Josh Hale
|
3d4b7af6bb
|
Update description
|
2016-01-30 14:35:03 -06:00 |
Josh Hale
|
413ea53984
|
Add found flag and touchup code
|
2016-01-30 14:31:45 -06:00 |
Josh Hale
|
3abb6feb3f
|
Add autoadd feature to autoroute.rb
|
2016-01-29 21:34:22 -06:00 |
wchen-r7
|
315d079ae8
|
Land #6402, Add Post Module for Windows Priv Based Meterpreter Migration
We are also replacing smart_migrate with this.
|
2016-01-13 01:21:32 -06:00 |
wchen-r7
|
6deb57dca3
|
Deprecate post/windows/manage/smart_migrate and other things
This includes:
* Give credit to thelightcosine in priv_migrate
* Deprecate smart_migrate
* Update InitialAutoRunScript for winrm_script_exec
|
2016-01-12 23:14:13 -06:00 |
Meatballs
|
7128c408c8
|
Land #6375, Active Directory Managed Groups Enumeration
|
2016-01-12 11:21:31 +00:00 |
Meatballs
|
4ba2d56f49
|
Just search on DN for samaccountname
|
2016-01-12 11:20:20 +00:00 |
David Maloney
|
5e6620f2cf
|
add yard doc and lexical sorting
lexical sort methods and add missing YARD docs
|
2016-01-08 14:36:21 -06:00 |
David Maloney
|
536378e023
|
move datastore kill check to kill method
move the datastore check for datatstore['KILL']
into the actual kill method for sake of DRYness
|
2016-01-08 14:31:42 -06:00 |
David Maloney
|
9716b97e1c
|
split up the migration efforts
move admin and suer migrations into
seperate methods for enhanced readability
and maintainability
|
2016-01-08 14:26:39 -06:00 |
David Maloney
|
ad50f9a047
|
move default targets to constants
cleanup the way the target lists get populated
to use constants and be a little cleaner and dryer
|
2016-01-08 14:03:30 -06:00 |
Josh
|
4e99c873c8
|
Fix issue when target_pid == current_pid
|
2016-01-06 19:58:07 -06:00 |
Josh
|
60c506d7fb
|
Replace error handling methods
|
2016-01-06 18:53:54 -06:00 |
Vincent Yiu
|
30a866a85b
|
Update enable_rdp.rb
Fixed some typos.
|
2016-01-04 09:52:57 +00:00 |
Kyle Gray
|
47f9880690
|
Land #6395, grammar fixes for recovery_files.rb
Improves grammar and details within the description of /post/windows/gather/forensics/recovery_files.rb
|
2015-12-28 15:57:41 -06:00 |
William Vu
|
cf0e982e83
|
Land #6386, VNC creds module fix
|
2015-12-28 02:32:26 -06:00 |
William Vu
|
6b9c74eec7
|
Prefer gsub and nix the return
|
2015-12-28 02:31:47 -06:00 |
Josh
|
0de69a9d40
|
Add post Windows privilege based migrate
|
2015-12-27 19:26:21 -06:00 |
Jon Hart
|
f8943f4821
|
Remove peer; defined in lib/msf/core/post/common.rb
|
2015-12-24 07:57:16 -08:00 |
karllll
|
431c6001a8
|
Fix recovery_files.rb Description grammar errors
|
2015-12-24 10:10:39 -05:00 |
Stuart Morgan
|
391145a4af
|
Checking if group_filter is empty
|
2015-12-23 15:14:37 +00:00 |
g0tmi1k
|
2f71730484
|
Gather VNC null byte fix + formatting
|
2015-12-22 17:30:37 +00:00 |
Stuart Morgan
|
f950633d32
|
renamed
|
2015-12-21 18:16:06 +00:00 |
Stuart Morgan
|
e09c2944cf
|
Renamed module to be more descriptive
|
2015-12-21 18:15:39 +00:00 |
Stuart Morgan
|
4c27f381dc
|
rubocop & msftidy
|
2015-12-21 18:15:19 +00:00 |
Stuart Morgan
|
8438774077
|
Bug
|
2015-12-21 18:13:58 +00:00 |
Stuart Morgan
|
0b6969afbc
|
Rubocop. This encoding mess was the only way I could find to deal with a number of parsing errors when testing this against a multilingual domain.
