sinn3r
433c9f6b28
Final cleanup
2012-08-21 14:17:21 -05:00
Jonathan Claudius
c5623cae4c
Fixing Bug w/ XP Method & Improving formatting for smart_hashdump
...
1.) Addressed obvious bug in registry read for XP hint gathering code
2.) Cleaned up the formatting for smart_hashdump which needed
additional tabs
2012-08-21 07:56:52 -05:00
Jonathan Claudius
a3bad0b3ae
Added XP Support and Changed Output Method for User Password Hints
...
1.) Now grabs clear-text user hint from XP systems in addition to
Win7/Win8 systems
2.) Changes output so it's no longer inline with hashes as not to
affect copy/paste of hashes output
3.) Adding alternate text in cases when no user hints are available
2012-08-20 21:30:12 -05:00
Jonathan Claudius
fbc36b57d0
Adding Windows User Password Hint Decoding to Hashdump Tools
...
* UserPasswordHint, a key that is used to store the users password
hint, can be easily decoded to clear-text to get the users hint
(Example: "My Favorite Color")
* Added decode_windows_hint() method to perform the decode process
* Added decoded hint output for hashdump.rb and smart_hashdump.rb
2012-08-19 23:04:11 -05:00
Tod Beardsley
5cd20357d8
Updating URL for Bypass UAC
2012-08-15 22:34:44 -05:00
Daniel Miller
c8b8d7b8db
Fix handling of PAYLOAD_TYPE in persistence
...
post/windows/manage/persistence incorrectly checked the STARTUP option
to set the payload, which meant it was always the default (reverse_tcp).
Changed to check PAYLOAD_TYPE instead, as intended.
2012-08-10 13:34:09 -05:00
sinn3r
b46fb260a6
Comply with msftidy
...
*Knock, knock!* Who's there? Me, the msftidy nazi!
2012-08-07 15:59:01 -05:00
David Maloney
94c7415653
Remove typo
2012-07-31 16:30:41 -05:00
sinn3r
4efe84c609
Merge branch 'Fix_Threading' of https://github.com/darkoperator/metasploit-framework into darkoperator-Fix_Threading
2012-07-23 02:58:30 -05:00
Carlos Perez
2941755576
Fixed the threading for ARP Scanner and skipped making a note is OUI is not known
2012-07-21 23:38:41 -04:00
James Lee
cccd3754a4
Fix load order problem
...
[FIXRM #7151 ]
2012-07-20 15:58:57 -06:00
HD Moore
9bff1c913b
Merge pull request #592 from alexmaloteaux/ipv6arpfix
...
ipv6 and arp_scanner fix
2012-07-18 20:40:27 -07:00
sinn3r
fbe0cb7471
Merge branch 'post_win_gather_creds_gpp_pass' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-post_win_gather_creds_gpp_pass
2012-07-17 08:28:19 -05:00
HD Moore
b3eb7b1358
Clean up unicode names
2012-07-17 00:46:28 -05:00
HD Moore
8fef1479ed
Trim string fields at first null
2012-07-15 23:12:40 -05:00
Alexandre Maloteaux
81ba60169f
ipv6 and arp_scanner fix
2012-07-10 18:28:24 +01:00
sinn3r
0fbfa8e6f7
Merge branch 'enum_unattend_ii' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-enum_unattend_ii
2012-07-09 10:14:30 -05:00
sinn3r
5586aa6c1b
Move some code around
2012-07-09 09:44:22 -05:00
sinn3r
5db26beef7
Add more features
...
Please see the following ticket:
http://dev.metasploit.com/redmine/issues/7041
2012-07-09 05:17:40 -05:00
HD Moore
442eccd1d6
Merge pull request #578 from claudijd/master
...
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption in Hashdump Code
2012-07-08 12:24:46 -07:00
Jonathan Claudius
5938771e6c
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption
...
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.
If you have questions, please let us know.
-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
2012-07-08 14:02:22 -05:00
Meatballs1
fc58e485c3
Added further protection to enum_dcs method to prevent crashes
2012-07-05 14:27:45 +01:00
Meatballs1
a513b41283
Couple of readability changes suggested by TLC
2012-07-05 14:19:41 +01:00
Loic Jaquemet
cadbeafc4b
match dot and not any character
2012-07-03 20:41:03 -03:00
Loic Jaquemet
5bba81b738
or something equivalent... if enum_dcs returns nil
2012-07-03 20:38:26 -03:00
Meatballs1
c30b2de35b
Removed comments in code!
2012-07-03 21:34:33 +01:00
Meatballs1
9998ca928d
msftidy, bugfixes, and protection to prevent DNS style domains going into the DC enumeration (which causes a meterpreter crash)
2012-07-03 21:28:45 +01:00
Meatballs1
bdd9364fa4
Refactored registry DC enumeration to occur by default, fixed nil DomainCaches exception
2012-07-03 21:08:12 +01:00
Loic Jaquemet
f74fe39280
fix error message to a more helpful one.
2012-07-03 12:54:02 -03:00
Loic Jaquemet
12e24dbd99
failback to target's PDC to get policies
2012-07-03 12:49:34 -03:00
sinn3r
7cfb7c1915
Update description
2012-07-03 10:26:02 -05:00
Loic Jaquemet
5fff195eba
DomainCache is a list of domainName = dnsDomainName
2012-07-03 12:20:00 -03:00
sinn3r
7262faac57
Correct a typo
2012-07-02 16:02:14 -05:00
sinn3r
fa0422c88a
Must respect the PlainText field to extract password info properly
2012-07-02 15:56:25 -05:00
sinn3r
e2a2789f78
Support Ruby 1.8 syntax. Thanks M M.
2012-07-02 14:15:14 -05:00
Meatballs1
4eec5a5288
msftidy
2012-07-02 16:51:15 +01:00
Meatballs1
261989dddf
Fixed get_domain_reg where value returned was '.'
2012-07-02 16:46:02 +01:00
Meatballs1
bd2368d6ab
Added specific details for each policy type to output table, modified REX:Ui:Table to prevent sorting when SortIndex == -1
2012-07-02 11:47:44 +01:00
Meatballs1
299ed9d1d5
Local loot storage of retrieved XML files with option to disable storage
2012-07-02 10:48:04 +01:00
Meatballs1
5c2c1ccc39
Added extra logic and fixes for user supplied domains option
2012-07-02 10:15:58 +01:00
Meatballs1
b549c9b767
Added a number of registry locations to enumerate the domain as this was inconsistant across testing environments
2012-07-02 09:35:47 +01:00
Meatballs1
994074948a
Removed @enumed_domains which inadvertantly skipped processing after the first file on a domain
2012-07-02 09:17:29 +01:00
Meatballs1
21776697b2
Merged with upstream
2012-07-02 08:57:54 +01:00
sinn3r
1b02f17d52
Shamelessly add my name too, because I made a lot of changes.
2012-07-01 19:23:34 -05:00
sinn3r
e1c43c31bd
Title change
2012-07-01 16:43:25 -05:00
sinn3r
326230b34b
Don't need to print the xml path twice
2012-07-01 13:58:04 -05:00
sinn3r
fcf5e02708
Be aware of bad XML format
2012-07-01 13:50:43 -05:00
sinn3r
ac52b0cc9f
Filter out 'AdministratorPassword' and 'Password'
2012-07-01 13:45:12 -05:00
sinn3r
61983b21b9
Add documentation about unattend.xml's specs
2012-07-01 04:15:11 -05:00
sinn3r
bf03995e30
Add veritysr's unattend.xml collector. See #548 .
2012-07-01 04:08:18 -05:00