0451d4f079
Cleanup
2016-06-15 22:41:59 +01:00
8a68e86a0a
Update enum_trusted_locations.rb
...
Changed some colours
2016-06-15 13:42:38 +01:00
48714184f3
Update enum_trusted_locations.rb
...
Added product it found the locations in.
2016-06-15 13:41:19 +01:00
1ba33ff7f8
Fixed MSFTidy
...
Fixed MSFTidy stuff
2016-06-12 13:00:44 +01:00
a2a97d0271
Update enum_trusted_locations.rb
...
Fix some changes, I had emet references.
2016-06-12 11:06:20 +01:00
2e03c3511e
Add enum_trusted_locations.rb
...
Quickly enumerates trusted locations for file planting :)
2016-06-12 10:59:57 +01:00
233186c833
Check presence in local admin group
...
As the "is_admin?" function only checks if the current session effectively has admin rights, I offer to add a check to know if the current user is in the local admin group using the "is_in_admin_group?" function. This information is better suited to check if admin rights are obtainable using the "bypassuac" module.
2016-06-09 17:47:09 +02:00
eaaa9177d5
Fix "username" key to add login in creds database
2016-06-08 10:38:38 +02:00
ca76e8f290
Update allwinner_backdoor report_vuln hash
2016-05-24 00:57:37 -05:00
928a706135
Land #6890 , Allwinner CPU kernel module local privilege escalation
2016-05-23 22:00:52 -05:00
2f8562fba4
added documentation and minor style tweaks
2016-05-23 21:59:44 -05:00
4242bbdf55
change report_note to report_vuln per note
2016-05-23 17:36:50 -04:00
c621f689b2
more descriptive note per @sempervictus
2016-05-18 19:08:01 -04:00
815a2600a8
additional description
2016-05-17 22:07:33 -04:00
640e0b9ff7
working ready for pr
2016-05-17 21:58:32 -04:00
2e3e4f0069
Land #6296 , Added a multi-platform post module to generate TCP & UDP egress traffic
2016-05-14 00:03:00 -05:00
3542d907f7
simplify description, move the bulk of documentation to documentation/
2016-05-14 00:01:51 -05:00
314d73546c
additional details, not working on tablet via malicious apk meterpreter
2016-05-13 23:12:44 -04:00
5099124f3d
module compiles, fails correctly but cant yet verify it works
2016-05-12 22:18:43 -04:00
a69432abe5
update module class and move to recon from manage
2016-05-12 12:42:04 -05:00
9f923cdb00
Merge branch 'master' into land-6296-egress
2016-05-12 12:36:47 -05:00
57a3a2871b
remove various session manipulation hacks since session.platform should always contain an os identifier
2016-05-08 22:39:41 -05:00
2f66442f1d
Fix #5191 , bad LHOST format causes shell_to_meterpreter to backtrace
...
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.
Fix #5191
2016-04-28 23:03:54 -05:00
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
da9f156913
Print IP in print_*
2016-04-22 16:03:31 -05:00
3aa02891e9
Bring #6801 up to date with upstream-master
2016-04-22 14:04:26 -05:00
16ff74e293
syntax check / code reduce
2016-04-22 10:53:03 +08:00
ca4bcfe62a
Update enum_emet.rb
...
Cleaned up a bit more
2016-04-22 00:41:10 +01:00
c81d0ade3f
Update, implemented
...
Took @bcook-r7's advice
2016-04-22 00:37:03 +01:00
30ac6b4a93
enum_emet
...
A module to enumerate all the EMET wildcard paths.
2016-04-22 00:20:25 +01:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
57467b94d9
Fix RegExp evaluation in is_routable? function
2016-04-20 10:22:46 -05:00
3da451795c
Fix potential case issue
...
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
48556483b5
Fix a few comments
2016-04-17 19:16:52 -05:00
32590c89b7
Add interface name to routing status message
2016-04-17 14:15:50 -05:00
fb7194c125
Work on autoroute.md
2016-04-17 00:04:42 -05:00
a5e48b6112
Add default option and clean up comments
2016-04-16 19:50:08 -05:00
6550e0bc1b
Finish up autoadd_interface_routes
2016-04-16 18:42:41 -05:00
b3d199c055
Add get_subnet_octet and test
2016-04-16 14:57:39 -05:00
b1064af082
Initial get_subnet testing
2016-04-16 13:50:15 -05:00
018e7807fe
Identify routable networks
2016-04-15 22:21:54 -05:00
e8863ba09d
Initial autoadd_interface_routes work
2016-04-15 22:13:17 -05:00
5f5c330f2b
Initial Testing of Interface Info Gather
2016-04-14 21:59:48 -05:00
c39410a070
Fix autoadd problem
2016-04-13 23:31:27 -05:00
2319629dd8
Update comments
2016-04-13 05:03:11 +02:00
4970047198
./modules/post/linux/dos/xen_420_dos.rb
2016-04-13 03:31:02 +02:00
cba7353e1d
Fix another typo?
2016-04-07 17:12:11 -05:00
ff9d94218d
Fix a typo?
