2b5517f597
Land #7506 , Add gather AWS keys post module
2016-11-11 13:56:12 -06:00
47ec362148
Small fixes for dbvis enum
2016-11-01 07:35:36 +10:00
557424d2ec
Small tidy of the multiport_egress_traffic module
2016-11-01 01:46:58 +10:00
ec8536f7e9
Fix firefox module to use symbols where appopriate
2016-11-01 01:43:25 +10:00
b9bbb5e857
Replace regex use with direct string checks in dbvis module
2016-11-01 01:35:01 +10:00
f754adad0c
Fix typo PAYLOAD_OVERWRITE vs PAYLOAD_OVERRIDE
2016-10-29 11:20:32 +01:00
640827c24b
Final pass of regex -> string checks
2016-10-29 14:59:05 +10:00
57eabda5dc
Merge upstream/master
2016-10-29 13:54:31 +10:00
8b97183924
Update UUID to match detected platform, fail exploit on invalid session
2016-10-29 13:45:28 +10:00
0737d7ca12
Tidy code, remove regex and use comparison for platform checks
2016-10-29 13:41:20 +10:00
8173e87756
Add references
2016-10-28 16:12:46 -07:00
96c204d1ea
Add aws_keys docs; correct description
2016-10-28 15:27:47 -07:00
1ca2fe1398
More platform/arch/session fixes
2016-10-29 08:11:20 +10:00
7dea613507
Initial commit of module for snagging AWS key material from shell/meterpreter sessions
2016-10-28 14:48:55 -07:00
6b77f509ba
fixes bad file refs for cmdstagers
...
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced
Fixes #7466
2016-10-21 12:31:18 -05:00
022830634b
Rejig platform to use windows instead of win32/win64
2016-10-14 10:10:04 +10:00
b77a910205
Land #7355 , allwinner post to local exploit conversion
2016-10-08 21:38:54 -05:00
b3c6ec09a0
Show status when gathering, which can take a bit
2016-09-30 06:42:22 -07:00
abed3bf6c2
Rename
2016-09-30 06:35:26 -07:00
2272e15ca2
Remove some anti-patterns, in the same spirit than #7372
2016-09-29 00:15:01 +02:00
cba297644e
post to local conversion
2016-09-22 22:08:24 -04:00
83160b7e49
Land #7173 , Add post module to compress (zip) a file or directory
2016-08-24 09:38:04 -05:00
89c3b6f399
Remove the -d flag for Linux machines
2016-08-23 18:43:50 -05:00
b081dbf703
Make destination required
2016-08-18 15:56:16 -05:00
60937ec5e9
If user is SYSTEM, then steal a token before decompression
2016-08-17 16:56:09 -05:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
ae59c4ae74
Land #6687 , Fix meterpreter platform to include OS in the tuple for all meterpreters
2016-08-07 05:00:24 -05:00
45801bc44e
get_env
2016-08-03 11:11:34 -05:00
bddf5edcf1
Fix typo
2016-08-03 11:04:53 -05:00
8f7d0eae0c
Fix #7155 - Add post module to compress (zip) a file or directory
...
Fix #7155
2016-08-02 14:44:58 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
d5d0b9e9b8
Revert "Land #6729 , Speed up the datastore"
...
This reverts commit c6b1955a5a4fb7472391
2016-06-28 13:39:52 -05:00
c6b1955a5a
Land #6729 , Speed up the datastore
2016-06-15 17:55:42 -05:00
eaaa9177d5
Fix "username" key to add login in creds database
2016-06-08 10:38:38 +02:00
ca76e8f290
Update allwinner_backdoor report_vuln hash
2016-05-24 00:57:37 -05:00
928a706135
Land #6890 , Allwinner CPU kernel module local privilege escalation
2016-05-23 22:00:52 -05:00
2f8562fba4
added documentation and minor style tweaks
2016-05-23 21:59:44 -05:00
4242bbdf55
change report_note to report_vuln per note
2016-05-23 17:36:50 -04:00
c621f689b2
more descriptive note per @sempervictus
2016-05-18 19:08:01 -04:00
815a2600a8
additional description
2016-05-17 22:07:33 -04:00
640e0b9ff7
working ready for pr
2016-05-17 21:58:32 -04:00
2e3e4f0069
Land #6296 , Added a multi-platform post module to generate TCP & UDP egress traffic
2016-05-14 00:03:00 -05:00
3542d907f7
simplify description, move the bulk of documentation to documentation/
2016-05-14 00:01:51 -05:00
314d73546c
additional details, not working on tablet via malicious apk meterpreter
2016-05-13 23:12:44 -04:00
5099124f3d
module compiles, fails correctly but cant yet verify it works
2016-05-12 22:18:43 -04:00
a69432abe5
update module class and move to recon from manage
2016-05-12 12:42:04 -05:00
9f923cdb00
Merge branch 'master' into land-6296-egress
2016-05-12 12:36:47 -05:00
57a3a2871b
remove various session manipulation hacks since session.platform should always contain an os identifier
2016-05-08 22:39:41 -05:00
2f66442f1d
Fix #5191 , bad LHOST format causes shell_to_meterpreter to backtrace
...
