adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

75 Commits

Author SHA1 Message Date
siddolo 32e5dfb12d Windows gather credentials for Mikrotik Winbox 'Keep Password' feature 2023-12-07 13:14:37 +01:00
Jemmy Wang 893da00c6a Modify Table DisplayName and password matching regex 2023-11-09 13:58:14 +08:00
Jemmy Wang 9c23f86d83 Add support for v15 new encryption algorithm 2023-11-09 05:08:27 +08:00
Jemmy Wang d4166098a8 Update to be compatible for PL/SQL 14 2023-11-08 01:15:22 +08:00
Jemmy Wang 93c13ad6a7 Apply document suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-10-27 02:02:00 +08:00
Jemmy Wang d07ad325b2 Add document for PL/SQL Developer gather credential module 2023-10-26 19:38:52 +08:00
h00die 557a15a115 spelling fixes on docs 2023-10-10 14:46:18 -04:00
space-r7 9e1be62f06 Land #17462, add WhatsUp Gold credential extractor 2023-03-17 16:44:17 -05:00
space-r7 eec73fe394 add module changes 2023-02-23 16:34:43 -06:00
Jack Heysel c90a6f9068 Land #17406, veeam_credential_dump post module 
Veeam Backup & Recovery and Veeam ONE Monitor credential
capture post module for versions 9.x and 11.x.
 2023-02-01 17:29:05 -05:00
npm-cesium137-io 8ed4f59c60 veeam_credential_dump refinement 
Fixed stupid typo in markdown.

Fixed a bug in the export code that prevented the disposition column
from being exported.
 2023-01-18 14:27:28 -05:00
npm-cesium137-io 243c57c1fe Add whatsupgold_credential_dump post module 
Add a post module for credential extraction from WhatsUp Gold instances
on Windows hosts. The module should theoretically decrypt ciphertext
from any version of WhatsUp Gold, although it has only been verified
working on WhatsUp Gold versions 11.0 through 22.0.
 2023-01-10 15:50:53 -05:00
npm-cesium137-io 499d1ccfd7 Refactor veeam_credential_dump 
Changed the SQL queries for DB dump to explicit VARCHAR(4096) to get
around sqlcmd's 256-char column limit.

Refactored the BATCH_DPAPI functionality because I can't seem to let
this pattern go: now actually batches with byte threshold set by
advanced option.

Reduced clutter and redundancy.

Various tweaks and bug fixes.

Updated documentation.
 2023-01-09 16:31:44 -05:00
npm-cesium137-io 9cc8d41388 veeam_credential_dump post module revisions 
Cleanup for initial PR.
 2022-12-21 15:53:46 -05:00
Christophe De La Fuente fa5e4df3f5 Land #17278, Add solarwinds_orion_dump post module 2022-12-20 15:42:25 +01:00
npm-cesium137-io e3c6aa7820 solarwinds_orion_dump attribution update 
Updated original research attribution to align with reality.
 2022-12-20 08:55:19 -05:00
npm-cesium137-io d04111ad6f solarwinds_orion_dump markdown update 
Nuked the last embarrassing typo in the module description.

Updated the documentation to include detail on sqlcmd / CSV export
process when manually exporting the data.
 2022-12-12 10:54:41 -05:00
npm-cesium137-io 6eaa0bfab2 Add veeam_credential_dump post module 
Post module for Veeam Backup and Replication / Veeam ONE Monitor Server
credential extract
 2022-12-10 16:21:59 -05:00
npm-cesium137-io 8075654f10 Revise solarwinds_orion_dump MKII 
Fixed humiliating typos in the markdown doc.

Updated the Author section of the module per guidelines.

Changed credential type for AES key loot storage.

Updated database config code to include the case where the SQL password
is not encrypted (needs testing).

Additional tweaks and fixes.
 2022-12-09 14:47:18 -05:00
npm-cesium137-io 2f3fd6c917 Revise solarwinds_orion_dump 
Made modifications to documentation to add further detail for each
action.

Significant refactor of error handling, now with (hopefully) proper use
of exceptions.

Various suggested code improvements and optimization.

