Commit Graph

468 Commits (e4aedfad4377e3023517cf2f4da3c324489d7b79)

Author SHA1 Message Date
sinn3r 721ae6c66e Should really call source_address without args 2014-01-31 10:36:55 -06:00
sinn3r cb33de24e4 [FixRM #8749] - Make spawn_meterpreter respect lport/lhost options
[FixRM #8749] Basically the spawn_meterpreter script doesn't
actually allow the user to set their own LHOST/LPORT datastore
options, because they come from the session object, not from the
active module or the framework object.

The fix is to allow the user to config them from framework. But
if they forget to do this (because naturally people probably
assume that active module datastore options are the same as the
ones set in framework), then for LHOST, we default whatever we get
from Rex::Socket.source_address. As for LPORT, we'll pick a one
that's not used by any of the sessions.
2014-01-23 22:40:34 -06:00
Meatballs 075f48a49f
Fix path 2013-12-23 22:44:56 +00:00
OJ 0c59c885c4 Fix metsrv.dll name issue
As mentioned here https://community.rapid7.com/thread/3788 the metsvc
script was still looking for the old file name for metsrv.dll, which
was causing the script to fail.

This commit fixes this issue. A hash is used to indicate local and remote
file names so that the remote can continue to use metsrv.dll, but it
is correctly located on disk locally.
2013-11-28 11:48:11 +10:00
William Vu ee201a82cd
Land #2673, -x and -s for uploadexec meterp script 2013-11-26 16:26:38 -06:00
OJ 5fc9706268 Use Rex.sleep instead of sleep 2013-11-27 07:51:11 +10:00
OJ 388064b78b Add -x and -s parameters to uploadexec
Added -x parameter to the script which indicates that the underlying
meterpreter session should be terminated when the execution has
finished.

Added -s parameter which takes a floating point number as an arg
which indicates the number of seconds to sleep between uploading
and executing. This helps in the case where http(s) payloads are
used for meterpreter and a time delay is needed to make sure that
the file has been written to disk and the lock released prior to
attempting to executing it.
2013-11-22 18:59:01 +10:00
OJ 19ea29c6e7 Add usage when -rc -cl or -h are not passed
While testing stuff earlier today I had to use this script and I made the
mistake of not passing in the -rc flag to the script. I was confused for ages!

This change prints the usage message in the case where you don't pass proper
parameters to the script.
2013-11-22 12:47:04 +10:00
sinn3r 4c14595525
Land #2535 - Use %PATH% for notepad 2013-10-21 13:14:44 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Henrik Kentsson efa0dcb92b Just a minor mistype
Just a minor mistype in code leading to a page that didn't exist.
2013-10-19 00:38:24 +02:00
Norbert Szetei 563bf4e639 Fix bug #8502, used %PATH% for notepad invocation
We use system %PATH% for notepad executable instead of the absolute
path, because it caused a problem with the migrate script in a 64-bit
meterpreter session. By default the wordpad binary is not in the
%PATH%, so the condition in hp_nnm_ovbuildpath_textfile.rb was not
changed.
2013-10-17 15:41:12 +02:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
sinn3r db92709d33 Remove extra bracket 2013-10-08 10:17:08 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
Tab Assassin 2e8d19edcf Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
James Lee c77d49a640 Merge branch 'rapid7' into cleanup/remove-id-tags
Conflicts:
	lib/msf/core/payload/osx/bundleinject.rb
	lib/msf/core/payload/windows/dllinject.rb
	lib/msf/core/payload/windows/exec.rb
	lib/msf/core/payload/windows/loadlibrary.rb
	lib/msf/core/payload/windows/reflectivedllinject.rb
	lib/msf/core/payload/windows/x64/reflectivedllinject.rb
	scripts/meterpreter/netenum.rb
2013-09-17 10:55:02 -05:00
James Lee 97d3a20f82 Remove more $Revision tags 2013-09-17 10:46:37 -05:00
James Lee ca53c6f15b Remove Id tags in scripts/ 2013-09-17 10:42:58 -05:00
sinn3r 4978a56dec Land #2059 - add help page as default for process_memdump.rb 2013-07-03 15:58:20 -05:00
sinn3r 4c229d6450 Land #2055 - Added UAC check when listing inf 2013-07-03 15:05:54 -05:00
sinn3r 97a9606843 "nil" is actually not a method 2013-07-03 15:05:04 -05:00
sinn3r ce27fd4004 Land #2054 - Improved help screen & check user input 2013-07-03 14:46:27 -05:00
sinn3r c5a73c177c Land #2057 - Added help screen by default to pml_driver_config.rb 2013-07-03 14:33:02 -05:00
sinn3r a029302fd7 Land #2058 - Added help screen by default to panda_2007_pavsrv51.rb 2013-07-03 14:30:18 -05:00
g0tmi1k 99796bb10a WinEnum - Fix typo 2013-07-03 15:05:50 +01:00
g0tmi1k d70cb70d0e process_memdump ~ add help page as default 2013-07-03 14:53:46 +01:00
g0tmi1k 92edf79ea5 HP PML Driver ~ Added help screen by default 2013-07-03 14:41:23 +01:00
g0tmi1k 95d1dcfe2f Panda_2007 - Added help screen by default 2013-07-03 14:33:33 +01:00
g0tmi1k 873c31c4eb packetrecorder~Added UAC check when listing inf
Added UAC check when listing network interfaces
Added error handlering with listing
2013-07-03 13:57:40 +01:00
g0tmi1k 9735679c71 netenum~Improved help screen & check user input
scripts/meterpreter/netenum.rb ~ Improved help screen & check user input
Made msftidy happy
2013-07-03 13:23:15 +01:00
Garret Picchioni c40a73456b Updated example syntax to correctly identify filename 2013-06-04 10:26:00 -07:00
shellster 9e0d17c921 Update keylogrecorder.rb
Added new -c option for value 2, which will start the keylogger in the current process instead of attempting to migrate.  I also made this setting the default.
2013-03-22 10:57:10 -07:00
shellster 2db85e8384 Update keylogrecorder.rb
Removed redundant code, added error checking.
2013-03-22 06:35:49 -07:00
shellster de72512958 Update keylogrecorder.rb
Added -k option which, if provided, will attempt to kill the old pid after a successful migration.

