Commit Graph

1957 Commits (bf05fe13890cc9501307ea5cccccfd2b5a465840)

Author SHA1 Message Date
David Maloney 9eb42cb80f
refactor smartftp post module
refactor the smartftp credential post module to use
Metasploit::Credential
2014-06-02 11:48:45 -05:00
David Maloney 34004908bb
Merge branch 'master' into staging/electro-release
Conflicts:
	.ruby-version
2014-06-02 11:10:33 -05:00
Trevor Rosen d9fd77fba7 Merge pull request #29 from rapid7/feature/MSP-9739/mremote_refactor
Feature/msp 9739/mremote refactor

MSP-9739 #land
2014-06-02 11:05:20 -05:00
David Maloney 1e2ae16713
refactor vnc post module
this adds Metasploit::Credential functionality to
the post/windows/gather/credentials/vnc module
it also fixes a hostname resolution issue on windows
hashdump that could occur when the peerhost is an unresolved
hostname
2014-05-30 14:27:44 -05:00
David Maloney 86fec3a33f
refactor coreFTP post module
post/windows/gather/credentials/coreftp now uses
the new Metasploit::Credential methods
2014-05-30 14:06:31 -05:00
Tom Sellers af569449d9 Code cleanup
Fixes based on response from @timwr and @kernelsmith.
Retested with Ubuntu and Metasploitable 2 to validate proper payload. Also tested for port conflict detection after the change.  Returning false on line 243 simplifies the if logic on line 251/252.
2014-05-29 18:27:17 -05:00
jvazquez-r7 0d07fb6c39
Land #2858, @jiuweigui's post module to enumerate Enumerate MUICache 2014-05-29 17:08:50 -05:00
jvazquez-r7 a6229aedff Rescue RequestError when downloading file 2014-05-29 17:07:22 -05:00
jvazquez-r7 f2a71a47ca Use \&\& instead of and 2014-05-29 17:04:38 -05:00
jvazquez-r7 31c282153e Avoid ntuser.dat md5 because is causing problems, even when data is extracted 2014-05-29 17:02:28 -05:00
David Maloney e012d55d73
refactor mremote
mremote post module now refactored to
use new metasploit credentials
2014-05-29 16:27:41 -05:00
jvazquez-r7 95b71dee00 Try to fix crash while file_remote_digest 2014-05-29 16:12:51 -05:00
David Maloney a1131092b7
fix open rescue
rescuing all exceptions bad
bad past dave bad
2014-05-29 16:05:16 -05:00
jvazquez-r7 cbbd7bfdf4 Refacotor code 2014-05-29 15:55:44 -05:00
David Maloney bf3bb63e4a
fix mremote to work on mremoteNG
fixed the mremote credential post module to work
against the newer mRemoteNG
2014-05-29 15:43:02 -05:00
David Maloney f61aeb818a
smart hashdump refactor
refactor the windows smart hashdump post module
to use the new cred creation methods
2014-05-29 15:06:42 -05:00
jvazquez-r7 cdabb71d23 Make code cleanup 2014-05-29 14:51:10 -05:00
David Maloney e3c4745879
Windows Hashdump post module refactor
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
Tom Sellers 2f811381dc Update shell_to_meterpreter.rb 2014-05-29 06:17:31 -05:00
Tom Sellers 6a30a49bcf Update shell_to_meterpreter.rb 2014-05-29 06:08:42 -05:00
Tom Sellers f956c8d94f Create shell_to_meterpreter.rb 2014-05-27 06:12:09 -05:00
jvazquez-r7 e585d11499 make MSF_MODULES a constant 2014-05-25 19:36:40 -05:00
Rob Fuller 61603748bd two more tweaks 2014-05-25 10:45:09 -04:00
Rob Fuller 6435b4370a @Meatballs1 fixes 2014-05-25 10:40:23 -04:00
Rob Fuller e3a6782345 add post module based on @zeroSteiner idea 2014-05-24 23:37:17 -04:00
joev ae3c334232 Getting closer. Still something f'd with local answerer.html. 2014-05-22 17:14:35 -05:00
joev 14b796acbf First stab at refactoring webrtc mixin. 2014-05-21 15:32:29 -05:00
Meatballs aeaff16f88
More legible output 2014-05-20 22:27:24 +01:00
Meatballs 92669cd4d6
Use parser 2014-05-20 22:26:13 +01:00
Meatballs fabaf52929
Tidyup of GPP
Add Security Bulletin Reference
ProgramData is symlink to AllUsers anyway
Use NetAPI
2014-05-20 21:53:53 +01:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
Tom Sellers 2b8dd9139c Fix cosmetic issue
Fix cosmetic issue /w email address when it is output via 'info' or the Rapid7 module page.
