Significant refactor of exception handling: less 'fail_with', more
'return false'.
Optimized interactions with SQL for less code redundancy.
Removed references to LOOT_ONLY in the module info.
Various tweaks and bug fixes.
Removed all logic around the isSalted column since I have no idea what
that flag is actually supposed to represent.
Further optimized Thycotic decryption method for efficiency.
Fixed where the revision digit was being truncated after converting
ss_build to float.
Removed the offline 'decrypt' action as it required setting a reserved
value for session in order to operate.
Minor tweaks & correct typos and formatting.
Updated documentation.
Added much-needed support for SQL integrated authentication.
Significant improvement to the decryption routine: better version
detection and less churning through faulty decryption attempts.
Various tweaks and optimizations based on feedback.
Lots of bug fixes.
Re-worked version detection code after working with earlier builds of
Secret Server.
Removed the LastModifiedDate time stamp from the SQL query as it was not
available in any but late versions.
Added logic for dealing with SQL schema differences between versions.
Added support for earlier builds of Secret Server, including pre-10.4
instances, which use different encryption mechanisms.
Significant refactor of several methods to support legacy versions of
Secret Server.
Re-designed the workflow: module now has three actions, "export" dumps
the encrypted CSV, "decrypt" will decrypt an exported CSV and "dump"
(default) does both.
Various bug-fixes and tweaks based on feedback.
Changed some of the wording of output messages.
Initial commit for post module targeting Windows servers with Secret
Server installed.
The module can decrypt secrets from Secret Server version 10.4 - 11.2
provided they are not protected by HSM.
An additional auxiliary module is being developed to perform offline
decryption and recovery of the database using the loot extracted via
this module.
The user configuration directory can be overridden via environment
variables or configuration files.
In the current implementation `Msf::Config.config_directory` should be
utilized for consistent location reporting. `Msf::Config.get_config_root`
is reserved to generation of a default location and should be considered
`private` as it ignores some injected configuration options. Currently
autoloading does not allow application of the `private` keyword to this method,
requiring guidance during development that module writers should access the
full configured `user` value of `Msf::Config.config_directory`.
bcoles