|
2015-12-21 17:30:32 +00:00 |
Stuart Morgan
|
30e283b0ae
|
fixup
|
2015-12-21 17:28:36 +00:00 |
Stuart Morgan
|
751a0708bf
|
rubocop
|
2015-12-21 13:32:29 +00:00 |
Stuart Morgan
|
0c8aa0bd5c
|
msftidy - fixed module name
|
2015-12-21 13:32:11 +00:00 |
Stuart Morgan
|
0081c79f39
|
Added comments
|
2015-12-21 13:31:26 +00:00 |
Stuart Morgan
|
03b904cc4e
|
Initial version
|
2015-12-21 13:29:47 +00:00 |
Stuart Morgan
|
16cf3c6207
|
Further messing about with unicode conversions
|
2015-12-21 13:28:27 +00:00 |
Stuart Morgan
|
e8c8c54cb0
|
Use a regex with a negative lookbehind to cope with CNs that contain commas
|
2015-12-21 11:44:37 +00:00 |
Stuart Morgan
|
d8b3b15da6
|
Trying to fix encoding errors
|
2015-12-21 11:43:12 +00:00 |
Stuart Morgan
|
76f99cbc7f
|
Fixing UTF-8 encoding errors with some strangely named groups
|
2015-12-21 11:11:01 +00:00 |
Stuart Morgan
|
b0fca769d7
|
capitalisation
|
2015-12-21 10:39:30 +00:00 |
Stuart Morgan
|
4ed32ad3e8
|
Add manager user attribute
|
2015-12-20 22:51:37 +00:00 |
Stuart Morgan
|
9493b333df
|
rubocop
|
2015-12-20 21:22:03 +00:00 |
Stuart Morgan
|
c394caad27
|
actually made the securitygroups only option do something
|
2015-12-20 21:19:24 +00:00 |
Stuart Morgan
|
07caaf352b
|
made comment match purpose
|
2015-12-20 21:18:21 +00:00 |
Stuart Morgan
|
c0a93433af
|
msftidy
|
2015-12-20 21:16:42 +00:00 |
Stuart Morgan
|
89728fd8fe
|
Working version
|
2015-12-20 21:16:17 +00:00 |
Stuart Morgan
|
ae09549057
|
New module, strating with managedby_groups
|
2015-12-20 20:17:06 +00:00 |
Stuart Morgan
|
28e563659f
|
Added managedBy to group acquisition
|
2015-12-20 20:16:18 +00:00 |
Stuart Morgan
|
d79fd9a9f3
|
Renamed the comments attribute to comment
|
2015-12-20 19:53:36 +00:00 |
Stuart Morgan
|
924017e606
|
Moved trust enumeration to separate PR
|
2015-12-20 19:46:20 +00:00 |
Stuart Morgan
|
43f8a35b12
|
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_filter_to_ad_tools
|
2015-12-20 19:43:04 +00:00 |
Stuart Morgan
|
3a89d3cc70
|
Turns out that we dont need the report or accounts includes in there, so removing them for tidyness
|
2015-12-20 02:37:25 +00:00 |
Stuart Morgan
|
c11c0ca7e0
|
Added comment about the UTF-8 encoding. This is an issue which is documented at https://github.com/rails/rails/issues/1965; namely that SQLite seems to treat ASCII text as a blob meaning that the text searches break. Encoding to UTF-8 seems to fix this.