2014-05-11 16:14:51 -05:00
joev f94d1f6546 Refactors firefox js usage into a mixin. 2014-04-24 15:09:48 -05:00
sinn3r ba4b507cc7
Land #3280 - Multiplatform WLAN Enumeration and Geolocation 2014-04-24 13:52:32 -05:00
Tom Sellers d4c0d015c1 Update wlan_geolocate.rb
Updated based on feedback.  Also added enumeration only support for BSD and Solaris.
2014-04-24 07:04:50 -05:00
Tod Beardsley e514ff3607
Description and print_status fixes for release
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
James Lee ee413ac385
Remove previously deprecated modules 2014-04-20 22:15:44 -05:00
Tom Sellers 2fd004b69e New module: Multiplatform Wireless LAN Geolocation
This is a new POST module that allows Windows, Linux, and OSX targets to be geolocated using Google services if the target has an active and functional wireless adapter.
2014-04-19 17:31:48 -05:00
Meatballs 5bd9721d95
Redundant include 2014-04-15 21:34:21 +01:00
Meatballs 02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
Conflicts:
	lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
Meatballs bd9b5add49
Dont report creds
We dont know if a DOMAIN or IP is specified etc.
2014-04-15 21:14:49 +01:00
Meatballs fc018eb32e
Initial commit 2014-04-15 21:05:06 +01:00
Tod Beardsley 66a50b33fd
Errant whitespace 2014-04-14 13:34:39 -05:00
joev 5f0d723588 Adds history collection module for FF privileged JS. 2014-04-14 12:27:18 -05:00
joev 1715cf4650 Add base64 to prevent potential encoding issues. 2014-04-11 17:30:04 -05:00
joev 65d267032d
Fix wrong DisclosureDate. 2014-04-11 16:17:22 -05:00
joev 197a7e556b Add password colletion post module for Firefox shells. 2014-04-11 16:15:48 -05:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
Meatballs ae3ead6ef9
Land #2107 Post Enum Domain Users 2014-04-09 11:32:12 +01:00
HD Moore fbec434ab2 Fix up host.os* field usage in the enum_ad_computers module 2014-04-02 07:30:37 -07:00
sinn3r f4e62a8dcd
Land #3146 - Firefox Gather Cookies from Privileged Javascript Shell 2014-03-27 13:14:22 -05:00
Joe Vennix b7f1cee8d3 Remove targets from post module. 2014-03-26 13:55:02 -05:00
Joe Vennix ed8bf6279b Use #run, not #exploit, for post modules. 2014-03-26 13:51:05 -05:00
Joe Vennix 6c51e0fd0d Add cookie gathering post module for FF privileged sessions. 2014-03-26 13:49:53 -05:00
Brandon Turner 460a1f551c
Fix for R7-2014-05 2014-03-24 14:12:12 -05:00
Tod Beardsley 3d3681801a
Fix linux download_exec for #2961
Note! This module already seems pretty broken, in that it doesn't appear
to correctly locate curl or wget. Will open another bug on that.

[See RM #8777]
2014-03-20 12:09:38 -05:00
OJ 3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
2014-03-11 23:13:39 +10:00
Meatballs 32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post 2014-03-03 21:56:31 +00:00
Meatballs 63751c1d1a
Small msftidies 2014-02-28 22:18:59 +00:00
David Maloney 42a730745e
Land #2418, Use meterpreter hostname resolution 2014-02-28 14:45:39 -06:00
David Maloney 2b5e4bea2b
Landing Pull Request 3003 2014-02-28 10:10:12 -06:00
staaldraad 0dfa53840a Add @Meatballs1 to authors
Add @Meatballs1 to author list, awesome changes and fixes to the code (almost complete rewrite)
2014-02-22 12:24:56 +02:00
Meatballs ff4e91bb1b
Check domain return value 2014-02-18 23:34:17 +00:00
Meatballs e4aedfad43
Fixup netapi call 2014-02-18 23:30:29 +00:00
Meatballs 0480ad16aa
No common 2014-02-18 23:09:35 +00:00
Meatballs c06f86cc2b
Updates 2014-02-18 20:31:31 +00:00
