:07:16 +01:00
dce4e7fc08
Merge branch 'filezilla_server_bugs' of https://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-filezilla_server_bugs
2013-01-22 12:06:44 +01:00
dcaf2abc53
Better feedback for x86
2013-01-20 00:22:30 +00:00
567185ec65
Better cleanup and address comments
2013-01-20 00:19:17 +00:00
771baa3181
Added x64 check and options to info
2013-01-19 23:23:45 +00:00
ef97b20cb7
Merge branch 'wds_unattend'
2013-01-18 14:42:00 -06:00
892899acd5
Fixed loot formatting so data is under the proper column
...
The credentials table was defined with the columns "User", "Password", "Host", "Port", and "SSL". Credentials were not added in that order, however. They were added in the order "host, port, user, password, ssl" in this line:
credentials << [cred['host'], cred['port'], cred['user'], cred['password'], cred['ssl']]
I changed the order the columns were defined to fix this.
The permissions table had a similar issue. The "FileWrite" column was missing, so I added it. I also moved the "Home" column to after the "AutoCreate" column. Now the line:
permissions << [perm['host'], perm['user'], perm['dir'], perm['fileread'], perm['filewrite'], perm['filedelete'], perm['fileappend'],perm['dircreate'], perm['dirdelete'], perm['dirlist'], perm['dirsubdirs'], perm['autocreate']]
works correctly.
2013-01-17 16:52:02 -05:00
09b4a09ce1
module razer_synapse cleanup
2013-01-17 16:53:00 +01:00
99296006c1
Merge branch 'razer_synapse.rb' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-razer_synapse.rb
2013-01-17 16:52:26 +01:00
12e7949183
msftidy change
2013-01-15 21:23:49 -05:00
b2cd65e283
adding razer_synapse.rb
2013-01-15 21:14:49 -05:00
6508964171
For consistency with other post modules, also do a store_loot
2013-01-15 12:16:32 -06:00
1e64d36320
avoid begin rescue blocks
2013-01-15 02:05:58 +01:00
3eaa07afae
documenting magic numbers
2013-01-14 19:43:34 +01:00
530df0acf0
delete comments
2013-01-14 19:22:39 +01:00
57be789f2c
Fix comments by egypt
2013-01-14 19:22:02 +01:00
40fc861eee
Added post module for BulletProof FTP Client
2013-01-14 13:50:10 +01:00
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
707784f2ae
Last fix
2012-12-28 03:46:59 -06:00
fc4da53be4
More fixes
2012-12-28 03:27:04 -06:00
ddd4b7ef60
Applying fixes
2012-12-28 02:26:40 -06:00
5369f88c5d
Merge branch 'local_admin_search_enum.rb' of git://github.com/zeknox/metasploit-framework into zeknox-local_admin_search_enum.rb
...
Conflicts:
modules/post/windows/gather/local_admin_search_enum.rb
2012-12-28 02:25:39 -06:00
0f6b72dad5
Final touchup
2012-12-26 21:16:04 -06:00
919d6daa41
Even if there's password, we should prolly keep the username
2012-12-26 21:14:26 -06:00
4ce1df2214
Change module title for consistency
2012-12-26 21:13:02 -06:00
da49f67079
Only show the password when exists
2012-12-26 21:10:52 -06:00
d3d595da95
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 21:08:03 -06:00
6e520e7a2a
converted split into a scan
2012-12-26 21:06:48 -06:00
eb424195ca
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:42:24 -06:00
e3c1d5a5c0
fixed config.close bug
2012-12-26 20:40:11 -06:00
17b41adfec
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:35:46 -06:00
b71729bf5f
fixed multi stored creds issue
2012-12-26 20:32:41 -06:00
6ecaabc9cc
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 20:08:34 -06:00
d70d2c4a19
typo
2012-12-26 19:54:35 -06:00
bcc651a1b2
modified password parsing, and utf encoding
2012-12-26 19:49:25 -06:00
c75f48b404
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 18:58:34 -06:00
073565c001
modified port and sname in db logging
2012-12-26 18:33:10 -06:00
b483e76065
Merge branch 'spark_im.rb' of git://github.com/zeknox/metasploit-framework into zeknox-spark_im.rb
2012-12-26 18:03:24 -06:00
7147e7a09b
added spark_im post exploit module
2012-12-26 17:28:23 -06:00
d2e3e5defb
Merge branch 'jlee-r7-cleanup/post-windows-services'
2012-12-22 13:29:48 -06:00
ae4f434691
Handle RequestError
...
