28e563659f
Added managedBy to group acquisition
2015-12-20 20:16:18 +00:00
d79fd9a9f3
Renamed the comments attribute to comment
2015-12-20 19:53:36 +00:00
924017e606
Moved trust enumeration to separate PR
2015-12-20 19:46:20 +00:00
43f8a35b12
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into add_filter_to_ad_tools
2015-12-20 19:43:04 +00:00
3a89d3cc70
Turns out that we dont need the report or accounts includes in there, so removing them for tidyness
2015-12-20 02:37:25 +00:00
c11c0ca7e0
Added comment about the UTF-8 encoding. This is an issue which is documented at https://github.com/rails/rails/issues/1965 ; namely that SQLite seems to treat ASCII text as a blob meaning that the text searches break. Encoding to UTF-8 seems to fix this.
2015-12-20 02:35:19 +00:00
2301658611
Working
2015-12-20 02:20:59 +00:00
7ce24969bb
rubocop fixes
2015-12-20 02:02:44 +00:00
d5436c6fae
msftidy is now silent
2015-12-20 02:01:11 +00:00
b8274cca01
Tested
2015-12-20 01:59:31 +00:00
b0eba24c5f
Fixed verbosity bug and tidied up
2015-12-20 01:55:44 +00:00
86294a869e
No longer need the sAMAccountType lookup table
2015-12-20 01:45:10 +00:00
cdf430e689
Fixed bug relating to forgetting to add columns to the schema
2015-12-20 01:44:26 +00:00
14f71eabdb
Completing processing the sAMAccountType value
2015-12-20 01:42:25 +00:00
5f5a297324
Adding u_, g_ and c_ parameters to the tables directly avoids most of the views
2015-12-20 01:30:24 +00:00
bb25c7606c
Restructuring to add SAM_ (userAccountControl) variables as fields directly
2015-12-20 01:28:25 +00:00
872aeccbb6
Significant simplified the hex-to-SID parsing code because we only want the RID out of it
2015-12-19 02:02:40 +00:00
07e5f03aba
Fixed
2015-12-19 01:58:29 +00:00
c7f8450775
Appears to work correctly
2015-12-19 01:11:20 +00:00
36392ac0cd
All works
2015-12-19 00:48:41 +00:00
82c3ec5f4b
Added views for users and groups table
2015-12-19 00:26:31 +00:00
ba9845818e
Appears to work for the computers table (tables and view)
2015-12-18 23:22:22 +00:00
cf8f0e2483
Added userAccountControl to the computer table. Note that computer and user LDAP entries are more or less the same (user is the parent for computer), but it makes sense just for sanity and ease of use to keep them separate.
2015-12-18 22:22:56 +00:00
eade245a9e
Added groupType attribute interpretation
2015-12-18 22:06:20 +00:00
e716cd79e3
Needed to use .zero? in the ? : if shorthand for the UAC variables
2015-12-18 21:55:55 +00:00
838f74ff74
Added table creation for userAccoutControl
2015-12-18 21:45:07 +00:00
6afcc13774
Requote file path
2015-12-18 15:41:38 -06:00
a065fc803c
fixed spacing
2015-12-18 21:38:54 +00:00
8821caa199
Added UserAccountControl constants
2015-12-18 21:37:31 +00:00
06a2bb53bd
Clean up module
2015-12-18 15:29:15 -06:00
6d6306f6e7