Meatballs 6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update 2014-02-18 20:02:39 +00:00
jvazquez-r7 4903b05214 Fix tabs 2014-02-18 13:51:40 -06:00
Meatballs 8a68323cf0
Dont keep checking domain 2014-02-18 17:52:34 +00:00
jvazquez-r7 1bc94b8a9d Merge for retab 2014-02-17 19:19:47 -06:00
Meatballs e290529841
Sadly this url is dead 2014-02-17 22:07:19 +00:00
Meatballs 6c32848b10
Use correct post methods 2014-02-17 22:03:07 +00:00
Meatballs 83d9a1e7c2
Xp Compat? 2014-02-17 21:28:06 +00:00
Meatballs 5e52e48d16
Gather cached GPO 2014-02-17 20:45:56 +00:00
Meatballs c39924188a
Clean up 2014-02-14 20:52:04 +00:00
jvazquez-r7 b2ea257204 Include Linux::System post mixin 2014-02-14 08:32:21 -06:00
Meatballs1 ad72ecaf84 Handle SPN array 2014-02-14 09:48:23 +00:00
Meatballs1 4b828e5d45 Dont parse empty SPNs 2014-02-14 09:41:37 +00:00
Meatballs1 2c12952112 Moar corrections 2014-02-14 09:37:00 +00:00
Meatballs1 9dd56d32de Corrections 2014-02-14 09:32:53 +00:00
Meatballs1 7ef68184e1 Handle SPNs differently 2014-02-13 23:24:55 +00:00
Meatballs1 95048b089e Dont search for made up fields 2014-02-13 22:51:55 +00:00
jvazquez-r7 61563fb2af Do minor cleanup 2014-02-13 09:10:04 -06:00
jvazquez-r7 67367092b7 Solve conflicts 2014-02-13 08:42:53 -06:00
William Vu a4035252d6 Land #1910, DISCLAIMER for firefox_creds
Fixed conflict in Author.
2014-02-12 16:32:08 -06:00
sinn3r ce2de8f3bf Different way to write this 2014-02-12 15:08:20 -06:00
sinn3r 0f620f5aba Fix Uninitialized Constant RequestError
[SeeRM #8765] NameError uninitialized constant
2014-02-12 00:23:23 -06:00
William Vu c67c0dde8f Land #2972, enum_system find/save logs/S[UG]ID 2014-02-11 15:45:27 -06:00
Roberto Soares Espreto 68578c15a3 find command modified 2014-02-11 10:08:12 -02:00
Roberto Soares Espreto f181134ef8 Removed hard tabs 2014-02-10 23:16:04 -02:00
Roberto Soares Espreto 2e720f8f0f Post::Linux - Added to search for files with setuid/setgid and logfiles 2014-02-10 19:24:51 -02:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
sinn3r 63305025aa
Land #2615 - Add Windows Gather Active Directory User Comments 2014-02-07 12:23:43 -06:00
sinn3r 9c76e7fb00 Handle multiple exceptions 2014-02-07 12:23:10 -06:00
sinn3r 40188e1eda
RuntimeError exception should be handled. 2014-02-07 12:16:15 -06:00
sinn3r 89e1bcc0ca Deprecate modules with date 2013-something
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
sinn3r e54abb4274
Add support for shell session type 2014-02-02 23:37:56 -06:00
sinn3r ae84e354e8
Be consistent with get_smartermail_creds method's return value 2014-02-02 22:06:14 -06:00
sinn3r 662fbf53b6
Update check_smartermail method
Instead of using exception handling to determine the right path,
the new method simply uses the file? method. It's also renamed as
"get_mail_config_path" to properly describe its functionality.
2014-02-02 22:01:38 -06:00
sinn3r 2b2194cee8
Modify prints 2014-02-02 21:58:10 -06:00
bcoles 62dca111f8 Conform to style 2014-02-02 08:07:18 +10:30
bcoles e30195348e Add Windows Gather SmarterMail Password Extraction post module 2014-02-02 05:51:21 +10:30
Meatballs 09b70d1574
Remove max search 2014-01-24 00:27:46 +00:00
Meatballs 0a15e07473
Merge remote-tracking branch 'upstream/master' into service_principle_name 2014-01-24 00:26:52 +00:00
Meatballs 5880f7ebf2
Remove max search 2014-01-24 00:25:03 +00:00
Meatballs f6054e6581
Merge remote-tracking branch 'upstream/master' into enum_ad_users 2014-01-24 00:24:31 +00:00
Meatballs1 982795ee5d Merge pull request #32 from todb-r7/saner-ifs-pr1473
Clean up the if.nils?