Some registry-retrieving functions will return nil when a
RequestError exception is raised, and that's the exception we
should be handling.
2012-12-22 13:10:44 -06:00
e423351de3
Merge branch 'darkoperator_checkvm_more_checks' of git://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator_checkvm_more_checks
2012-12-22 12:40:33 -06:00
1ca85e2fff
fix indentation and EOL spaces
2012-12-22 10:42:43 -04:00
ddb9871577
refactor for use of registry mixin and will now create a note for the hypervisor
2012-12-22 10:27:54 -04:00
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
924f5283ae
Improvements to checkvm
...
- Added additional checks for Hyper-V
- Added additional checks for VMware
- Removed $Id$ and $Revision$ (Confirmed with Todb on it)
2012-12-21 22:11:57 -04:00
e9c00488fa
Return value does not need to be checked, says zeknox
2012-12-21 13:00:08 -06:00
e8cf26390a
Msftidy
2012-12-20 16:34:10 +00:00
761d83ac0c
Tidyup and user options
2012-12-20 16:29:21 +00:00
37524c7965
Make sure return vals are handled correctly.
2012-12-19 09:45:01 -06:00
d91e566d54
Further refactoring
2012-12-19 09:06:58 +00:00
cfcd1ead54
Merge branch 'netlm_downgrade.rb' of git://github.com/zeknox/metasploit-framework into zeknox-netlm_downgrade.rb
2012-12-19 02:22:00 -06:00
592de9b39e
Something tells me charles wanna try 5 times, not 6 times.
2012-12-18 18:10:15 -06:00
ba242e1809
Merge branch 'master' of git://github.com/charles-n2netsec/metasploit-framework into charles-n2netsec-master
2012-12-18 18:01:28 -06:00
378038afab
Merge remote-tracking branch 'upstream/master' into wldap32_railgun
2012-12-17 17:23:43 +00:00
6a92bd609a
Tidying and refactoring
2012-12-17 15:29:04 +00:00
b5fd3463d7
Initial working AD_LDAP lookup
2012-12-17 14:07:35 +00:00
6dd6174221
Migrate enum_unattend to unattend parser lib
2012-12-13 10:58:05 +00:00
3e81fb2002
last cleanup for steam.rb
2012-12-12 11:48:46 +01:00
f642aa67f9
CLeanup redundant code.
2012-12-12 00:00:27 -05:00
f7cf75063d
Cleanup and use Post::File api. Use store_loot for data collection
2012-12-11 23:41:50 -05:00
462766a654
Added Steam client session collector post module
2012-12-08 19:11:57 -05:00
433532ddf4
fix OptAddress
2012-12-06 11:21:42 -06:00
65f9f8ec2e
fixed net use cmd
2012-12-02 23:43:35 -06:00
5be12c1ad3
add verbose output
2012-12-01 12:04:34 -06:00
e03ace17d9
typo
2012-12-01 11:57:51 -06:00
73b4a9d573
cleaned up rescue statements
2012-12-01 11:09:01 -06:00
501224f21f
setup() added
2012-12-01 11:03:11 -06:00
16c5879d08
error handling added
2012-12-01 09:09:33 -06:00
7ae8f5b338
Modify name a little
2012-11-30 12:11:06 -06:00
9db84a16fa
Change output
2012-11-30 12:06:21 -06:00
44022baefa
Fix bug: NoMethodError undefined method `empty?' for nil:NilClass
2012-11-30 12:02:32 -06:00
37367bbaa0
Mostly cosmetic changes
2012-11-30 12:01:47 -06:00
0472d60c4a
Add FTP Explorer (FTPx) post->gather->credentials module
...