Added sAMAccountType constants from MSDN
2015-12-18 21:14:39 +00:00
5b07a35cef
Added LDAP filter to identify groups of interest
2015-12-18 14:10:00 +00:00
662010fce7
Added thread capability
2015-12-18 14:06:50 +00:00
0a75fa333c
msftidy
2015-12-18 12:14:22 +00:00
91c8c2b9dd
Trying to fix threads
2015-12-18 12:14:08 +00:00
6f50635ab2
Strange bug with memberOf param and trying to fix up threads
2015-12-18 11:49:17 +00:00
39bc23629a
Getting ready to add thread support
2015-12-18 10:56:41 +00:00
3c8ac89ba8
Added options to dump user membership and group membership to screen
2015-12-18 10:29:53 +00:00
8f95ad315e
Added extra user fields to database schema
2015-12-18 10:02:18 +00:00
fc45d70d25
Added extra user fields
2015-12-18 09:59:21 +00:00
b186aaa08d
Added extra computer fields
2015-12-18 09:55:13 +00:00
f8b402165c
Added extra computer fields
2015-12-18 09:51:04 +00:00
805ba1d7dd
Enumerate computers
2015-12-18 08:28:40 +00:00
98c6b56494
Added computer recon
2015-12-18 08:14:30 +00:00
f13ca17de0
rubocop
2015-12-18 02:01:38 +00:00
38b6ad4dbf
msftidy
2015-12-18 02:00:57 +00:00
36adbadb11
Tidied up SQL searching and added file size indicator
2015-12-18 01:59:19 +00:00
eb38859ecc
Finally worked out how to use .map to make the SQL stuff far more elegant
2015-12-18 01:40:37 +00:00
1ba6b91968
More accurate description
2015-12-18 01:24:43 +00:00
0ddb40b55e
Added UNIQUE and FOREIGN KEY constraints to SQLite DB
2015-12-18 01:23:29 +00:00
15dc542544
Initial module works
2015-12-18 01:13:44 +00:00
f31c1c24db
Added schema and code to populate SQLite db
2015-12-18 01:01:20 +00:00
e3483a2ac3
Getting RIDs from hex mess to decimal. Needs fixing
2015-12-18 00:20:16 +00:00
460778738d
Initial version works
2015-12-18 00:00:21 +00:00
41c2d12e0c
Tidy up initial print
2015-12-17 23:41:18 +00:00
09fb37db6b
Add status updates (useful if there are a large number of groups)
2015-12-17 23:07:02 +00:00
2bcea91b15
Differentiate between user and group errors
2015-12-17 22:57:30 +00:00
85c4e89526
Process user levels
2015-12-17 22:55:02 +00:00
7c145c45e8
add LDAP_MATCHING_RULE_IN_CHAIN oid (from my adsi rework earlier)
2015-12-17 22:44:35 +00:00
f2b038f4b3
Begin loop to grab effective users of each group
2015-12-17 22:39:56 +00:00
c98519e0b9
Get groups using ADSI
2015-12-17 22:35:51 +00:00
7b019bddf4
Initial version, just basing it on the ad_users module
2015-12-17 22:14:14 +00:00
e17a7a5d8c
Fix attributes
2015-12-17 21:38:42 +00:00
59d5626ef7
Bugfix
2015-12-17 21:36:19 +00:00
cba1ddbdc2
rubocop
2015-12-16 22:38:05 +00:00
47e484408f
rubocop
2015-12-16 22:31:54 +00:00
9eef27e4c1
Removed snake case and added SID translation call
2015-12-16 22:31:22 +00:00
cc3ac3ad95
Removed trailing line spaces
2015-12-16 22:28:27 +00:00
58635be237
Try to unpack the SID from hex to normal cut/paste format. Its a mess.