2014-01-23 15:50:25 -08:00
Meatballs 790e4d7559
Move options to mixin 2014-01-23 23:47:46 +00:00
Tod Beardsley e066d86d41
Clean up the if.nils? 2014-01-23 17:36:10 -06:00
Meatballs c190a1b630
Fix field order 2014-01-22 09:29:18 +00:00
Meatballs 720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-21 21:00:51 +00:00
Meatballs f571d63088
Merge remote-tracking branch 'upstream/master' into enum_ad_users 2014-01-21 21:00:09 +00:00
Meatballs eee716a6b3
Grab comments and descriptions ftw 2014-01-21 20:59:31 +00:00
Meatballs cd989e5dc0 Initial commit 2014-01-21 17:08:31 +00:00
Meatballs 6cd4c66d85 Merge remote-tracking branch 'oj/updated_meterpreter_binaries' into service_principle_name 2014-01-21 15:47:04 +00:00
jiuweigui 5f5ca1c011 Minor fix based on suggestions 2014-01-14 20:56:14 +02:00
William Vu 61b30e8b60
Land #2869, pre-release title/desc fixes 2014-01-13 14:29:27 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
Joe Vennix f11322b29f Oh right, msftidy. 2014-01-13 13:44:34 -06:00
sinn3r bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits 2014-01-13 11:17:36 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
Joe Vennix f78ec1eeb2 Make sure we unwrap the SecurityWrapper. 2014-01-12 10:46:23 -06:00
jvazquez-r7 bd91e36e06
Land #2851, @wchen-r7's virustotal integration 2014-01-10 19:12:56 -06:00
sinn3r d1d45059f2 use session_host instead 2014-01-10 18:27:03 -06:00
sinn3r 8534f7948a Change the post module's default api key as well (to Metasploit's) 2014-01-10 17:59:51 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
jiuweigui 9a81420e90 Enumerate WinXP/7 MUICache registry key 2014-01-10 13:21:47 +02:00
sinn3r 238d052073 Update description
key is no longer required.
2014-01-10 04:02:01 -06:00
sinn3r da273f1440 Update the use of report_note 2014-01-10 01:49:07 -06:00
sinn3r 807d8c12c7 Have a default API key
Modules now should have a default API key. See the following for
details:
http://blog.virustotal.com/2012/12/public-api-request-rate-limits-and-tool.html
2014-01-10 01:26:42 -06:00
sinn3r a99e2eb567 Update the post module 2014-01-08 18:41:22 -06:00
sinn3r 130a99f52b Add a post module that checks with VirusTotal with a checksum
This post module will submit a SHA1 checksum to VirusTotal to see
if it's a malicious file.
2014-01-08 18:26:40 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases.
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Niel Nielsen 266b040457 Update cachedump.rb
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:14:10 +01:00
Meatballs e75d87327f
Merge branch 'enum_ad_perf' into enum_ad_users 2014-01-07 12:21:39 +00:00
Meatballs 3bf728da61
Dont store in DB by default 2014-01-07 12:20:44 +00:00
Joe Vennix 49d1285d1b Add explicit json require. 2014-01-06 11:15:10 -06:00
Joe Vennix 723c0480ab Fix description to be accurate. 2014-01-04 19:06:01 -06:00
Joe Vennix f2f68a61aa Use shell primitives instead of resorting to
echo hacks.
2014-01-04 19:00:36 -06:00
Joe Vennix b9c46cde47 Refactor runCmd, allow js exec.
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
Tod Beardsley cd38f1ec5d
Minor touchups to recent modules. 2014-01-03 13:39:14 -06:00
OJ 1cb671b02e
Merge branch 'adjust_getenv_api' into stop_abusing_expand_path 2014-01-03 08:14:02 +10:00
jvazquez-r7 3f0ee081d9 Beautify description 2014-01-02 15:37:58 -06:00
jvazquez-r7 d5e196707d Include Msf::Post::Windows::Error 2014-01-02 13:41:37 -06:00
jvazquez-r7 ec8d24c376 Update against upstream 2014-01-02 12:55:46 -06:00
jvazquez-r7 3bccaa407f Beautify use of Regexp 2014-01-02 12:54:54 -06:00
bmerinofe 832b0455f1 Class constants and Regex added 2013-12-31 03:20:12 +01:00
jvazquez-r7 4366d4da20 Delete comma 2013-12-30 11:45:52 -06:00
jvazquez-r7 54a6a4aafa
Land #2807, @todb-r7's armory support for bitcoin_jaker 2013-12-30 11:44:51 -06:00
bmerinofe e3d918a8a3 Applying changes 2013-12-30 01:49:13 +01:00
Tod Beardsley 88cf1e4843
Default false KILL_PROCESSES for bitcoin_jacker
I seem to able to read associated wallet files while these processes are
running with the greatest of ease. Maybe there was a file locking
concern, but I haven't run into it. Feel free to avoid landing this
particular commit if you disagree.
2013-12-29 14:12:00 -06:00
Tod Beardsley 5e0c7e4741
DRY up bitcoin_jacker.rb, support Armory
Also, make the process killing optional.