This module finds saved login credentials for the
FTP Explorer (FTPx) FTP client for Windows.
2012-11-30 15:09:14 +10:30
4416f1c7ae
Fixed mixed tabs that prevented build completion.
2012-11-29 08:43:23 -05:00
d200332b76
removed local_admin_search_enum.rb
2012-11-28 22:11:08 -06:00
84fc320c30
added post exploit netlm_downgrade.rb
2012-11-28 22:01:47 -06:00
ae6dbee42b
Fixed bugs with a few modules.
...
filezilla_server.rb would crash if there was no admin information found.
In smart_hashdump.rb I replicated the changes made in hashdump.rb to handle the race condition. (It works, but is still not as reliable as regular hashdump for XP boxes)
In migrate.rb the option PID is an integer, and the line "elseif datastore['PID']" was evaluating as true, even though PID was set to "". There was also a misspelling of datastore as "datstore" that I fixed.
2012-11-28 12:18:32 -05:00
e7a565b474
fixed store loot
2012-11-27 20:02:05 -06:00
16ce2c3f94
fixed catch statements
2012-11-27 06:22:50 -06:00
62be877f89
fixed run_cmd()
2012-11-27 05:49:19 -06:00
c70f1e3698
modified local_admin_search_enum.rb
2012-11-27 05:34:38 -06:00
e235aadcc0
Sometimes we might not be able to access a dir, be aware of that
2012-11-12 18:59:44 -06:00
862dd18b1c
Merge remote-tracking branch 'upstream/master' into enum_dirperms_default_path
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2012-11-12 18:54:47 -06:00
5270487d81
Add credit
2012-11-12 18:35:32 -06:00
be36083097
Make PATH optional, also correct a filtering bug
...
If the PATH option is not specified, the module will try to
enumerate from %PATH%. Also, this commit fixes a bug in the
filtering routine (basically the filtering routine didn't
really work).
2012-11-12 18:29:56 -06:00
222af8c91d
Fix NoMethodError when check_dir fails to enum the permission
...
See the following for more info:
http://dev.metasploit.com/redmine/issues/7452
2012-11-12 16:27:32 -06:00
34bc92584b
Refactor WindowsServices
...
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work
[See #1007 ]
[See #1012 ]
2012-11-06 17:30:04 -06:00
98330390d6
added local_admin_search_enum.rb
2012-11-05 12:27:15 -06:00
be9a954405
Merge remote branch 'jlee-r7/cleanup/post-requires'
2012-10-23 15:08:25 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
21f6127e29
Platform windows cleanup
...
Change all Platform 'windows' to 'win', as it internally is an alias
anyway and only causes unnecessary confusion to have two platform names
that mean the same.
2012-10-23 20:33:01 +02:00
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
33ce74fe8c
Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1
2012-10-23 02:10:56 -05:00
a9def564e7
Add a missing post require
2012-10-22 17:18:14 -05:00
7437d9844b
standardizing author info
2012-10-22 17:01:58 -04:00
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
86c73e92d4
Add ability to remotely start registry for read
2012-10-21 01:34:34 -04:00
431dc31eac
proxy parsing post module
2012-10-20 23:25:40 -04:00
201518b66f
msftidy corrections
2012-10-17 17:22:26 -05:00
sinn3r
g0tmi1k
Meatballs
Carlos Perez
James Lee
Rob Fuller
jvazquez-r7
Antoine
root
Tod Beardsley
Borja Merino
Nathan Einwechter
sinn3r
kernelsmith
lmercer
Charles Smith
smilingraccoon
Christian Mehlmauer
Brandon McCann
Nikolai Rusakov
bcoles
Michael Schierl