Commit Graph

188 Commits (e1ca78e6c62b1366954aa4d31fdea17066fd7406)

Author SHA1 Message Date
William Vu 64452de06d Fix msf/core and self.class msftidy warnings
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
William Vu b6fe6c1d38 Fix #7597, minor changes to enum_messages 2016-11-28 17:37:32 -06:00
root dc64f63517 Removed useless comments 2016-11-24 01:33:20 +00:00
root 5284e20a52 Optimised SQL vars, removed unneeded requires and changed the "exec" function name 2016-11-24 01:27:03 +00:00
root ce514ed3e5 Fixed broken fail_with function call and whitespace on line ending 2016-11-22 03:04:12 +00:00
root e0f8d622ec Added metasploit module for access OSX messages database 2016-11-22 02:53:38 +00:00
Henry Pitcairn e5c05c05d2 Make OSX screencapture silent
By default, the `screencapture` command on OS X plays a camera sound effect. The -x option silences this.
2016-09-25 22:54:57 -04:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Brent Cook 57a3a2871b remove various session manipulation hacks since session.platform should always contain an os identifier 2016-05-08 22:39:41 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Jon Hart f8943f4821
Remove peer; defined in lib/msf/core/post/common.rb 2015-12-24 07:57:16 -08:00
wchen-r7 90ef9c11c9 Support meterpreter for OS X post modules 2015-09-10 15:57:43 -05:00
joev 1b320bae6a Add auto-accept to osx/enum_keychain. 2015-09-07 21:17:49 -05:00
jvazquez-r7 a309d99da9
Fix enum_osx
* Use cmd_exec
2015-06-22 16:09:30 -05:00
jvazquez-r7 4475b7ec8e
Update enum_keychain
* Use cmd_exec
2015-06-22 14:30:46 -05:00
Christian Mehlmauer 8c12361bda
remove fail_with defs 2015-04-16 21:49:31 +02:00
Christian Mehlmauer ba6548db75
be consistent about naming 2015-04-16 21:44:56 +02:00
Christian Mehlmauer b4b8ac0849
moar fail_with's 2015-04-16 21:26:37 +02:00
Christian Mehlmauer 0e186fa617
first fail_with fixes 2015-04-16 21:08:33 +02:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
joev 5654370316
Remove hashdump functionality from enum_osx.
There is a specific hashdump module that is more up-to-date, no need to duplicate
functionality (and code).
2014-08-18 11:40:11 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
William Vu 92963d4999
Fix broken NTLM hash format 2014-06-30 11:35:28 -05:00
William Vu 90fb07ba6d
Use downcase instead of upcase 2014-06-27 14:12:10 -05:00
William Vu aaeca5ce5b
Remove user field from PBKDF2 hash 2014-06-27 11:26:45 -05:00
William Vu 6e1fa8ff5a
Refactor OS X hashdump creds 2014-06-26 15:10:35 -05:00
William Vu 29f5344d26
Drop merge of service_data, since it doesn't exist 2014-06-16 09:27:01 -05:00
William Vu 2f1032d617
Add a missing comma and a comment 2014-06-13 15:48:14 -05:00
William Vu 72fdf6a607
Get rid of the rest of the service stuff 2014-06-13 15:45:13 -05:00
William Vu 277c9d68bc
Remove service_name, since it doesn't make sense 2014-06-12 18:37:00 -05:00
William Vu 3a1578bead
Don't use getaddress with session.session_host 2014-06-12 18:29:46 -05:00
William Vu 86671796b7
Refactor autologin_password creds 2014-06-12 13:54:52 -05:00
Tod Beardsley d6a63433a6
Space at EOL 2013-12-26 10:37:18 -06:00
sinn3r 78db7429d0 Turns out the latest Safari is still vulnerable.
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
2013-12-24 19:27:45 -06:00
sinn3r a26e12b746 Updates descriiption and improves regex for safari_lastsession.rb
This updates two things for the safari_lastsession post module:

1. The description is updated: More information is added to describe
how Safari would end up storing the Gmail credential in the last
session state, and what it means to you as an attacker.

2. Regex update for the domain to search for: Before the module starts
extract the session data, it needs to know which domain to extract from.
Originally I only added mail.google.com, but turns out the sensitive info
can be found in accounts.google.com, so I added that one.
2013-12-24 14:00:55 -06:00
William Vu 9434d60021 Remove EOL whitespace from OS X hashdump 2013-12-19 10:39:49 -06:00
sinn3r 8dfa2e6963
Land #2734 - OSX Gather Autologin Password as Root 2013-12-18 15:37:45 -06:00
sinn3r 5011c4d928 The "unless" Ruby nazi is in town 2013-12-18 15:28:31 -06:00
sinn3r 5ec3d5f3f6 Raise specific exceptions 2013-12-18 15:27:49 -06:00
sinn3r 10e16673a7 There must be read_file 2013-12-17 16:42:49 -06:00
sinn3r 21feae0bbc Make sure the file path is readable when it's ~/ 2013-12-17 16:38:58 -06:00
jvazquez-r7 7ec96876d9 Delete unnecessary includes 2013-12-17 15:57:09 -06:00
sinn3r 374ef71c12 Favor read_file instead 2013-12-17 15:34:52 -06:00
sinn3r ea6ba2b159 Add post module to get LastSession.plist
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
2013-12-17 13:07:30 -06:00