|
2015-12-20 02:35:19 +00:00 |
Stuart Morgan
|
2301658611
|
Working
|
2015-12-20 02:20:59 +00:00 |
Stuart Morgan
|
7ce24969bb
|
rubocop fixes
|
2015-12-20 02:02:44 +00:00 |
Stuart Morgan
|
d5436c6fae
|
msftidy is now silent
|
2015-12-20 02:01:11 +00:00 |
Stuart Morgan
|
b8274cca01
|
Tested
|
2015-12-20 01:59:31 +00:00 |
Stuart Morgan
|
b0eba24c5f
|
Fixed verbosity bug and tidied up
|
2015-12-20 01:55:44 +00:00 |
Stuart Morgan
|
86294a869e
|
No longer need the sAMAccountType lookup table
|
2015-12-20 01:45:10 +00:00 |
Stuart Morgan
|
cdf430e689
|
Fixed bug relating to forgetting to add columns to the schema
|
2015-12-20 01:44:26 +00:00 |
Stuart Morgan
|
14f71eabdb
|
Completing processing the sAMAccountType value
|
2015-12-20 01:42:25 +00:00 |
Stuart Morgan
|
5f5a297324
|
Adding u_, g_ and c_ parameters to the tables directly avoids most of the views
|
2015-12-20 01:30:24 +00:00 |
Stuart Morgan
|
bb25c7606c
|
Restructuring to add SAM_ (userAccountControl) variables as fields directly
|
2015-12-20 01:28:25 +00:00 |
Stuart Morgan
|
872aeccbb6
|
Significant simplified the hex-to-SID parsing code because we only want the RID out of it
|
2015-12-19 02:02:40 +00:00 |
Stuart Morgan
|
07e5f03aba
|
Fixed
|
2015-12-19 01:58:29 +00:00 |
Stuart Morgan
|
c7f8450775
|
Appears to work correctly
|
2015-12-19 01:11:20 +00:00 |
Stuart Morgan
|
36392ac0cd
|
All works
|
2015-12-19 00:48:41 +00:00 |
Stuart Morgan
|
82c3ec5f4b
|
Added views for users and groups table
|
2015-12-19 00:26:31 +00:00 |
Stuart Morgan
|
ba9845818e
|
Appears to work for the computers table (tables and view)
|
2015-12-18 23:22:22 +00:00 |
Stuart Morgan
|
cf8f0e2483
|
Added userAccountControl to the computer table. Note that computer and user LDAP entries are more or less the same (user is the parent for computer), but it makes sense just for sanity and ease of use to keep them separate.
|
2015-12-18 22:22:56 +00:00 |
Stuart Morgan
|
eade245a9e
|
Added groupType attribute interpretation
|
2015-12-18 22:06:20 +00:00 |
Stuart Morgan
|
e716cd79e3
|
Needed to use .zero? in the ? : if shorthand for the UAC variables
|
2015-12-18 21:55:55 +00:00 |
Stuart Morgan
|
838f74ff74
|
Added table creation for userAccoutControl
|
2015-12-18 21:45:07 +00:00 |
William Vu
|
6afcc13774
|
Requote file path
|
2015-12-18 15:41:38 -06:00 |
Stuart Morgan
|
a065fc803c
|
fixed spacing
|
2015-12-18 21:38:54 +00:00 |
Stuart Morgan
|
8821caa199
|
Added UserAccountControl constants
|
2015-12-18 21:37:31 +00:00 |
William Vu
|
06a2bb53bd
|
Clean up module
|
2015-12-18 15:29:15 -06:00 |
Stuart Morgan
|
6d6306f6e7
|
Added sAMAccountType constants from MSDN
|
2015-12-18 21:14:39 +00:00 |
Stuart Morgan
|
5b07a35cef
|
Added LDAP filter to identify groups of interest
|
2015-12-18 14:10:00 +00:00 |
Stuart Morgan
|
662010fce7
|
Added thread capability
|
2015-12-18 14:06:50 +00:00 |
Stuart Morgan
|
0a75fa333c
|
msftidy
|
2015-12-18 12:14:22 +00:00 |
Stuart Morgan
|
91c8c2b9dd
|
Trying to fix threads
|
2015-12-18 12:14:08 +00:00 |
Stuart Morgan
|
6f50635ab2
|
Strange bug with memberOf param and trying to fix up threads
|
2015-12-18 11:49:17 +00:00 |
