the command "find / -xdev -type f -perm +6000 -perm -1 2> /dev/null" don't work in new linux systems
-perm +mode
Deprecated, old way of searching for files with any of the permission bits in mode set. You
should use -perm /mode instead. Trying to use the `+' syntax with symbolic modes will yield
surprising results. For example, `+u+x' is a valid symbolic mode (equivalent to +u,+x, i.e. 0111)
and will therefore not be evaluated as -perm +mode but instead as the exact mode specifier -perm
mode and so it matches files with exact permissions 0111 instead of files with any execute bit
set. If you found this paragraph confusing, you're not alone - just use -perm /mode. This form
of the -perm test is deprecated because the POSIX specification requires the interpretation of a
leading `+' as being part of a symbolic mode, and so we switched to using `/' instead.
Removed all logic around the isSalted column since I have no idea what
that flag is actually supposed to represent.
Further optimized Thycotic decryption method for efficiency.
Fixed where the revision digit was being truncated after converting
ss_build to float.
Removed the offline 'decrypt' action as it required setting a reserved
value for session in order to operate.
Minor tweaks & correct typos and formatting.
Updated documentation.
Added much-needed support for SQL integrated authentication.
Significant improvement to the decryption routine: better version
detection and less churning through faulty decryption attempts.
Various tweaks and optimizations based on feedback.
Lots of bug fixes.
Re-worked version detection code after working with earlier builds of
Secret Server.
Removed the LastModifiedDate time stamp from the SQL query as it was not
available in any but late versions.
Added logic for dealing with SQL schema differences between versions.
Added support for earlier builds of Secret Server, including pre-10.4
instances, which use different encryption mechanisms.
Significant refactor of several methods to support legacy versions of
Secret Server.
Re-designed the workflow: module now has three actions, "export" dumps
the encrypted CSV, "decrypt" will decrypt an exported CSV and "dump"
(default) does both.
Various bug-fixes and tweaks based on feedback.
Changed some of the wording of output messages.
Initial commit for post module targeting Windows servers with Secret
Server installed.
The module can decrypt secrets from Secret Server version 10.4 - 11.2
provided they are not protected by HSM.
An additional auxiliary module is being developed to perform offline
decryption and recovery of the database using the loot extracted via
this module.
The user configuration directory can be overridden via environment
variables or configuration files.
In the current implementation `Msf::Config.config_directory` should be
utilized for consistent location reporting. `Msf::Config.get_config_root`
is reserved to generation of a default location and should be considered
`private` as it ignores some injected configuration options. Currently
autoloading does not allow application of the `private` keyword to this method,
requiring guidance during development that module writers should access the
full configured `user` value of `Msf::Config.config_directory`.
h00die