2013-12-29 13:07:43 -06:00
TabAssassin 9384a466c1
Retab bitcoin_jacker.rb 2013-12-29 10:59:15 -06:00
Tod Beardsley 6fcd12e36c Refactor for clearer syntax and variables
This was done on a barely configured Windows machine, so mind the tabs.
2013-12-29 10:15:48 -06:00
Tod Beardsley ef73ca537f First, clean up the original a little 2013-12-28 18:57:04 -06:00
sinn3r f2335b5145
Land #2792 - SSO/Mimikatz module overwrites password with N/A 2013-12-27 17:25:44 -06:00
Tod Beardsley d6a63433a6
Space at EOL 2013-12-26 10:37:18 -06:00
sinn3r 78db7429d0 Turns out the latest Safari is still vulnerable.
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
2013-12-24 19:27:45 -06:00
sinn3r a26e12b746 Updates descriiption and improves regex for safari_lastsession.rb
This updates two things for the safari_lastsession post module:

1. The description is updated: More information is added to describe
how Safari would end up storing the Gmail credential in the last
session state, and what it means to you as an attacker.

2. Regex update for the domain to search for: Before the module starts
extract the session data, it needs to know which domain to extract from.
Originally I only added mail.google.com, but turns out the sensitive info
can be found in accounts.google.com, so I added that one.
2013-12-24 14:00:55 -06:00
Meatballs bf8c0b10fa
Dont store n/a creds 2013-12-21 09:04:02 +00:00
jvazquez-r7 a043d384d4
Land #2738, @jiuweigui update to enum_prefetch 2013-12-20 10:26:54 -06:00
Meatballs 71ba78c2f0
Direct to correct module 2013-12-20 16:09:57 +00:00
Meatballs f99a5b8b47
Update for extapi 2013-12-20 13:18:01 +00:00
Meatballs 4ca25d5d89
Merge branch 'enum_ad_perf' into enum_ad_users 2013-12-20 12:54:24 +00:00
Meatballs 62ef810e7c
Use Extapi if available 2013-12-19 18:18:47 +00:00
Meatballs 737154c2fe
Update to use extapi 2013-12-19 16:46:09 +00:00
William Vu 9434d60021 Remove EOL whitespace from OS X hashdump 2013-12-19 10:39:49 -06:00
Meatballs 3ef1c0ecd6 Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2013-12-19 14:25:07 +00:00
Meatballs 244cf3b3f6 Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf 2013-12-19 13:59:57 +00:00
OJ a77daa0902 Fix download_exec to better handle spaces
It was just wrong. Now it actually works.
2013-12-19 13:00:26 +10:00
OJ 9fb081cb2d Add getenvs, update getenv, change extract_path use
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.

Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.

The meterpreter console `getenv` command now uses `getenvs`
2013-12-19 11:54:34 +10:00
sinn3r 8dfa2e6963
Land #2734 - OSX Gather Autologin Password as Root 2013-12-18 15:37:45 -06:00
sinn3r 5011c4d928 The "unless" Ruby nazi is in town 2013-12-18 15:28:31 -06:00
sinn3r 5ec3d5f3f6 Raise specific exceptions 2013-12-18 15:27:49 -06:00
Tod Beardsley c4b8178663
Correct camelCase of YouTube 2013-12-18 14:06:45 -06:00
Meatballs 3e54379b0e
Merge remote-tracking branch 'upstream/master' into wmic_post
Conflicts:
	lib/msf/core/post/windows.rb
2013-12-18 13:40:54 +00:00
sinn3r 10e16673a7 There must be read_file 2013-12-17 16:42:49 -06:00
sinn3r 21feae0bbc Make sure the file path is readable when it's ~/ 2013-12-17 16:38:58 -06:00
jvazquez-r7 7ec96876d9 Delete unnecessary includes 2013-12-17 15:57:09 -06:00
sinn3r 374ef71c12 Favor read_file instead 2013-12-17 15:34:52 -06:00
sinn3r ea6ba2b159 Add post module to get LastSession.plist
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
2013-12-17 13:07:30 -06:00
bmerinofe 89ffafad0e Changes to Service mixin 2013-12-17 13:10:27 +01:00
Tod Beardsley 040619c373
Minor description changes
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