Stuart Morgan
|
39bc23629a
|
Getting ready to add thread support
|
2015-12-18 10:56:41 +00:00 |
Stuart Morgan
|
3c8ac89ba8
|
Added options to dump user membership and group membership to screen
|
2015-12-18 10:29:53 +00:00 |
Stuart Morgan
|
8f95ad315e
|
Added extra user fields to database schema
|
2015-12-18 10:02:18 +00:00 |
Stuart Morgan
|
fc45d70d25
|
Added extra user fields
|
2015-12-18 09:59:21 +00:00 |
Stuart Morgan
|
b186aaa08d
|
Added extra computer fields
|
2015-12-18 09:55:13 +00:00 |
Stuart Morgan
|
f8b402165c
|
Added extra computer fields
|
2015-12-18 09:51:04 +00:00 |
Stuart Morgan
|
805ba1d7dd
|
Enumerate computers
|
2015-12-18 08:28:40 +00:00 |
Stuart Morgan
|
98c6b56494
|
Added computer recon
|
2015-12-18 08:14:30 +00:00 |
Stuart Morgan
|
f13ca17de0
|
rubocop
|
2015-12-18 02:01:38 +00:00 |
Stuart Morgan
|
38b6ad4dbf
|
msftidy
|
2015-12-18 02:00:57 +00:00 |
Stuart Morgan
|
36adbadb11
|
Tidied up SQL searching and added file size indicator
|
2015-12-18 01:59:19 +00:00 |
Stuart Morgan
|
eb38859ecc
|
Finally worked out how to use .map to make the SQL stuff far more elegant
|
2015-12-18 01:40:37 +00:00 |
Stuart Morgan
|
1ba6b91968
|
More accurate description
|
2015-12-18 01:24:43 +00:00 |
Stuart Morgan
|
0ddb40b55e
|
Added UNIQUE and FOREIGN KEY constraints to SQLite DB
|
2015-12-18 01:23:29 +00:00 |
Stuart Morgan
|
15dc542544
|
Initial module works
|
2015-12-18 01:13:44 +00:00 |
Stuart Morgan
|
f31c1c24db
|
Added schema and code to populate SQLite db
|
2015-12-18 01:01:20 +00:00 |
Stuart Morgan
|
e3483a2ac3
|
Getting RIDs from hex mess to decimal. Needs fixing
|
2015-12-18 00:20:16 +00:00 |
Stuart Morgan
|
460778738d
|
Initial version works
|
2015-12-18 00:00:21 +00:00 |
Stuart Morgan
|
41c2d12e0c
|
Tidy up initial print
|
2015-12-17 23:41:18 +00:00 |
Stuart Morgan
|
09fb37db6b
|
Add status updates (useful if there are a large number of groups)
|
2015-12-17 23:07:02 +00:00 |
Stuart Morgan
|
2bcea91b15
|
Differentiate between user and group errors
|
2015-12-17 22:57:30 +00:00 |
Stuart Morgan
|
85c4e89526
|
Process user levels
|
2015-12-17 22:55:02 +00:00 |
Stuart Morgan
|
7c145c45e8
|
add LDAP_MATCHING_RULE_IN_CHAIN oid (from my adsi rework earlier)
|
2015-12-17 22:44:35 +00:00 |
Stuart Morgan
|
f2b038f4b3
|
Begin loop to grab effective users of each group
|
2015-12-17 22:39:56 +00:00 |
Stuart Morgan
|
c98519e0b9
|
Get groups using ADSI
|
2015-12-17 22:35:51 +00:00 |
Stuart Morgan
|
7b019bddf4
|
Initial version, just basing it on the ad_users module
|
2015-12-17 22:14:14 +00:00 |
Stuart Morgan
|
e17a7a5d8c
|
Fix attributes
|
2015-12-17 21:38:42 +00:00 |
Stuart Morgan
|
59d5626ef7
|
Bugfix
|
2015-12-17 21:36:19 +00:00 |
Stuart Morgan
|
cba1ddbdc2
|
rubocop
|
2015-12-16 22:38:05 +00:00 |
Stuart Morgan
|
47e484408f
|
rubocop
|
2015-12-16 22:31:54 +00:00 |
Stuart Morgan
|
9eef27e4c1
|
Removed snake case and added SID translation call
|
2015-12-16 22:31:22 +00:00 |
Stuart Morgan
|
cc3ac3ad95
|
Removed trailing line spaces
|
2015-12-16 22:28:27 +00:00 |
Stuart Morgan
|
58635be237
|
Try to unpack the SID from hex to normal cut/paste format. Its a mess.