2015-12-16 22:27:52 +00:00
421a29d998
Added the trust types from MSDN
2015-12-16 22:18:28 +00:00
fbe0cfde8f
Fixed URL for trustDirection reference
2015-12-16 22:16:33 +00:00
fd8405f52d
added trustDirection
2015-12-16 22:15:10 +00:00
4da8859e57
added trustAttributes
2015-12-16 22:13:00 +00:00
207a964117
Loop through results
2015-12-16 21:52:30 +00:00
087a01f27f
Templated table
2015-12-16 21:40:49 +00:00
fdf1a8c235
Updated with the LDAP fields to retrieve
2015-12-16 21:39:33 +00:00
ed4cf71ca8
Initial add (templated from Ben's bitlocker module)
2015-12-16 21:26:02 +00:00
c9c1dd22ee
Added custom LDAP filter to ad_groups and ad_users to save having to use meterpreter's adsi interface
2015-12-16 10:38:38 +00:00
2c29298485
undoing this, put in a separate module
2015-12-15 23:16:21 +00:00
5dd8cb7648
proper type conversions
2015-12-15 23:13:02 +00:00
fef9a84548
rubocop
2015-12-15 23:12:14 +00:00
a2b30ff16e
msftidy
2015-12-15 23:11:40 +00:00
281966023c
Final version
2015-12-15 23:10:06 +00:00
7fa453b7ff
Added module
2015-12-15 22:31:00 +00:00
059de62400
Editing an existing module rather than adding a new one
2015-12-15 21:36:39 +00:00
4a66b487de
Based on putty enum module
2015-12-15 21:28:13 +00:00
39da306b1d
Land #6057 , @danilbaz's module for dumping Bitlocker master key (FVEK)
2015-12-08 18:16:39 -08:00
ed8076f361
Merge branch 'master' into pr/6197
2015-12-08 12:08:15 -08:00
2177b979fd
Update SessionTypes command to describe why shell is not listed
2015-12-08 12:06:47 -08:00
3890961155
Correct SEP client exclusion enumeration
2015-12-08 10:16:25 -08:00
be5f648969
manage-bde.exe path test if in System32 or sysnative
2015-12-08 16:14:13 +01:00
f6417df9ba
Update enum_av_excluded to work properly under wow64
2015-12-04 17:13:43 -08:00
ad60a4118e
Put admin and client exclusions in different tables
2015-12-04 13:01:28 -08:00
c92365090f
Simpler
2015-12-04 12:38:25 -08:00
e7d2eb6ad9
Wire in support for showing process and file extension exclusions
2015-12-04 12:35:42 -08:00
78a303974f
Handle empty exclusions better
2015-12-04 12:19:17 -08:00
81ee01a93e
Simplify exclusion extraction and printing
2015-12-04 11:42:03 -08:00
1968a76863
Simplify AV enumeration code
2015-12-04 10:27:14 -08:00
28ee056c32
Make enumeration of each individual AV optional
2015-12-03 16:07:49 -08:00
c007fffbce
Style cleanup
2015-12-03 15:55:12 -08:00
59bd88ff70
msftidy
2015-11-27 16:45:52 -05:00
9c016343c7
Update to logic and reliability
...
Included support for Windows Defender
Rewrote logic to support hosts with multiple AV products installed
2015-11-27 16:41:40 -05:00
5592e4e4ea
seek_relative suppression (use seek instead)
2015-11-20 18:30:51 +01:00
dd027982ae
if recovery_key specified, only method that is tried
2015-11-20 18:30:50 +01:00
f49d6905a6
Fix comments by @jhart-r7
2015-11-20 18:30:50 +01:00
8f135c07aa
Remove hard coded C:\Windows and use %SYSTEMROOT%
2015-11-20 18:30:49 +01:00
7d9d74f609
msftidy...
2015-11-20 18:30:49 +01:00
c8847182d7
Add module to dump Bitlocker master key (FVEK)
2015-11-20 18:30:48 +01:00
17a1f2ee8a
Fix #6242 , Check nil for sock.read
...
Fix #6242
2015-11-16 14:24:46 -06:00
43229c16e7
Correct some authors with unbalanced angle brackets
2015-11-06 13:24:58 -08:00
c44ecfeb15
Spacing
2015-11-06 10:55:29 -05:00
e4d8909815
Initial Commit
2015-11-05 20:43:30 -05:00
d551f421f8
Land #5799 , refactor WinSCP module and library code to be more useful and flexible
2015-10-01 14:35:10 -05:00
415fa3a244
Fix #5968 , some modules not handling Rex::Post::Meterpreter::RequestError exceptions
...
* Related to the usage of ADSI on unsupported OSes
2015-09-21 14:33:00 -05:00
5f9f66cc1f
Fix nil bug in SSO gather module
2015-09-11 02:21:01 -05:00
b59bc30160
Fixed stupid bracket error
2015-08-28 16:13:22 +01:00
8bf815c4bb
rubocop
2015-08-28 15:39:02 +01:00
f371a1c4fc
Added the ability to list AD groups by POST module
2015-08-28 15:10:48 +01:00
8682ec77c5
Added group filtering to the enum_ad_users module
2015-08-28 15:10:27 +01:00
5633c1431f
Land #5821 , add explicit 64-bit pointer support to enum_cred_store
2015-08-24 09:44:36 -05:00
e7433b81bd
Reuse architecture check
2015-08-17 10:28:10 -05:00
0a4651a553
Land #5359 , add PuTTY session enumeration module
2015-08-14 13:20:05 -05:00
76f6312fab
Fix #3916 Support 64 bits targets on enum_cred_store
2015-08-10 15:16:12 -05:00
c197e5224d
Store loot
2015-08-01 20:52:25 +01:00
deb6f5638e
Update WinSCP Gather
...