2016-04-07 17:11:42 -05:00
a3c390ee9d
Change class name to MetasploitModule
2016-04-07 17:11:08 -05:00
f09637a1c7
Bring #6377 up to date with upstream-master
2016-04-07 17:06:49 -05:00
0d3eb4f055
Change class name to MetasploitModule
2016-04-07 12:15:32 -05:00
0f56dbd858
Bring #6378 up to date with upstream-master
2016-04-07 12:10:55 -05:00
ac051bda7f
Add check is_routable?, and change netmask if needed
2016-04-06 15:28:54 -05:00
d240e0b3a2
Bring #6515 up to date with upstream-master
2016-04-06 11:27:32 -05:00
4074634a13
Land #6713 , Add post exploit module for HeidiSQL's stored passwords
2016-03-30 12:10:30 -05:00
0c6b4d81c8
More proper exception handling
2016-03-30 12:09:40 -05:00
aaa1515ba0
Print rhost:rport
2016-03-30 11:56:09 -05:00
397d5580be
Use MetasploitModule convention
2016-03-30 15:44:37 +01:00
f8628e3438
Merge remote-tracking branch 'upstream/master' into wdigest_enable
2016-03-30 15:44:21 +01:00
9e45f0c104
Minor tidies
2016-03-30 15:29:03 +01:00
976932ed43
Initial commit
2016-03-26 12:00:25 +01:00
d54bbdf9a3
Land #6566 , filezilla xml file locations
2016-03-17 16:27:24 -05:00
115a033036
Fix parsing the Last Server xml
2016-03-17 16:27:02 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
f83cb4ee32
fix set_wallpaper
2016-03-16 13:07:41 +00:00
cd84ac37d6
Land #6569 , check if USERNAME env var exists before using in enum_chrome post module
2016-03-13 15:12:51 -05:00
c89e53d0a3
Land #6666 , fix filezilla_server display bug showing the session ID
2016-03-13 13:56:44 -05:00
51cdb57d42
Fix #6569 , Add a check for USERNAME env var in enum_chrome post mod
...
Fix #6569
Depending on the context, the USERNAME environment variable might
not always be there.
2016-03-11 15:36:44 -06:00
8217d55e25
Fix display issue when SESSION is -1
2016-03-11 11:37:22 -06:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
a1190f4344
Land #6598 , add post module for setting wallpaper
2016-03-06 15:00:10 -06:00
86845222ef
add meterpreter platform workaround
2016-03-06 14:51:34 -06:00
c7c0e12bb3
remove various module hacks for the datastore defaults not preserving types
2016-03-05 23:11:39 -06:00
c7f9fbcdfa
Change to enable/disable
2016-03-06 04:31:24 +00:00
6b510005da
Reverse os checks
2016-03-06 04:31:23 +00:00
0e52fda708
Initial tidy
2016-03-06 04:31:23 +00:00
d955c6a8f6
style fixes
2016-02-29 14:06:49 -06:00
89b0c8a27a
Land #6571 , use intent to unlock Android screens, support <= 4.3
2016-02-26 05:55:35 -06:00
f3cf5a8a41
Resolve merge conflict with upstream-master
...
Out of date author field
2016-02-25 14:49:53 -06:00
27af59ea7c
minor tweaks
2016-02-20 08:35:56 +00:00
8a15c36770
Land #6563 , VNC creds scraper uninstall location
2016-02-19 15:01:23 -06:00
bfd204ac50
Fix some cosmetic issues
2016-02-19 15:00:56 -06:00
873250dbec
Land #6557 , bug fix priv_migrate user migration
2016-02-19 12:03:30 -06:00
b58166a9a8
add android platform to the hash
2016-02-18 20:13:39 -06:00
5c92076a1e
more cleanup
2016-02-14 09:15:25 +00:00
bc74ceb8c5
Handle errors when parsing interfaces.xml, add check for several locations
2016-02-11 15:56:58 +01:00
e738b5922d
fix play_youtube to work on Android
2016-02-11 07:16:40 +00:00
9791e66683
fix remove_lock to work with 4.3 devices
2016-02-11 07:10:05 +00:00
8118198628
Add vprint of the exception message
2016-02-10 22:47:51 +01:00
1637891ece
Add check for the uninstall location in vnc post module
2016-02-10 20:30:41 +01:00
62dd82e653
Make fix easier to read
2016-02-10 11:24:45 -06:00
a93f200851
cosmetic fixes
2016-02-10 07:51:13 +00:00
4653c27167
Fix minor grammar error in description
2016-02-09 21:24:40 -06:00
08a41b0a31
Fix issue when target PID not owned by session
2016-02-09 21:22:50 -06:00
d544bf9311
android set wallpaper
2016-02-01 01:16:17 +00:00
96ab598835
set wallpaper
2016-02-01 01:01:24 +00:00
3d4b7af6bb
Update description
2016-01-30 14:35:03 -06:00
413ea53984
Add found flag and touchup code
2016-01-30 14:31:45 -06:00
3abb6feb3f
Add autoadd feature to autoroute.rb
2016-01-29 21:34:22 -06:00
6fb27a3da9
Undo path and move the out of bound check
2016-01-28 23:49:50 -06:00
d515e4db64
Unwanted comment
2016-01-21 00:55:08 -06:00
bda76c7340
Update lastpass_creds module
2016-01-21 00:53:16 -06:00
348ae586a7
Handle vault parsing exceptions
2016-01-15 14:54:59 -08:00
315d079ae8
Land #6402 , Add Post Module for Windows Priv Based Meterpreter Migration
...