|
2015-12-16 22:27:52 +00:00 |
Stuart Morgan
|
421a29d998
|
Added the trust types from MSDN
|
2015-12-16 22:18:28 +00:00 |
Stuart Morgan
|
fbe0cfde8f
|
Fixed URL for trustDirection reference
|
2015-12-16 22:16:33 +00:00 |
Stuart Morgan
|
fd8405f52d
|
added trustDirection
|
2015-12-16 22:15:10 +00:00 |
Stuart Morgan
|
4da8859e57
|
added trustAttributes
|
2015-12-16 22:13:00 +00:00 |
Stuart Morgan
|
207a964117
|
Loop through results
|
2015-12-16 21:52:30 +00:00 |
Stuart Morgan
|
087a01f27f
|
Templated table
|
2015-12-16 21:40:49 +00:00 |
Stuart Morgan
|
fdf1a8c235
|
Updated with the LDAP fields to retrieve
|
2015-12-16 21:39:33 +00:00 |
Stuart Morgan
|
ed4cf71ca8
|
Initial add (templated from Ben's bitlocker module)
|
2015-12-16 21:26:02 +00:00 |
Stuart Morgan
|
c9c1dd22ee
|
Added custom LDAP filter to ad_groups and ad_users to save having to use meterpreter's adsi interface
|
2015-12-16 10:38:38 +00:00 |
Stuart Morgan
|
2c29298485
|
undoing this, put in a separate module
|
2015-12-15 23:16:21 +00:00 |
Stuart Morgan
|
5dd8cb7648
|
proper type conversions
|
2015-12-15 23:13:02 +00:00 |
Stuart Morgan
|
fef9a84548
|
rubocop
|
2015-12-15 23:12:14 +00:00 |
Stuart Morgan
|
a2b30ff16e
|
msftidy
|
2015-12-15 23:11:40 +00:00 |
Stuart Morgan
|
281966023c
|
Final version
|
2015-12-15 23:10:06 +00:00 |
Stuart Morgan
|
7fa453b7ff
|
Added module
|
2015-12-15 22:31:00 +00:00 |
Stuart Morgan
|
059de62400
|
Editing an existing module rather than adding a new one
|
2015-12-15 21:36:39 +00:00 |
Stuart Morgan
|
4a66b487de
|
Based on putty enum module
|
2015-12-15 21:28:13 +00:00 |
Jon Hart
|
39da306b1d
|
Land #6057, @danilbaz's module for dumping Bitlocker master key (FVEK)
|
2015-12-08 18:16:39 -08:00 |
Jon Hart
|
ed8076f361
|
Merge branch 'master' into pr/6197
|
2015-12-08 12:08:15 -08:00 |
Jon Hart
|
2177b979fd
|
Update SessionTypes command to describe why shell is not listed
|
2015-12-08 12:06:47 -08:00 |
Jon Hart
|
3890961155
|
Correct SEP client exclusion enumeration
|
2015-12-08 10:16:25 -08:00 |
BAZIN-HSC
|
be5f648969
|
manage-bde.exe path test if in System32 or sysnative
|
2015-12-08 16:14:13 +01:00 |
Jon Hart
|
f6417df9ba
|
Update enum_av_excluded to work properly under wow64
|
2015-12-04 17:13:43 -08:00 |
Jon Hart
|
ad60a4118e
|
Put admin and client exclusions in different tables
|
2015-12-04 13:01:28 -08:00 |
Jon Hart
|
c92365090f
|
Simpler
|
2015-12-04 12:38:25 -08:00 |
Jon Hart
|
e7d2eb6ad9
|
Wire in support for showing process and file extension exclusions
|
2015-12-04 12:35:42 -08:00 |
Jon Hart
|
78a303974f
|
Handle empty exclusions better
|
2015-12-04 12:19:17 -08:00 |
Jon Hart
|
81ee01a93e
|
Simplify exclusion extraction and printing
|
2015-12-04 11:42:03 -08:00 |
Jon Hart
|
1968a76863
|
Simplify AV enumeration code
|
2015-12-04 10:27:14 -08:00 |
Jon Hart
|
28ee056c32
|
Make enumeration of each individual AV optional
|
2015-12-03 16:07:49 -08:00 |
Jon Hart
|
c007fffbce
|
Style cleanup
|
2015-12-03 15:55:12 -08:00 |
Andrew Smith
|
59bd88ff70
|
msftidy
|
2015-11-27 16:45:52 -05:00 |
Andrew Smith
|
9c016343c7
|
Update to logic and reliability
Included support for Windows Defender
Rewrote logic to support hosts with multiple AV products installed
|
2015-11-27 16:41:40 -05:00 |
Louis Sato
|
55b3e10390
|
Land #6258, smart_migrate enhancement
|
2015-11-24 11:30:29 -06:00 |
Louis Sato
|
493e476a43
|
Land #6243, check nil for sock.read
|
2015-11-23 11:15:51 -06:00 |
BAZIN-HSC
|
5592e4e4ea
|
seek_relative suppression (use seek instead)
|
2015-11-20 18:30:51 +01:00 |
BAZIN-HSC
|
dd027982ae
|
if recovery_key specified, only method that is tried
|
2015-11-20 18:30:50 +01:00 |