jiuweigui 446db78818 Minor fix to gather_pf_info function 2013-12-16 21:33:07 +02:00
Meatballs b532987b8f
Re-add file out to wmic_command 2013-12-14 20:58:33 +00:00
Meatballs 7902f061ca
Final tidyup 2013-12-14 20:18:14 +00:00
Meatballs 04496a539c
Fix up local wmi exploit. 2013-12-14 20:05:51 +00:00
Meatballs 4224c016f4
Use WaitForSingleObject instead of loop 2013-12-14 18:42:31 +00:00
Meatballs 12afdd2cbb
Get and parse result from clipboard 2013-12-14 18:30:43 +00:00
Meatballs 3ad1e57f8d
Merge remote-tracking branch 'upstream/master' into wmic_post 2013-12-14 16:25:31 +00:00
bmerinofe f185c2deb1 added driver_loaded post meterpreter module 2013-12-14 00:07:04 +01:00
jvazquez-r7 7ab1369515
Land #2757, @wchen-r7's youtube post module 2013-12-12 16:36:42 -06:00
sinn3r 1bcaffccc8 Make sure profile name is random 2013-12-12 16:19:06 -06:00
sinn3r 036955983d Add support for Linux, thanks @jvennix-r7! 2013-12-12 16:12:36 -06:00
sinn3r 7d12ced66e Remove unnecessary require statements 2013-12-12 13:49:54 -06:00
sinn3r ce18ac4c62 fix comment 2013-12-12 12:49:46 -06:00
sinn3r 97e9daaa6a Change title 2013-12-12 12:42:07 -06:00
sinn3r de087d134a Account for error 2013-12-12 12:41:05 -06:00
sinn3r 7ff0f4a2e7 move to multi for real 2013-12-12 12:35:58 -06:00
sinn3r 4d1a07bdfc Move to multi 2013-12-12 12:34:45 -06:00
sinn3r 17b5d3c375 Add support for OSX 2013-12-12 12:33:59 -06:00
sinn3r 509ebddb87 Turns out there's -k, that's easier 2013-12-12 10:09:02 -06:00
sinn3r 54a5dfc344 This module allows you to broadcast a Youtube video on compromised machines 2013-12-12 02:34:00 -06:00
jvazquez-r7 374e40c815 Add requires 2013-12-11 12:05:12 -06:00
jvazquez-r7 572ddacdd6 Clean ie_proxypac 2013-12-11 11:49:29 -06:00
jvazquez-r7 7589b4c4d5 Merge for retab 2013-12-11 11:47:30 -06:00
bmerinofe e6eeb4a26d rescue RuntimeError added 2013-12-11 03:00:13 +01:00
jvazquez-r7 2ef3caa9d7
Land #2735, @jvennix-r7 support of 10.8+ on osx hashdump 2013-12-10 09:39:04 -06:00
Tod Beardsley 1b3bc878f8
Unscrew the author name 2013-12-09 21:32:03 -06:00
bmerinofe e9edce10ac Applying changes 2013-12-10 03:07:40 +01:00
Joe Vennix 06b651de7b Revert read_file to cat so that pipe will work. 2013-12-09 19:30:08 -06:00
Joe Vennix 450716c788 Remove meterpreter support from osx autologin gather. 2013-12-09 19:19:20 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
Joe Vennix 6d1d45c691 Add user param to nt_hash call. 2013-12-09 10:28:06 -06:00
sinn3r 9c5991980a
Land #2733 - Disable meterpreter support because they're not stable 2013-12-09 02:50:36 -06:00
Joe Vennix dea35252af Kill unused method. 2013-12-08 14:35:49 -06:00
Joe Vennix df76651834 Make sure loot is named correctly. 2013-12-08 14:31:18 -06:00
Joe Vennix 7f3ab14179 Make pipe part of /bin/bash cmd. 2013-12-08 14:27:28 -06:00
Joe Vennix 9b34a8f1ad Supports 10.3 2013-12-08 14:26:16 -06:00
Joe Vennix f981a04918 Fix MATCHUSER bug.
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
2013-12-08 14:21:48 -06:00
jiuweigui 2a0b503f06 Minor fix 2013-12-08 18:17:22 +02:00
Joe Vennix eacab1b2ad Fix description, kill dead constant. 2013-12-07 22:28:16 -06:00
Joe Vennix 969f45fd32 Refactor OSX hashdump post module.
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
2013-12-07 22:22:23 -06:00
Joe Vennix 3066e62711 Fix typo, fix no-autologin users bug. 2013-12-07 19:27:36 -06:00
Joe Vennix 4cb788b9de Adds osx autologin password post module. 2013-12-07 19:01:35 -06:00
Joe Vennix c6eac67ab5 Kill meterpreter support for osx media modules.
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
bmerinofe 5e5fd6b01a Unless replaced 2013-12-06 15:01:35 +01:00
Meatballs 3aebe968bb
Land #2721 Reflective DLL Mixin
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.

Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
OJ 73d3ea699f Remove the last redundant error check 2013-12-06 09:32:21 +10:00
OJ 2cb991cace Shuffle RDI stuff into more appropriate structure
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
William Vu 79e23a1e13
Land #2675, @JonValt's forensics/browser_history
Great job!
2013-12-05 09:35:53 -06:00
Joshua Harper PI GCFE GCFA GSEC cd5172384f Rename gather_browser_history.rb to browser_history.rb 2013-12-05 08:43:19 -06:00
Joshua Harper 3957bbc710 capitalization ("skype")
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120307)

Removed some Chrome artifacts and renamed one to reflect "Archived History."  
(https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r8120314)
((Will include other doxxes in another module.))
2013-12-05 08:33:47 -06:00
jiuweigui 717f45ac09 Minor modification 2013-12-05 09:07:28 +02:00
jiuweigui 902d48efab Delete debug prints 2013-12-05 09:03:42 +02:00
jiuweigui 492cd1ca07 Modifications how info is collected from pf files. 2013-12-05 08:56:26 +02:00
OJ b936831125 Renamed the mixin module 2013-12-05 08:13:54 +10:00
bmerinofe 1833b6fd95 More changes. No admin privs check 2013-12-04 14:51:46 +01:00
OJ 7e8db8662e Update name of the mixin
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
bmerinofe 05479b2a19 Added new options 2013-12-04 11:45:37 +01:00
OJ f79af4c30e Add RDI mixin module
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.

This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
bmerinofe 5c266adfd7 added ie_proxypac post meterpreter module 2013-12-03 22:23:09 +01:00
sinn3r 19293d89dd
Land #2704 - rm script launcher and fix file_exists? 2013-12-02 15:05:01 -06:00
Peter Toth 44e37f1b98 Improved meterpreter compatibility 2013-12-02 21:43:58 +01:00
Joshua Harper d1dd7c291b cosmetic (indentation)
https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7977962
2013-12-02 13:16:48 -06:00
jvazquez-r7 7e379376dc
Land #2635, @peto01 and @jvennix-r7's osx post module to manage volumes 2013-12-02 09:22:23 -06:00
jvazquez-r7 cc2b7950bf Do minor cleanup to mount_share 2013-12-02 09:21:36 -06:00
joev 040a629f34 Kill meterpreter support.
* Meterpreter seems to fall over on the cmd escaping, and dies if you
try to pass it an array of args (python/java meterpreter on various versions
of osx).
2013-12-01 20:17:43 -06:00
joev 2de9a4f3c1 Add support for 10.5 shares. 2013-12-01 20:13:54 -06:00
Joshua Harper cdf6ffa70d Complete refactor with lots of help from @kernelsmith and @OJ. Thank you guys so much. 2013-11-27 21:02:48 -06:00
sinn3r a8af050c16 Update post module Apache Tomcat description
This module's description needs to be more descriptive, otherwise
you kind of have to pull the source code to see what it actually
does for you.
2013-11-27 19:21:27 -06:00
Joshua Harper 1c17383eff removed return file_loc
removed extra space
2013-11-27 15:04:31 -06:00
Joshua Harper 036cd8c5ad couple cosmetic changes per wvu-r7 2013-11-27 14:44:39 -06:00
Peter Toth 95a98529c4 Removed script launcher wrapper and fixed the file_exists so that the module now detects input 2013-11-27 21:38:20 +01:00
joev 6561f149a8 DRY up URL_REGEX constant. 2013-11-27 06:16:25 -06:00
joev b0416b802d Change the Recent shares implementation.
* Allows us to see protocol of Recent Shares
* Parses protocol from file share URL
2013-11-27 06:08:48 -06:00
joev e876155e1a More tweaks to mount_share.
* Adds some docs to some of the methods to further distinguish
the separate sets of shares.
2013-11-27 05:45:46 -06:00
joev 485e38ebca Some code tweaks to post/osx/mount_share.
* Make PROTOCOL an Enum
* Move path override options to advanced section
* More Enumerable rework
* Move one-off regexes back to inline, pull out protocol list
2013-11-27 05:22:12 -06:00
William Vu f3e71c2c9d Be more specific
Perl!
2013-11-27 01:03:41 -06:00
William Vu b202b98a42 Anchor the scheme 2013-11-27 00:57:45 -06:00
William Vu e8da97aa17 Fix extraneous use of which and cmdsub
I don't even.
2013-11-27 00:43:07 -06:00
William Vu 288476441f Fix improper use of expand_path
I don't even.