We are also replacing smart_migrate with this.
2016-01-13 01:21:32 -06:00
6deb57dca3
Deprecate post/windows/manage/smart_migrate and other things
...
This includes:
* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
2016-01-12 23:14:13 -06:00
7128c408c8
Land #6375 , Active Directory Managed Groups Enumeration
2016-01-12 11:21:31 +00:00
4ba2d56f49
Just search on DN for samaccountname
2016-01-12 11:20:20 +00:00
3bee2fff70
Use native method dir
2016-01-08 16:06:24 -08:00
5e6620f2cf
add yard doc and lexical sorting
...
lexical sort methods and add missing YARD docs
2016-01-08 14:36:21 -06:00
536378e023
move datastore kill check to kill method
...
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
2016-01-08 14:31:42 -06:00
9716b97e1c
split up the migration efforts
...
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
2016-01-08 14:26:39 -06:00
ad50f9a047
move default targets to constants
...
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
2016-01-08 14:03:30 -06:00
8c6bdd532b
Use ? for SQL queries
2016-01-07 22:50:23 -08:00
b46095f3d6
Remove custom method checking file exists
2016-01-07 22:21:10 -08:00
e7701b6d5f
Fix incoherent method to always return a list
2016-01-07 22:17:04 -08:00
4e99c873c8
Fix issue when target_pid == current_pid
2016-01-06 19:58:07 -06:00
60c506d7fb
Replace error handling methods
2016-01-06 18:53:54 -06:00
30a866a85b
Update enable_rdp.rb
...
Fixed some typos.
2016-01-04 09:52:57 +00:00
47f9880690
Land #6395 , grammar fixes for recovery_files.rb
...
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
2015-12-28 15:57:41 -06:00
cf0e982e83
Land #6386 , VNC creds module fix
2015-12-28 02:32:26 -06:00
6b9c74eec7
Prefer gsub and nix the return
2015-12-28 02:31:47 -06:00
0de69a9d40
Add post Windows privilege based migrate
2015-12-27 19:26:21 -06:00
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb
2015-12-24 07:57:16 -08:00
431c6001a8
Fix recovery_files.rb Description grammar errors
2015-12-24 10:10:39 -05:00
d6dacd1580
Fixed bug when generating native traffic with one thread
2015-12-23 15:28:33 +00:00
391145a4af
Checking if group_filter is empty
2015-12-23 15:14:37 +00:00
2f71730484
Gather VNC null byte fix + formatting
2015-12-22 17:30:37 +00:00
45b9230efb
Redirect python stderr to stdout, darwin python platform
2015-12-22 11:32:31 +00:00
be9197fc97
quick fix for issues #6359
2015-12-22 03:26:31 +00:00
f9d74143c3
fix typo
2015-12-22 03:25:34 +00:00
f950633d32
renamed
2015-12-21 18:16:06 +00:00
e09c2944cf
Renamed module to be more descriptive
2015-12-21 18:15:39 +00:00
4c27f381dc
rubocop & msftidy
2015-12-21 18:15:19 +00:00
8438774077
Bug
2015-12-21 18:13:58 +00:00
0b6969afbc
Rubocop. This encoding mess was the only way I could find to deal with a number of parsing errors when testing this against a multilingual domain.
2015-12-21 17:30:32 +00:00
30e283b0ae
fixup
2015-12-21 17:28:36 +00:00
751a0708bf
rubocop
2015-12-21 13:32:29 +00:00
0c8aa0bd5c
msftidy - fixed module name
2015-12-21 13:32:11 +00:00
0081c79f39
Added comments
2015-12-21 13:31:26 +00:00
03b904cc4e
Initial version
2015-12-21 13:29:47 +00:00
16cf3c6207
Further messing about with unicode conversions
2015-12-21 13:28:27 +00:00
e8c8c54cb0
Use a regex with a negative lookbehind to cope with CNs that contain commas
2015-12-21 11:44:37 +00:00
d8b3b15da6
Trying to fix encoding errors
2015-12-21 11:43:12 +00:00
76f99cbc7f
Fixing UTF-8 encoding errors with some strangely named groups
2015-12-21 11:11:01 +00:00
b0fca769d7
capitalisation
2015-12-21 10:39:30 +00:00
Meatballs
Vincent Yiu
Crypt0-M3lon
William Vu
Brent Cook
h00die
wchen-r7
join-us
Josh Hale
Adam Cammack
CSendner
Hans-Martin Münch (h0ng10)
James Lee
Tim
Christian Mehlmauer
Louis Sato
nk
Martin Vigo
David Maloney
Kyle Gray
Jon Hart
karllll
Stuart Morgan
g0tmi1k
Rory McNamara