11c886b30f
Land #17616 , Run rubocop on post modules
2023-02-08 14:09:16 +00:00
a81a71c5df
Run rubocop on post modules
2023-02-08 13:47:34 +00:00
433bafdccf
Add missing module notes for stability reliability and side effects
2023-02-08 11:45:17 +00:00
c17c2636ae
post/osx/gather/hashdump: Add 'meterpreter' to supported SessionTypes
2022-01-20 13:11:24 +00:00
ee8838eea5
added validation to make sure the file path is set
2021-04-14 17:47:19 -04:00
b42a22c4de
Updated documentation
2021-04-01 13:30:39 -04:00
c0531f4208
OSX Post exploitation .gitignore retrieval
...
This post exploitation module is meant to locate all .gitignore files in a user's home directory as well as retrieve the contents of both the .gitignore as well as the files contained in the .gitignore. There are two modes. Mode 1 finds the .gitignore files. Mode 2 retrieves the file. You must set the FILE path with the gitignore file you'd like to retrieve. This could be used to retrieve potentially sensitive artifacts.
After establishing a meterpreter session:
* use post/osx/gather/gitignore
* set mode 1
* set session n (where n is the session in which you'd like to run the module)
* run
The module will take some time to complete but will recursively search all directories from the user's home directory for .gitignore files and then print the absolute path of each file it finds. Copy the path of whichever gitignore you'd like to read and paste into the FILE variable.
* set mode 2
* set file /path/to/.gitignore
* run
At this point, the module will display the contents of the gitignore file. If it contains something of interest, you can copy the filename and replace it in the absolute path for which you found the .gitignore.
* set file /path/to/artifact
* run
This will retrieve the contents of the artifact you are looking to read.
2021-03-31 14:47:48 -04:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
a765c1d994
post/osx/gather/enum_osx: Fix typos
2020-08-18 16:02:24 +00:00
8eca964ced
Update path in osx_enum to fix keychain download
...
Looks like an anchoring "/" has always been missing for the keychain download in enum_osx to function.
2020-08-16 22:50:03 -05:00
da820f08e6
don't interact with other apps to avoid asking permissions
2020-02-13 16:17:33 +01:00
fe2b3f8f29
Remove targets from post modules
2019-09-23 17:26:36 +01:00
06256cc05b
fix osx 10.7 hash IDing, and JTR ids
2019-05-30 18:33:45 -04:00
4137135ad4
Land #11737 , store password from osx/gather/password_prompt_spoof
2019-04-24 05:06:20 -05:00
4d2962386e
save creds from password prompt spoof
2019-04-16 20:44:45 -04:00
621c7182bf
osx docs and cleanup
2019-04-15 21:01:05 -04:00
9f6b9d586b
updating jtr formats in hashdumpers
2019-01-30 20:16:08 -05:00
6dd36bd8da
Land #10427 , add OSX VNC password gather module
2018-10-02 14:47:51 +08:00
b5cf682169
cleanup post/osx/gather/vnc_password_osx and add loot/credentials
2018-10-02 14:22:09 +08:00
3e61a98f25
use non-system users for hashdump
2018-09-24 22:17:58 -05:00
e1ec0ec899
hash_dump now working properly up to Mac OS X High Sierra (10.13.6 included)
2018-09-06 12:00:36 +02:00
41dd8a62cb
rename class name
...
rename for snake case
2018-08-10 17:27:19 +02:00
bb208118c3
Ruby decrypt
...
The decryption of the key in the msf has been added
2018-08-10 16:25:33 +02:00
0e8180f263
delete space
...
delete bad spaces
2018-08-06 19:01:32 +02:00
5e7a77dea8
add new functiom
...
added checking directory of VNC
2018-08-06 18:45:24 +02:00
d6a60bd10e
remove dependencies
...
removed not necessary dependencies
2018-08-06 17:20:25 +02:00
e194922855
Add vnc password osx
...
This module show Apple VNC Password from Mac OS X High Sierra.
2018-08-06 17:11:42 +02:00
45481f26b6
Add Msf::Post::OSX::Priv mixin
2018-05-22 22:25:39 +00:00
520b8bc3c0
remove many duplicate code paths
2018-05-17 08:14:32 -05:00
406f1fe165
fix #10046 , remove invalid timeout argument on cmd_exec
2018-05-17 07:38:22 -05:00
72cd97d3e4
minor documentation and comment tweaks
2018-04-18 14:22:32 +08:00
ee6f83c281
match newfs_apfs regex
2018-04-10 14:45:14 +08:00
3f40f43609
Make final output more readable
2018-04-07 11:05:47 -04:00
0806c0725f
Fix some bugs with command exits
...
Also fix a bug in check()
2018-04-03 10:35:49 -04:00
c401872af6
Fix some logic flaws and other review things
...
Also make the output more reliable
2018-03-30 19:20:20 -07:00
76af9d5a15
Add apfs_encrypted_volume_passwd.rb
2018-03-29 23:47:45 -07:00
c90f885938
Finished spelling issues
2017-09-17 16:00:04 -04:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
0f453c602e
Even more print_status -> print_good
2017-07-19 11:46:39 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
b6fe6c1d38
Fix #7597 , minor changes to enum_messages
2016-11-28 17:37:32 -06:00
dc64f63517
Removed useless comments
2016-11-24 01:33:20 +00:00
5284e20a52
Optimised SQL vars, removed unneeded requires and changed the "exec" function name
2016-11-24 01:27:03 +00:00
ce514ed3e5
Fixed broken fail_with function call and whitespace on line ending
2016-11-22 03:04:12 +00:00
e0f8d622ec
Added metasploit module for access OSX messages database
2016-11-22 02:53:38 +00:00
eb73a6914d
replace old rex::ui::text::table refs
...
everywhere we called the class we have now rewritten it
to use the new namespace
MS-1875
2016-08-10 13:30:09 -05:00
57a3a2871b
remove various session manipulation hacks since session.platform should always contain an os identifier
2016-05-08 22:39:41 -05:00
dwelch-r7