infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,308 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1488 Commits (ffb7efb52bfc95b954b6262145da9ace08867810)

Author SHA1 Message Date
sinn3r 78db7429d0 Turns out the latest Safari is still vulnerable. 
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
 2013-12-24 19:27:45 -06:00
sinn3r a26e12b746 Updates descriiption and improves regex for safari_lastsession.rb 
This updates two things for the safari_lastsession post module:

1. The description is updated: More information is added to describe
how Safari would end up storing the Gmail credential in the last
session state, and what it means to you as an attacker.

2. Regex update for the domain to search for: Before the module starts
extract the session data, it needs to know which domain to extract from.
Originally I only added mail.google.com, but turns out the sensitive info
can be found in accounts.google.com, so I added that one.
 2013-12-24 14:00:55 -06:00
jvazquez-r7 a043d384d4
Land #2738, @jiuweigui update to enum_prefetch 2013-12-20 10:26:54 -06:00
William Vu 9434d60021 Remove EOL whitespace from OS X hashdump 2013-12-19 10:39:49 -06:00
sinn3r 8dfa2e6963
Land #2734 - OSX Gather Autologin Password as Root 2013-12-18 15:37:45 -06:00
sinn3r 5011c4d928 The "unless" Ruby nazi is in town 2013-12-18 15:28:31 -06:00
sinn3r 5ec3d5f3f6 Raise specific exceptions 2013-12-18 15:27:49 -06:00
Tod Beardsley c4b8178663
Correct camelCase of YouTube 2013-12-18 14:06:45 -06:00
sinn3r 10e16673a7 There must be read_file 2013-12-17 16:42:49 -06:00
sinn3r 21feae0bbc Make sure the file path is readable when it's ~/ 2013-12-17 16:38:58 -06:00
jvazquez-r7 7ec96876d9 Delete unnecessary includes 2013-12-17 15:57:09 -06:00
sinn3r 374ef71c12 Favor read_file instead 2013-12-17 15:34:52 -06:00
sinn3r ea6ba2b159 Add post module to get LastSession.plist 
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
 2013-12-17 13:07:30 -06:00
Tod Beardsley 040619c373
Minor description changes 
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
 2013-12-16 14:57:33 -06:00
jiuweigui 446db78818 Minor fix to gather_pf_info function 2013-12-16 21:33:07 +02:00
jvazquez-r7 7ab1369515
Land #2757, @wchen-r7's youtube post module 2013-12-12 16:36:42 -06:00
sinn3r 1bcaffccc8 Make sure profile name is random 2013-12-12 16:19:06 -06:00
sinn3r 036955983d Add support for Linux, thanks @jvennix-r7! 2013-12-12 16:12:36 -06:00
sinn3r 7d12ced66e Remove unnecessary require statements 2013-12-12 13:49:54 -06:00
sinn3r ce18ac4c62 fix comment 2013-12-12 12:49:46 -06:00
sinn3r 97e9daaa6a Change title 2013-12-12 12:42:07 -06:00
sinn3r de087d134a Account for error 2013-12-12 12:41:05 -06:00
sinn3r 7ff0f4a2e7 move to multi for real 2013-12-12 12:35:58 -06:00
sinn3r 4d1a07bdfc Move to multi 2013-12-12 12:34:45 -06:00
sinn3r 17b5d3c375 Add support for OSX 2013-12-12 12:33:59 -06:00
sinn3r 509ebddb87 Turns out there's -k, that's easier 2013-12-12 10:09:02 -06:00
sinn3r 54a5dfc344 This module allows you to broadcast a Youtube video on compromised machines 2013-12-12 02:34:00 -06:00
jvazquez-r7 374e40c815 Add requires 2013-12-11 12:05:12 -06:00
jvazquez-r7 572ddacdd6 Clean ie_proxypac 2013-12-11 11:49:29 -06:00
jvazquez-r7 7589b4c4d5 Merge for retab 2013-12-11 11:47:30 -06:00
bmerinofe e6eeb4a26d rescue RuntimeError added 2013-12-11 03:00:13 +01:00
jvazquez-r7 2ef3caa9d7
Land #2735, @jvennix-r7 support of 10.8+ on osx hashdump 2013-12-10 09:39:04 -06:00
Tod Beardsley 1b3bc878f8
Unscrew the author name 2013-12-09 21:32:03 -06:00
bmerinofe e9edce10ac Applying changes 2013-12-10 03:07:40 +01:00
Joe Vennix 06b651de7b Revert read_file to cat so that pipe will work. 2013-12-09 19:30:08 -06:00
Joe Vennix 450716c788 Remove meterpreter support from osx autologin gather. 2013-12-09 19:19:20 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
Joe Vennix 6d1d45c691 Add user param to nt_hash call. 2013-12-09 10:28:06 -06:00
sinn3r 9c5991980a
Land #2733 - Disable meterpreter support because they're not stable 2013-12-09 02:50:36 -06:00
Joe Vennix dea35252af Kill unused method. 2013-12-08 14:35:49 -06:00
Joe Vennix df76651834 Make sure loot is named correctly. 2013-12-08 14:31:18 -06:00
Joe Vennix 7f3ab14179 Make pipe part of /bin/bash cmd. 2013-12-08 14:27:28 -06:00
Joe Vennix 9b34a8f1ad Supports 10.3 2013-12-08 14:26:16 -06:00
Joe Vennix f981a04918 Fix MATCHUSER bug. 
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
 2013-12-08 14:21:48 -06:00
jiuweigui 2a0b503f06 Minor fix 2013-12-08 18:17:22 +02:00
Joe Vennix eacab1b2ad Fix description, kill dead constant. 2013-12-07 22:28:16 -06:00
Joe Vennix 969f45fd32 Refactor OSX hashdump post module. 
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
 2013-12-07 22:22:23 -06:00
Joe Vennix 3066e62711 Fix typo, fix no-autologin users bug. 2013-12-07 19:27:36 -06:00
Joe Vennix 4cb788b9de Adds osx autologin password post module. 2013-12-07 19:01:35 -06:00
Joe Vennix c6eac67ab5 Kill meterpreter support for osx media modules. 
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
 2013-12-07 17:46:26 -06:00