0e5e8032ad
Add Firefox 2FA support
2015-06-30 21:02:10 -07:00
5b0647a1f2
Add support to steal 2FA token
2015-06-29 22:20:38 -07:00
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
f216841d01
Update enum_vbox
2015-06-22 17:54:17 -05:00
c20d2a1dd9
Update post/multi/gather/env
...
* Use cmd_exec
2015-06-22 16:20:46 -05:00
5a548c3792
Land #5453 , Update dbvis_enum to use the new cred API
2015-06-19 11:35:07 -05:00
e43163135b
Add module_fullname: fullname,
2015-06-02 12:33:34 -05:00
7485cf776e
Remove unnecessary spaces
2015-06-02 14:18:36 +05:00
b4cfe93977
Add creds API
2015-06-02 14:16:16 +05:00
b98cc89f0c
Update filezilla_client_cred to use the new cred API
2015-06-02 00:22:17 -05:00
17c0af6380
Consistent column names
2015-05-29 11:08:24 +05:00
101f12b9d2
Remove base64 require
2015-05-29 10:38:06 +05:00
3ac5088a9a
Add decryption.final for proper padding
2015-05-29 10:33:55 +05:00
2756c7375e
Add datastore options
2015-05-28 10:58:36 +05:00
1ab49397a2
Decrypt encrypted passwords
2015-05-28 10:21:00 +05:00
43e9244b4c
Fix #5134 , Put store_loot back
...
Fix #5134
store_loot was used at one point, but we ended up removing it.
Turns out store_loot is handy in some cases so we're brining it back.
2015-04-17 16:33:51 -05:00
7d7139d769
Consistent-ize whitespace
2015-01-27 11:11:02 -06:00
d8200c65a8
Strip safely, avoid nil.strip errors
2015-01-27 11:06:55 -06:00
5b3d877b25
Land #4648 , for real
2015-01-27 11:00:22 -06:00
a88a631b66
Fix #strip
2015-01-27 10:58:24 -06:00
d2bf1a73ff
Don't need to require YAML anymore either
2015-01-27 10:40:57 -06:00
cafbd1af51
Prefer a regex over YAML parsing
...
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
d53f4e1178
Fix bugs and make final changes
2015-01-26 23:29:10 -06:00
2bb9314b4b
Switch to unless conditional
2015-01-27 00:10:33 -05:00
1f9286da69
Undo logic reversage
2015-01-26 23:54:41 -05:00
a9e480e44a
Fixed tilde
2015-01-26 23:53:08 -05:00
eed9fbe024
Lose assignment in conditional
2015-01-26 23:48:08 -05:00
c496d2c987
Remove nil check
2015-01-26 23:43:31 -05:00
c29b7488b2
Fix double new line
2015-01-26 23:40:19 -05:00
d77f112e82
Minor Formatting
2015-01-26 23:31:36 -05:00
06485d8c89
Fix naming of things
2015-01-26 23:17:44 -05:00
685c4804e5
Add trailing return
2015-01-26 23:15:00 -05:00
6b6e47a237
Fix sessiontypes, again
2015-01-26 23:13:17 -05:00
747349a57a
Fix sessiontypes
2015-01-26 23:11:48 -05:00
ee7ecb349d
Fix description
2015-01-26 23:10:08 -05:00
106170eddc
Add multi to name
2015-01-26 23:08:43 -05:00
a3c7cf70f8
Make MSF Tidy more happy
2015-01-26 22:30:26 -05:00
d37b3cf0c3
Use next instead of return
2015-01-26 22:26:56 -05:00
f58dc2789f
Remove creds
2015-01-26 22:13:15 -05:00
a27c376ae7
Add service port and host
2015-01-26 22:06:07 -05:00
dd34b58e49
Add add loot
2015-01-26 22:01:38 -05:00
3889ed5784
Add cred login
2015-01-26 21:50:10 -05:00
eead063375
Add RubyGems API Post Gather Module
2015-01-26 20:53:39 -05:00
0496bb16bc
Minor spelling fix
2015-01-07 23:43:59 -05:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
54de805b7a
Report credentials
...