Fixed some redundant and buggy code.
 2022-12-07 07:55:43 -05:00
Jeffrey Martin 453cfc5939 spelling change per review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2022-11-23 13:26:19 -06:00
Jeffrey Martin cb8e023734 add warning about external links 
Links to external resources not controlled by the project maintainers
are subject to bitrot and malicious take over. Warnings seem appropriate.
 2022-11-23 12:08:05 -06:00
npm-cesium137-io 6f885ba700 Add solarwinds_orion_dump post module 
Post module for extracting encrypted credentials from SolarWinds Orion
NPM. Tested on the 2020 version.
 2022-11-18 10:40:10 -05:00
Christophe De La Fuente 929d4f2fa4 Land #17097, Gather Navicat 2022-11-07 12:30:16 +01:00
三米前有蕉皮 20015d7351 Update documentation/modules/post/windows/gather/credentials/navicat.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-10-12 13:52:12 +08:00
三米前有蕉皮 7caf2eb9dc Update documentation/modules/post/windows/gather/credentials/navicat.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-10-12 11:29:25 +08:00
Jack Heysel 60c21da50e Land #17009, Add MobaXterm cred gather module 
This module determines if MobaXterm is installed and if
it is dumps all saved session information from the target
 2022-10-05 14:14:27 -04:00
bwatters 052d233bd9 Land #17006, Gather_RedisDesktopManager_Password 
Merge branch 'land-17006' into upstream-master
 2022-10-03 15:10:30 -05:00
cn-kali-team 3fa2268aa1 fix username 2022-10-03 00:07:30 +08:00
cn-kali-team 2f3378fc4a Gather_Navicat 2022-10-02 23:48:09 +08:00
jheysel-r7 e06acc7df0 Update documentation/modules/post/windows/gather/credentials/thycotic_secretserver_dump.md 2022-09-29 13:59:01 -04:00
jheysel-r7 e8d4bcdcc6 Update documentation/modules/post/windows/gather/credentials/thycotic_secretserver_dump.md 2022-09-29 13:58:37 -04:00
jheysel-r7 713d63654b Update documentation/modules/post/windows/gather/credentials/thycotic_secretserver_dump.md 2022-09-29 13:58:22 -04:00
cn-kali-team 35a33c9710 rename,delete useless code 2022-09-16 11:38:48 +08:00
Grant Willcox e7d2fdfe0a Rename module and fix up some issues with documentation 2022-09-14 17:03:42 -05:00
cn-kali-team 2cca50956b MobaXtrem 2022-09-13 08:14:57 +08:00
cn-kali-team 2726f04e43 Gather_RedisDesktopManager_Password 2022-09-12 20:40:49 +08:00
npm-cesium137-io da43f9c069 Refactor thycotic_secretserver_dump MKII 
Removed all logic around the isSalted column since I have no idea what
that flag is actually supposed to represent.

Further optimized Thycotic decryption method for efficiency.

Fixed where the revision digit was being truncated after converting
ss_build to float.

Removed the offline 'decrypt' action as it required setting a reserved
value for session in order to operate.

Minor tweaks & correct typos and formatting.

Updated documentation.
 2022-08-29 11:45:18 -04:00
npm-cesium137-io b5a5fb23fb Add thycotic_secretserver_dump post module 
Initial commit for post module targeting Windows servers with Secret
Server installed.
The module can decrypt secrets from Secret Server version 10.4 - 11.2
provided they are not protected by HSM.
An additional auxiliary module is being developed to perform offline
decryption and recovery of the database using the loot extracted via
this module.
 2022-08-22 14:41:33 -04:00
Kazuyoshi Maruta 32d45c07fe Add xchat.md 2021-09-27 12:26:53 -05:00
Kazuyoshi Maruta 09ed5b671e Add xchat.rb, Add kmeleon.md 2021-09-27 12:26:53 -05:00
Kazuyoshi Maruta 37cc6e540e Add modules, Rename a module 2021-09-27 12:26:52 -05:00
Kazuyoshi Maruta c1742a23b9 Update wording on Module documentation. Replace EXTRACT_CREDENTIALS_FROM_FILE with EXTRACT_DATA 2021-09-27 12:26:52 -05:00
Kazuyoshi Maruta 6a8782f388 Update module documentation. 2021-09-27 12:26:52 -05:00
Kazuyoshi Maruta cc50f75a09 Update line.md 2021-09-27 12:26:52 -05:00
KazuCyber 858c05b476 Update documentation/modules/post/windows/gather/credentials/aim.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2021-09-27 12:26:52 -05:00
Kazuyoshi Maruta dc6f6a8f25 Packrat: 29 post exploitation modules 2021-09-27 12:26:52 -05:00
Spencer McIntyre 36cc2fd7e5 Rename an option and update docs for HiveNightmare 2021-07-29 12:07:56 -04:00
Yann Castel fb99af1152 Add post module for HiveNightmare 
correct CVE id

Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb

Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>

Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>

Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>

Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>

use of vars_get + delete payload after use

initial commit

Update hivenightmare_windows_sam_leak.rb

using railgun to read files + specific index option

Update hivenightmare_windows_sam_leak.rb

post module + add description + add documentation

Delete wp_plugin_modern_events_calendar_rce.rb

Delete wp_plugin_modern_events_calendar_rce.md

add scenario in doc

Update windows_sam_hivenightmare.md

Update windows_sam_hivenightmare.rb

Update modules/post/windows/gather/credentials/windows_sam_hivenightmare.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>

minor changes

msftidy

Update modules/post/windows/gather/credentials/windows_sam_hivenightmare.rb

Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2021-07-29 11:54:31 -04:00
Grant Willcox 5961bf700d Land #14314, Pulse Secure Connect Client Credentials Gatherer 2020-12-04 10:04:43 -06:00