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.
Fix #5191
2016-04-28 23:03:54 -05:00
194a84c793
Modify stdapi so it also uses exist? over exists? for ruby parity
...
Also add an alias for backward compatibility.
2016-04-23 17:31:22 -04:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
3da451795c
Fix potential case issue
...
Even though the options were getting put back in a datastore, the
original case could still be lost and that would be bad.
2016-04-18 17:52:27 -04:00
f83cb4ee32
fix set_wallpaper
2016-03-16 13:07:41 +00:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
a1190f4344
Land #6598 , add post module for setting wallpaper
2016-03-06 15:00:10 -06:00
86845222ef
add meterpreter platform workaround
2016-03-06 14:51:34 -06:00
d955c6a8f6
style fixes
2016-02-29 14:06:49 -06:00
f3cf5a8a41
Resolve merge conflict with upstream-master
...
Out of date author field
2016-02-25 14:49:53 -06:00
27af59ea7c
minor tweaks
2016-02-20 08:35:56 +00:00
b58166a9a8
add android platform to the hash
2016-02-18 20:13:39 -06:00
5c92076a1e
more cleanup
2016-02-14 09:15:25 +00:00
e738b5922d
fix play_youtube to work on Android
2016-02-11 07:16:40 +00:00
a93f200851
cosmetic fixes
2016-02-10 07:51:13 +00:00
d544bf9311
android set wallpaper
2016-02-01 01:16:17 +00:00
96ab598835
set wallpaper
2016-02-01 01:01:24 +00:00
6fb27a3da9
Undo path and move the out of bound check
2016-01-28 23:49:50 -06:00
d515e4db64
Unwanted comment
2016-01-21 00:55:08 -06:00
bda76c7340
Update lastpass_creds module
2016-01-21 00:53:16 -06:00
348ae586a7
Handle vault parsing exceptions
2016-01-15 14:54:59 -08:00
3bee2fff70
Use native method dir
2016-01-08 16:06:24 -08:00
8c6bdd532b
Use ? for SQL queries
2016-01-07 22:50:23 -08:00
b46095f3d6
Remove custom method checking file exists
2016-01-07 22:21:10 -08:00
e7701b6d5f
Fix incoherent method to always return a list
2016-01-07 22:17:04 -08:00
f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb
2015-12-24 07:57:16 -08:00
d6dacd1580
Fixed bug when generating native traffic with one thread
2015-12-23 15:28:33 +00:00
45b9230efb
Redirect python stderr to stdout, darwin python platform
2015-12-22 11:32:31 +00:00
be9197fc97
quick fix for issues #6359
2015-12-22 03:26:31 +00:00
f9d74143c3
fix typo
2015-12-22 03:25:34 +00:00
2ddac42be7
Perform Rubocop cleanup
2015-12-19 23:33:32 -08:00
2fc940cc3e
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 22:19:20 -08:00
ab630166bb
Decrypt Chrome and Opera cookies and msdftify code
2015-12-19 21:40:30 -08:00
ccb13a2ca6
Add full IE support and bug fixes
2015-12-17 20:29:50 -08:00
b085989923
Land #6266 , rsync creds scraper
2015-12-14 11:37:30 -06:00
db788d1b7c
Land #6238 , CmdStager BOURNE_{PATH,FILE} options
2015-12-07 12:34:42 -06:00
fc9d818837
change youtube url
2015-12-04 10:15:56 +01:00
b4ade1989a
Add IE support for stored passwords
2015-12-04 00:13:42 -08:00
78d391fa10
Rubocop
2015-12-02 14:54:30 +00:00
99dceb33ac
Added 'ALL' support (to do TCP and UDP in one go)
2015-12-02 14:50:16 +00:00
15dd18dc4b
use single quotes, remove explicit nil
2015-12-02 09:36:07 +00:00
366b92a79e
Store rsync creds as creds, not loot
2015-12-01 15:30:39 -08:00
b66be85ccb
Rubocop
2015-12-01 22:32:04 +00:00
d5c0da5e19
Added 33434-33534 because this is the default udp range for traceroute (might be enabled by sysadmins to enbale traceroutes to work)
2015-12-01 22:31:12 +00:00
74a07709b8
Use the Comm param instead of adding a route as suggested by @jlee-r7 and hdm
2015-12-01 21:42:27 +00:00
c744b14a8a
Exclude python meterpreter, doesn't seem to work
2015-11-29 20:40:42 +00:00
6a3172268e
Fixed module metadata
2015-11-29 19:32:55 +00:00
2bc5b98d6e
Rubocop fixing alignment of ifs and ends
2015-11-29 19:17:49 +00:00
8b4649e75c
Working through rubocop issues
2015-11-29 19:11:10 +00:00
9267afc18b
Rubocop
2015-11-29 19:06:24 +00:00
9a6f0d6734
Reducing complexity (rubocop)
2015-11-29 19:06:07 +00:00
b5909852a9
Rubocop
2015-11-29 19:02:33 +00:00
d4bb5537b2
Fixed stupid paste error
2015-11-29 19:02:15 +00:00
fd7a6465c6
Attemping to simplify code
2015-11-29 19:01:34 +00:00
10f89239a5
rubocop
2015-11-29 18:59:40 +00:00
6a567845e0
Tidy up error messages
2015-11-29 18:54:46 +00:00
12dbe31bee
Apparently adding .close causes it to hang
2015-11-29 18:49:51 +00:00
41d963eeb1
Debugging
2015-11-29 18:34:26 +00:00
b6dfafaeb7
Stabilised code, still giving errors on threads>1 in native mode though
2015-11-29 18:14:19 +00:00
e18f8b5e21
Now works for both TCP and UDP
...