Fixed a bug where a blank line would get added to the log file every polling interval if no keystrokes had been detected during that interval.
2013-03-22 06:30:56 -07:00
sinn3r f79ca25976 Add a reference that's good for reading 2013-01-04 00:35:59 -06:00
CG 328b740c44 mssql brute resource script 2013-01-03 14:11:12 -05:00
Dhiru Kholia 80bcf930e3 GnuPG Information Gather Module, tested against Linux 2012-10-02 17:46:57 +05:30
Jonathan Claudius a3bad0b3ae Added XP Support and Changed Output Method for User Password Hints
1.) Now grabs clear-text user hint from XP systems in addition to
Win7/Win8 systems
2.) Changes output so it's no longer inline with hashes as not to
affect copy/paste of hashes output
3.) Adding alternate text in cases when no user hints are available
2012-08-20 21:30:12 -05:00
Jonathan Claudius fbc36b57d0 Adding Windows User Password Hint Decoding to Hashdump Tools
* UserPasswordHint, a key that is used to store the users password
hint, can be easily decoded to clear-text to get the users hint
(Example: "My Favorite Color")
* Added decode_windows_hint() method to perform the decode process
* Added decoded hint output for hashdump.rb and smart_hashdump.rb
2012-08-19 23:04:11 -05:00
sinn3r ce107fbd6f Rewrite how each mode is handled 2012-07-10 16:06:07 -05:00
m-1-k-3 b449c0e21c new parameter 2012-07-10 20:04:03 +02:00
m-1-k-3 5b526de09d bla 2012-07-10 13:21:32 +02:00
sinn3r 2693b224ee Update some comments 2012-07-09 14:06:29 -05:00
sinn3r 59e201ddec Correct help_me 2012-07-09 13:57:28 -05:00
sinn3r d6accef5e6 Allow datastore options plus other things
Here's a list of things that have changed:
* Allow datastore options as argumnets.
* Allow "dry-run" mode
* Cleaner way to initialize arguments
2012-07-09 13:48:02 -05:00
HD Moore 442eccd1d6 Merge pull request #578 from claudijd/master
Bug Fix to "Stamp Out" LM and NTLM Hash Corruption in Hashdump Code
2012-07-08 12:24:46 -07:00
Jonathan Claudius 5938771e6c Bug Fix to "Stamp Out" LM and NTLM Hash Corruption
-This commit Addresses Metasploit Bug #4402 that notes corrupted (aka:
incorrect) hashes yielded from hashdump
-Fail case can be reliably reproduced on a Windows system where (1) a
user is not storing an LM hash and (2) password histories are enabled
on the system
-This issue along with other extraction tools that are affected in a
similar way will be discussed at BlackHat USA 2012 and DEFCON 20 in 2
weeks.

If you have questions, please let us know.

-Jonathan Claudius (@claudijd)
-Ryan Reynolds (@reynoldsrb)
2012-07-08 14:02:22 -05:00
sinn3r 3f58aff979 Properly handle a no-payload-selected scenario 2012-07-06 16:32:18 -05:00