Commit Graph

523 Commits (b457289e01ed0c1912434f10e5f19fce29b10aa7)

Author SHA1 Message Date
sinn3r 433c9f6b28 Final cleanup 2012-08-21 14:17:21 -05:00
Jonathan Claudius c5623cae4c Fixing Bug w/ XP Method & Improving formatting for smart_hashdump
1.) Addressed obvious bug in registry read for XP hint gathering code
2.) Cleaned up the formatting for smart_hashdump which needed
additional tabs
2012-08-21 07:56:52 -05:00
Jonathan Claudius a3bad0b3ae Added XP Support and Changed Output Method for User Password Hints
1.) Now grabs clear-text user hint from XP systems in addition to
Win7/Win8 systems
2.) Changes output so it's no longer inline with hashes as not to
affect copy/paste of hashes output
3.) Adding alternate text in cases when no user hints are available
2012-08-20 21:30:12 -05:00
Jonathan Claudius fbc36b57d0 Adding Windows User Password Hint Decoding to Hashdump Tools
* UserPasswordHint, a key that is used to store the users password
hint, can be easily decoded to clear-text to get the users hint
(Example: "My Favorite Color")
* Added decode_windows_hint() method to perform the decode process
* Added decoded hint output for hashdump.rb and smart_hashdump.rb
2012-08-19 23:04:11 -05:00
Tod Beardsley 5cd20357d8 Updating URL for Bypass UAC 2012-08-15 22:34:44 -05:00
Daniel Miller c8b8d7b8db Fix handling of PAYLOAD_TYPE in persistence
post/windows/manage/persistence incorrectly checked the STARTUP option
to set the payload, which meant it was always the default (reverse_tcp).
Changed to check PAYLOAD_TYPE instead, as intended.
2012-08-10 13:34:09 -05:00
sinn3r b46fb260a6 Comply with msftidy
*Knock, knock!*  Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
David Maloney 94c7415653 Remove typo 2012-07-31 16:30:41 -05:00
sinn3r 4efe84c609 Merge branch 'Fix_Threading' of https://github.com/darkoperator/metasploit-framework into darkoperator-Fix_Threading 2012-07-23 02:58:30 -05:00
Carlos Perez 2941755576 Fixed the threading for ARP Scanner and skipped making a note is OUI is not known 2012-07-21 23:38:41 -04:00
James Lee cccd3754a4 Fix load order problem
[FIXRM #7151]
2012-07-20 15:58:57 -06:00
HD Moore 9bff1c913b Merge pull request #592 from alexmaloteaux/ipv6arpfix
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
sinn3r fbe0cb7471 Merge branch 'post_win_gather_creds_gpp_pass' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_win_gather_creds_gpp_pass 2012-07-17 08:28:19 -05:00
HD Moore b3eb7b1358 Clean up unicode names 2012-07-17 00:46:28 -05:00
HD Moore 8fef1479ed Trim string fields at first null 2012-07-15 23:12:40 -05:00
Alexandre Maloteaux 81ba60169f ipv6 and arp_scanner fix 2012-07-10 18:28:24 +01:00
sinn3r 0fbfa8e6f7 Merge branch 'enum_unattend_ii' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-enum_unattend_ii 2012-07-09 10:14:30 -05:00
sinn3r 5586aa6c1b Move some code around 2012-07-09 09:44:22 -05:00
sinn3r 5db26beef7 Add more features
Please see the following ticket:
http://dev.metasploit.com/redmine/issues/7041
2012-07-09 05:17:40 -05:00
HD Moore 442eccd1d6 Merge pull request #578 from claudijd/master
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption in Hashdump Code
2012-07-08 12:24:46 -07:00
Jonathan Claudius 5938771e6c Bug Fix to "Stamp Out" LM and NTLM Hash Corruption
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.

If you have questions, please let us know.

-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
2012-07-08 14:02:22 -05:00
Meatballs1 fc58e485c3 Added further protection to enum_dcs method to prevent crashes 2012-07-05 14:27:45 +01:00
Meatballs1 a513b41283 Couple of readability changes suggested by TLC 2012-07-05 14:19:41 +01:00
Loic Jaquemet cadbeafc4b match dot and not any character 2012-07-03 20:41:03 -03:00
Loic Jaquemet 5bba81b738 or something equivalent... if enum_dcs returns nil 2012-07-03 20:38:26 -03:00
Meatballs1 c30b2de35b Removed comments in code! 2012-07-03 21:34:33 +01:00
Meatballs1 9998ca928d msftidy, bugfixes, and protection to prevent DNS style domains going into the DC enumeration (which causes a meterpreter crash) 2012-07-03 21:28:45 +01:00
Meatballs1 bdd9364fa4 Refactored registry DC enumeration to occur by default, fixed nil DomainCaches exception 2012-07-03 21:08:12 +01:00
Loic Jaquemet f74fe39280 fix error message to a more helpful one. 2012-07-03 12:54:02 -03:00
Loic Jaquemet 12e24dbd99 failback to target's PDC to get policies 2012-07-03 12:49:34 -03:00
sinn3r 7cfb7c1915 Update description 2012-07-03 10:26:02 -05:00
Loic Jaquemet 5fff195eba DomainCache is a list of domainName = dnsDomainName 2012-07-03 12:20:00 -03:00
sinn3r 7262faac57 Correct a typo 2012-07-02 16:02:14 -05:00
sinn3r fa0422c88a Must respect the PlainText field to extract password info properly 2012-07-02 15:56:25 -05:00
sinn3r e2a2789f78 Support Ruby 1.8 syntax. Thanks M M. 2012-07-02 14:15:14 -05:00
Meatballs1 4eec5a5288 msftidy 2012-07-02 16:51:15 +01:00
Meatballs1 261989dddf Fixed get_domain_reg where value returned was '.' 2012-07-02 16:46:02 +01:00
Meatballs1 bd2368d6ab Added specific details for each policy type to output table, modified REX:Ui:Table to prevent sorting when SortIndex == -1 2012-07-02 11:47:44 +01:00
Meatballs1 299ed9d1d5 Local loot storage of retrieved XML files with option to disable storage 2012-07-02 10:48:04 +01:00
Meatballs1 5c2c1ccc39 Added extra logic and fixes for user supplied domains option 2012-07-02 10:15:58 +01:00
Meatballs1 b549c9b767 Added a number of registry locations to enumerate the domain as this was inconsistant across testing environments 2012-07-02 09:35:47 +01:00
Meatballs1 994074948a Removed @enumed_domains which inadvertantly skipped processing after the first file on a domain 2012-07-02 09:17:29 +01:00
Meatballs1 21776697b2 Merged with upstream 2012-07-02 08:57:54 +01:00
sinn3r 1b02f17d52 Shamelessly add my name too, because I made a lot of changes. 2012-07-01 19:23:34 -05:00
sinn3r e1c43c31bd Title change 2012-07-01 16:43:25 -05:00
sinn3r 326230b34b Don't need to print the xml path twice 2012-07-01 13:58:04 -05:00
sinn3r fcf5e02708 Be aware of bad XML format 2012-07-01 13:50:43 -05:00
sinn3r ac52b0cc9f Filter out 'AdministratorPassword' and 'Password' 2012-07-01 13:45:12 -05:00
sinn3r 61983b21b9 Add documentation about unattend.xml's specs 2012-07-01 04:15:11 -05:00
sinn3r bf03995e30 Add veritysr's unattend.xml collector. See #548. 2012-07-01 04:08:18 -05:00