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
affc86bfd9
Land #5779 , make cachedump / lsa_secrets work on 64-bit windows
2015-07-31 16:25:47 -05:00
ff9b975576
Land #5701 , @g0tmi1k's filezilla_server refactor
2015-07-29 11:13:22 -05:00
e966545e08
Fix mask
2015-07-29 09:13:37 -05:00
38e952ba07
Python -> Ruby
2015-07-29 10:55:28 +01:00
ab7ffb1a08
Fich cachedump
2015-07-27 17:26:53 -05:00
704c8cadd9
Fix lsa_secrets
2015-07-27 16:19:01 -05:00
a818dc4460
Land #5657 , misc fixes to domain_hashdump
2015-07-23 16:58:46 -05:00
14d0d456f4
Fix FileZilla perm loot bug
2015-07-11 19:11:59 +01:00
c92d0d9df6
Fix FileZilla Server
2015-07-11 18:14:55 +01:00
632bcda345
Land #5652 , improve LAPS filter to reduce empty results
2015-07-03 15:02:39 -04:00
e843db78dc
put rhost option back
...
it is needed for the wmic query that
creates the shadowcopy
MSP-12867
2015-07-02 14:46:40 -05:00
7b2b526ea1
deregister unwated options
...
deregister mixin options that we don't need
for this module
2015-07-02 14:33:21 -05:00
8892cbdd10
Fix some minor things
2015-07-02 14:32:16 -05:00
cc51d1e8fd
use registry data for VSS grab
...
use the location data we got from the registry for copying
the NTDS.dit file correctly with the VSS method
2015-07-02 14:27:51 -05:00
89d283da09
check registry for ntds location
...
check the registry for the location of the ntds.dit
file
MSP-12867
2015-07-02 14:07:47 -05:00
95f19e6f1f
Minor description edits for clarity
...
Edited modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
first landed in #5642 , Adobe Flash CVE-2015-3113 Nellymoser Audio
Decoding BOF
Edited modules/post/windows/gather/credentials/enum_laps.rb first landed
in #5590 , @Meatballs1 adds MS LAPS Enum post mod
Edited modules/post/windows/gather/enum_ad_bitlocker.rb first landed in
Keys from AD
2015-07-02 13:51:37 -05:00
42daf4d38b
fix up ordering of pre-checks
...
i hate early returns, but we need to bail out early
if some of these checks fail
MSP-12867
2015-07-02 11:52:02 -05:00
8a3873d730
Tweak filter to reduce empty results
2015-07-02 09:53:08 +01:00
a37ac1b089
Land #5590 , @Meatballs1 adds MS LAPS Enum post mod
2015-07-01 21:19:15 -04:00
656e6f5c73
Fix windows enum modules
2015-06-29 11:56:38 -05:00
093f339f6b
Land #5268 , @Meatballs1's post windows module to retrieve Bitlocker Recovery Keys from AD
2015-06-26 17:07:36 -05:00
600a296291
Do minor cleanup
2015-06-26 16:51:00 -05:00
9c4a96761e
Small tidyup
2015-06-23 23:10:29 +01:00
4392b7c1de
Enum LAPS
2015-06-23 23:02:22 +01:00
221980820a
Committed wrong file
...
This reverts commit 76c2198ef0
2015-06-23 23:01:59 +01:00
Stuart Morgan
William Vu
Jon Hart
BAZIN-HSC
Andrew Smith
wchen-r7
Brent Cook
jvazquez-r7
Meatballs
g0tmi1k
Samuel Huckins
Spencer McIntyre
David Maloney
Tod Beardsley