* Even when we are not associating them to hosts
* It's a post module so maybe we cannot solve some names
2014-11-17 12:49:18 -06:00
b3b37c7c9f
Use longer description lines
2014-11-17 12:23:22 -06:00
d5afb2b766
%q
2014-11-17 09:01:14 -08:00
ce73e32673
Doc and named captures
2014-11-17 09:01:14 -08:00
bf05fe1389
Refactoring, simplification, better print_*
2014-11-17 09:01:14 -08:00
6e1cdfde36
Rip out create_credential* stuff. Use what works
2014-11-17 09:01:14 -08:00
e5bb13a609
If remmina config files are missing data for creds, tell me what
2014-11-17 09:01:14 -08:00
875d1f9ea0
Convert Remmina credential gatherer to use new credentials model
2014-11-17 09:01:14 -08:00
086f0c02d6
Remove excessive logging
2014-11-17 09:01:14 -08:00
90e58e9e71
Binary encoding
2014-11-17 09:01:14 -08:00
e76373340e
Correct some Rubocop things that I agree with
2014-11-17 09:01:14 -08:00
f729a6cf02
Add Remmina RDP/SSH/VNC password gathering
2014-11-17 09:01:13 -08:00
c765100efd
Land #4004 , @martinvigo's LastPass master password extraction module
2014-10-22 16:34:54 -07:00
29b61984c5
Update to use correctly joined path
2014-10-22 16:34:17 -07:00
88c1647c80
Loot the passwords, obviously
2014-10-19 13:11:10 -07:00
0971d7c3ac
Remove ... from prints, only map a browser if we found something
2014-10-19 13:05:11 -07:00
967800eed0
Track account name for more useful table and prints
2014-10-19 12:59:51 -07:00
5a05246682
Consistent case in *print_*
2014-10-19 12:30:50 -07:00
a30663e412
Fix multiuser LastPass extraction, print/vprint cleanup
2014-10-17 17:40:19 -07:00
d2a00b208e
Minor style cleanup to appease Rubocop
2014-10-17 12:50:18 -07:00
d97fe548b9
Store the browser name in LastPass loot
2014-10-17 11:33:31 -07:00
43238c7324
Simplify LastPass extraction. Track what browser that puked creds
2014-10-17 11:19:36 -07:00
9177b931fd
Refactoring of LastPass module to use correct Firefox path on *nix
2014-10-17 10:20:55 -07:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
36d6220f8f
Make use of Rex::Ui::Text::Table
2014-10-15 23:13:53 -07:00
bb421859d3
Refactor code and add support for all Windows
2014-10-15 22:15:54 -07:00
c7e0ced02b
Remove useless conditions
2014-10-15 21:29:47 -07:00
2bdc703930
Remove useless condition
2014-10-15 21:16:06 -07:00
5fa39782b8
Fix unused variable
2014-10-15 21:10:50 -07:00
8fc0f0955e
Add support for Firefox
2014-10-15 20:44:20 -07:00
47794510c3
Add support for Firefox in XP
2014-10-15 20:44:19 -07:00
484d98d0a8
Meet rubocop and msftify rules
2014-10-15 20:17:36 -07:00
85e6febe09
Add module to extract/decrypt LastPass credentials
2014-10-15 20:17:36 -07:00
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
a41768fd7d
Correct DbVisualizer title name
...
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.
Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
1d6f088eab
Pass msftidy
2014-07-15 11:31:37 -05:00
526538ecd6
Added dbvis version find and print
2014-07-15 15:04:46 +02:00
97dcc56225
Update dbvis_enum.rb
2014-07-15 14:23:40 +02:00
400b0f4276
parse url to report host in old config
2014-07-15 14:21:09 +02:00
f3d953f829
Old config file update
...
Added functions to parse old and new config files.
2014-07-15 14:00:29 +02:00
ac3d453002
Update dbvis_enum.rb
2014-07-15 12:33:07 +02:00
a53341f520
Added compatibility with dbvis <= 6
...
Checking for "config" folder existence if "config70" is not found.
2014-07-15 12:14:38 +02:00
cc1ba265cb
Change module name for consistency
2014-07-14 15:49:19 -05:00
4d7bffd713
Change header
2014-07-14 15:45:17 -05:00
5a821cea9d
Account for EOFError condition
2014-07-14 15:27:40 -05:00
89a877031f
I mean "unless", not "if"
2014-07-14 15:24:53 -05:00
bec32a01ab
For for missing an end
2014-07-14 15:17:54 -05:00
cecdcef2e2
+ not preferred
2014-07-14 15:14:54 -05:00
0737deb2a3
Remove the last exception handler
...
We're already checking the file path with file?(), so we don't need
to use exception handling for this task anymore.
2014-07-14 15:02:23 -05:00
8fe3f1a077
File should be checked for existence before reading
2014-07-14 15:01:03 -05:00
20e5803592
Author's Twitter handle should be a comment
...
msfconsole treats whatever is in <> as the author's email, not
twitter handle
2014-07-14 14:57:36 -05:00
3b6947c1d7
Use Rex to check IPv4 instead of using resolv
2014-07-14 14:56:38 -05:00
b5e556519b
Change = to ==
...
This is an if condition, not an assignment
2014-07-14 14:53:27 -05:00
Martin Vigo
jvazquez-r7
wchen-r7
root
William Vu
Tod Beardsley
Jonathan Claudius
EricGershman
Christian Mehlmauer
Jon Hart
URI Assassin
Brandon Turner
Trevor Rosen
David Maloney
David Bloom