2013-11-27 00:42:09 -06:00
jonvalt 9dbeb55b9a removed single quotes from inside %q{} on line 22 per https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7913331
removed empty advanced options registration on line 28 per https://github.com/rapid7/metasploit-framework/pull/2675#discussion_r7913342
2013-11-26 10:29:38 -06:00
sinn3r 48578c3bc0 Update description about suitable targets
The same technique work for Microsoft Office 2013 as well. Tested.
2013-11-24 23:02:37 -06:00
jvazquez-r7 49441875f3
Land #2683, @wchen-r7's module name consistency fix 2013-11-24 16:51:22 -06:00
Meatballs b015dd4f1c
Land #2532 Enum LSA Secrets
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
Meatballs 7f048bcd2c
Merge HOSTFILE and CSV input
And remember to uniq the array.
2013-11-24 15:28:44 +00:00
Meatballs 511d176128
Add hostfile resolution 2013-11-24 15:20:04 +00:00
Meatballs 23a267b65c
Undo move 2013-11-24 15:06:36 +00:00
Meatballs 23ac7ad75a
Merge remote-tracking branch 'upstream/master' into getaddrinfo 2013-11-24 15:00:00 +00:00
Meatballs c03c33f6f6
Initial commit 2013-11-24 14:58:18 +00:00
sinn3r ce8b63f240 Update module name to stay consistent
This module is under the windows/gather, so must be named the same
way like the rest.
2013-11-24 01:01:29 -06:00
Meatballs 72822cfa2d
Save egypt from eol comments 2013-11-23 22:11:46 +00:00
Meatballs 646f977888
Use post mixin 2013-11-23 22:07:07 +00:00
Meatballs 4d3e061e43
Merge branch 'enum_ad_perf' into enum_ad_users 2013-11-23 22:05:15 +00:00
Meatballs 699d13eef1
Share the wealth
Move LDAP methods to a Post mixin.
2013-11-23 21:42:09 +00:00
Meatballs 11f00cc50b
Backout small change 2013-11-23 21:23:25 +00:00
Meatballs 0c8fc657bb
Address @jlee-r7's comments 2013-11-23 19:42:33 +00:00
jonvalt b712c77413 capitalization 2013-11-22 14:37:54 -06:00
jonvalt 52a3b93f24 Hopefully final commit.
ALL issues mentioned by todb in https://github.com/rapid7/metasploit-framework/pull/2663/ have been fixed or erased.

Only exception is comment https://github.com/rapid7/metasploit-framework/pull/2663/#discussion_r7837036 which if omitted as recommended, breaks the module.
2013-11-22 14:17:20 -06:00
jonvalt 9addd37458 minor changes:
s/grab/gather/g
2013-11-22 14:03:54 -06:00
jonvalt b742ed13b9 junk commit 2013-11-22 12:38:06 -06:00
Peter Toth 4a6511311d Code improvements according to feedback 2013-11-22 15:35:45 +01:00
Peter Toth 3afa21c721 Added favorite and recent shares to the output 2013-11-21 23:55:24 +01:00
sinn3r b5fc0493a5
Land #2642 - Fix titles 2013-11-18 12:14:36 -06:00
jvazquez-r7 f6f0d81149
Land #2632, @peto01 OSX VPN Manager post module 2013-11-18 09:49:14 -06:00
jvazquez-r7 0a930ef6e1 Clean osx vpn post module 2013-11-18 09:47:52 -06:00
jiuweigui b2e7ff4587 Small change for filetime conversion 2013-11-17 22:26:30 +02:00
jiuweigui b73260b74c Add functionality to enum_prefetch post module 2013-11-17 22:10:55 +02:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
Peter Toth 7db42efdd4 Code restructure and more robust error handling 2013-11-14 13:44:49 +01:00
James Lee 5b96ad595f
Skip reg values with no secretes
Also update header comment to match new standard
2013-11-13 19:05:16 -06:00
James Lee cb10b4783b
Mark XP hashes as mscash for JtR to recognize 2013-11-13 19:04:16 -06:00
James Lee 0aef145f64 Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa 2013-11-13 18:11:21 -06:00
James Lee 8471f74b75
Refactor ivar to a more reasonable method
Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
2013-11-13 18:09:41 -06:00
James Lee 8bb72764ec
Rename credentials/lsa -> lsa_secrets
Secrets are not necessarily credentials
2013-11-13 15:23:15 -06:00
James Lee 16627c1bd3
Add spec for capture_lsa_key 2013-11-13 15:16:34 -06:00
jvazquez-r7 2b19490095 Fix Exception handling 2013-11-13 13:57:15 -06:00
jvazquez-r7 95f371a1a6 Move screen_capture to the capture folder 2013-11-13 13:41:11 -06:00