adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

50 Commits

Author SHA1 Message Date
adfoster-r7 433bafdccf Add missing module notes for stability reliability and side effects 2023-02-08 11:45:17 +00:00
adfoster-r7 28eab4d871 Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
adfoster-r7 06762d0934 Update references to railgun to be consistent 2021-09-27 12:37:14 +01:00
Alan Foster 100da2f1b1 Enforce Style/RedundantBegin for new modules 2021-05-13 04:01:03 +01:00
dwelch-r7 319f15d938 Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
Alan Foster 5b3fde7735 Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
Quentin Kaiser e8ea9e56ee Print a status message when no credentials are found. 2020-12-03 10:19:56 +01:00
Quentin Kaiser c8f534e420 Merge branch 'enum_pulsesecure' of github.com:QKaiser/metasploit-framework into enum_pulsesecure 2020-12-03 10:12:54 +01:00
Quentin Kaiser 4f947ac2cb Properly close files that we open and properly capture file open error in get_username. 2020-12-03 10:12:33 +01:00
Quentin Kaiser 585bc99903 Proper return values 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2020-12-02 21:34:56 +01:00
Quentin Kaiser f4bb5f7e10 Uniform error handling applied to all functions interacting with 'session' object. 2020-12-02 20:51:29 +01:00
Quentin Kaiser 94af390649 Document Ruby construct that might be unclear to newcomers. 2020-12-02 20:43:39 +01:00
Quentin Kaiser dbd3f2e1bf Revert back on AutoCheck. 2020-12-02 20:42:05 +01:00
Quentin Kaiser bf0d4b4c3f Better regular expression for version line. 2020-12-02 10:05:17 +01:00
Quentin Kaiser 5d89b32f58 prepend class rather than import it 2020-12-02 10:03:38 +01:00
Quentin Kaiser 8edcae4bb7 Handle a case where Pulse Secure is installed but no saved entry exists in the registry. Handle a case where the session runs as system on an affected version. 2020-12-02 09:57:28 +01:00
Quentin Kaiser 7842d746d3 Wrong return code when Pulse is not installed. 2020-11-27 16:19:52 +01:00
Quentin Kaiser 0ed2b0d253 Fix active record issue when realm is blank due to empty path. 2020-11-27 16:18:21 +01:00
Quentin Kaiser 013a1e4312 Username was not found when running the module just after the connection creation. Turns out it was saved in .tmp rather than .dat or .bak. 2020-11-27 15:11:14 +01:00
Quentin Kaiser 54e836e797 Add guard clause to gather_creds function to remove conditional block. 2020-11-25 15:36:37 +01:00
Quentin Kaiser 15bdffdee1 Remove redundant else after return. 
Co-authored-by: bcoles <bcoles@gmail.com>
 2020-11-25 15:31:13 +01:00
Quentin Kaiser 7f130b4414 Switch to idiomatic next guard clause. 
Co-authored-by: bcoles <bcoles@gmail.com>
 2020-11-25 15:30:38 +01:00
Quentin Kaiser c4b0253d93 Switch to idiomatic guard clause. 
Co-authored-by: bcoles <bcoles@gmail.com>
 2020-11-25 15:29:44 +01:00
Quentin Kaiser 53a1f2f19b conditional next call style update 1 
Co-authored-by: bcoles <bcoles@gmail.com>
 2020-11-25 15:27:22 +01:00
Quentin Kaiser e069b0d607 Execute data conversion using built-in methods rather than custom encoders. 2020-11-25 14:41:21 +01:00
Quentin Kaiser 8024c08882 Do not save entry to service data if we can't resolve the host. 2020-11-25 13:52:42 +01:00
Quentin Kaiser a0265e0d6c Remove unnecessary second argument to registry_enumvals. 2020-11-25 13:39:37 +01:00
Quentin Kaiser fc083d197a Finally found how to encode entropy to UTF-16LE representation in Ruby. 2020-11-25 12:58:19 +01:00
Quentin Kaiser cf405879d6 Fix hash wording. 2020-11-25 12:46:23 +01:00
Quentin Kaiser 6a4237f4e3 Uniform error handling. 2020-11-25 12:40:42 +01:00
Quentin Kaiser debaa44733 Safer connection store file reading by handling the case where user does not have permissions to read the file. 2020-11-25 12:33:28 +01:00
Quentin Kaiser 26a3342a3d Move version verification to a check function using Msf::Exploit::Remote::AutoCheck. Safer version file reading by handling the case where user does not have permissions to read the file. Cleaner status messages in check function. 2020-11-25 12:12:34 +01:00
Quentin Kaiser 50b25989fa Safer handling of registry access operation when executing from unprivileged process. 2020-11-25 11:41:34 +01:00
Grant Willcox e648a055fc Add in RuboCop fixes to the module 2020-11-24 12:31:05 -06:00
Grant Willcox bd00ce9177 Add in fixes from review 2020-11-24 12:08:51 -06:00
Quentin Kaiser 26f39b5819 Checks if Pulse Secure Connect client is actually installed. Raise an exception if it's not. 2020-11-10 13:54:22 +01:00
Quentin Kaiser 8eeca7cafd Fix rdoc. 2020-11-09 16:33:16 +01:00
Quentin Kaiser f2f360ff5f msftidy run 2020-11-09 16:27:19 +01:00
Quentin Kaiser 68e3f6a146 Refactor run function, makes build information easier to understand by using print_good and print_warning. 2020-11-09 16:25:06 +01:00
Quentin Kaiser a17434050c Document each function for easier review. 2020-11-09 16:21:08 +01:00
Quentin Kaiser c62a6716c5 Remove spaces at EOL. 2020-11-09 15:46:13 +01:00
Quentin Kaiser d8f5dc5143 IVE definitions are shared by every user running on the same host. I fixed the data structure to reflect that. 2020-11-06 16:53:02 +01:00
Quentin Kaiser 05fa4b235d Fix vulnerable builds range. Finally supports DPAPI decryption as elevated user. Lots of cleanup to do. 2020-11-06 16:00:48 +01:00
Quentin Kaiser ca3055a009 Proper version checks. Comment on future work regarding data left in registy by previous version and dumping when in elevated mode. 2020-11-05 13:28:42 +01:00
Quentin Kaiser a800536df2 For some reason, the first profile will be stored in connstore.dat while subsequent ones will be stored in connstore.tmp. Note that even if it ends with '.tmp', this file is not temporary. This commit provides support for deployments with multiple VPN connections. 2020-11-05 12:41:38 +01:00
Quentin Kaiser 8750ae5712 Add CVE identifier and references to blog post and security advisory from Pulse. 2020-10-27 20:12:19 +01:00
Quentin Kaiser 3864f980d3 That email address won't be read in the foreseeable future. 2020-10-27 20:05:36 +01:00
Quentin Kaiser a348a8c851 Add version check. 2020-02-17 12:24:28 +01:00
Quentin Kaiser 3b2fa468e9 Edit credit. 2019-02-22 19:46:04 +01:00
Quentin Kaiser 04616267f2 Pulse Secure client credentials extraction and decryption post module. 2019-02-04 16:07:57 +01:00