However, it gives 'interrupted by console user' as an error message for no reason (?timeouts?)
2015-11-29 17:53:04 +00:00
98e0050e8c
Fixed 'end' bugs (mismatched blocks)
2015-11-29 16:20:33 +00:00
af106737b9
Adding both native and winapi options, split out to functions & fix up
2015-11-29 16:17:07 +00:00
5ffeaddf1e
Added help
2015-11-26 14:01:40 +00:00
1ce0386d01
Reusing port array generation code
2015-11-26 13:59:15 +00:00
9d747e67a3
Fix bugs in new Firefox creds storage
2015-11-25 21:28:07 -08:00
a692a5d36c
Remove Platform, this should work everywhere; correct grammar
2015-11-25 11:23:18 -08:00
09d4bd8175
Added basic function definition for non-Win32API egress
2015-11-24 15:38:06 +00:00
4ea732716a
Added file
2015-11-24 15:37:44 +00:00
718e928fe3
Control per-user config file
2015-11-23 11:11:03 -08:00
93bb31dfa0
Make path to rsyncd configuration file configurable
2015-11-21 19:50:33 -08:00
f34c7a8594
Support for new Firefox method to store credentials
2015-11-20 23:42:59 -08:00
aa962f30a9
Minor style/usability cleanup
2015-11-20 13:51:31 -08:00
a96102c20a
Minor cleanup
2015-11-20 13:19:38 -08:00
c75e3c8e84
Initial commit of a post module for looting rsync credentials
2015-11-20 12:57:33 -08:00
811167442c
Re-disable debugging nodelete
2015-11-17 13:10:03 +00:00
2b99969f9a
quote paths to allow spaces
2015-11-15 00:14:30 +00:00
e3f25fd6e2
Add support for specifying path, file in bourne dropper
2015-11-14 18:31:11 +00:00
38ca943219
Remove unneeded width arg
2015-11-13 11:49:50 -08:00
4604f8cd83
Move cowsay to Rex::Text so that everyone can enjoy it ;)
2015-11-13 08:57:48 -08:00
211da2746e
Support cookie auth key decryption
2015-11-11 16:26:07 -08:00
15cfa925c8
Document the cloud mess
2015-11-11 12:06:53 -08:00
a328675f77
Add simulated cowsay support to wall
2015-11-11 11:54:46 -08:00
8d21a91f3e
Add initial wall module
2015-11-11 09:15:32 -08:00
43229c16e7
Correct some authors with unbalanced angle brackets
2015-11-06 13:24:58 -08:00
20679ea6c6
Land #5720 , @g0tmi1k's changes to firefox_creds post module
2015-11-05 15:36:08 -06:00
b0f92b49a2
Print vault passwords
2015-11-01 21:47:00 -08:00
e67065a7e9
Fix Firefox/Opera bugs
2015-10-26 22:40:47 -07:00
da9420a915
Retrieve randkey from LastPass
2015-10-26 19:17:09 -07:00
6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions
2015-10-02 15:26:42 -05:00
8bfa5bcd09
Do some more minor code cleaning
2015-09-04 13:08:27 -05:00
ac49c80367
Do minor code cleanup
2015-09-04 12:46:21 -05:00
60d2856444
Use id instead of whoami
2015-09-04 12:02:21 -05:00
4fa58efaa0
Allow to configure the DOWNLOAD_TIMEOUT
2015-09-04 11:54:22 -05:00
eb43241425
Firefox_creds more stable/bug fixs (Linux/OSX)
2015-08-27 11:43:53 +01:00
d264802ce0
Consistency and API conformance changes to LES
2015-08-21 12:38:58 -05:00
4a91dfdcf5
Land #5873 , report_note for local_exploit_suggester
2015-08-20 17:52:33 -05:00
dmohanty-r7
OJ
Konrads Smelkovs
Jon Hart
David Maloney
Brent Cook
jvoisin
h00die
Brendan
wchen-r7
Pearce Barry
Louis Sato
Crypt0-M3lon
William Vu
h00die
Adam Cammack
Tim
Christian Mehlmauer
Martin Vigo
Stuart Morgan
Rory McNamara
PsychoMario
jvazquez-r7
g0tmi1k
HD Moore