adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

4671 Commits

Author SHA1 Message Date
Meatballs ae3ead6ef9 Land #2107 Post Enum Domain Users 2014-04-09 11:32:12 +01:00
jvazquez-r7 80b069f161 Add support for spoofed zip Central Dir names at Entry level 2014-04-07 09:21:26 -05:00
jvazquez-r7 46e6f937f1 Revert "Add central directory zip spoofing" 
This reverts commit d0700e8ac4.
 2014-04-07 08:50:33 -05:00
jvazquez-r7 d0700e8ac4 Add central directory zip spoofing 2014-04-07 08:49:49 -05:00
jvazquez-r7 6d72860d58 Land #3004, @m-1-k-3's linksys moon exploit 2014-04-04 14:04:48 -05:00
William Vu 9779913060 Land #3184, Rex::Proto::Http::Client IOError fix 2014-04-03 15:58:50 -05:00
joev 42d59d269e Check #closed? instead of rescuing. 2014-04-03 14:20:48 -05:00
joev 98628b814e Prevent Rex::Proto::Http::Client from raising on close. 2014-04-03 11:36:18 -05:00
HD Moore 231138da1b Fix a typo in the nexpose raw importer 2014-04-03 07:12:45 -07:00
OJ 670a0c8e0f Merge branch 'upstream/master' into ext_server_kiwi 2014-04-02 19:36:42 +10:00
OJ cceb146680 Support for the new ADSI result structure 2014-04-02 17:37:23 +10:00
OJ e61e532223 Add support for extraction of wifi profile creds 2014-04-02 17:16:40 +10:00
OJ 1d46e65897 Update to match meterpreter changes 
This also includes the ability to specify id and groups for the
golden ticket feature.
 2014-04-02 12:29:35 +10:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes 
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
 2014-04-01 08:14:58 -07:00
Tod Beardsley 1b0fe74da5 Use Array#sample in email generators. 2014-04-01 14:11:23 -05:00
Tod Beardsley 8ab03f3aeb Use Array#sample in randomize_space 2014-04-01 14:09:07 -05:00
Tod Beardsley ec7bb6de54 Land #2969, random name generator for phishing 2014-04-01 13:00:55 -05:00
William Vu 8bd5d10052 Use rand_hostname in rand_mail_address 2014-03-28 16:44:49 -05:00
jvazquez-r7 8f1e55de5a Use ObfuscateJS 2014-03-28 11:08:38 -05:00
jvazquez-r7 da6a428bbf Modify libs to support explib2 2014-03-28 10:44:52 -05:00
OJ 86ddd24d26 Update to use Rex::Text and change handling a bit 
This change also outputs blank creds so that users know which
accounts have blank passwords
 2014-03-28 16:12:51 +10:00
OJ 65e204e834 Modify the menu item descriptions 2014-03-28 11:03:38 +10:00
OJ 3a42cb8a46 Fix typo in kiwi help 2014-03-28 11:03:03 +10:00
OJ 685d959886 Support refactors of TLVs and adsi nested group changes 2014-03-27 15:49:22 +10:00
Tod Beardsley 8e7f12e30e Land #3085, service_control support 
This depends on rapid7/meterpreter#77 to function
 2014-03-19 08:43:17 -05:00
Tod Beardsley 04b5d71fa5 Land #3061, enhance clipboard dump 
This depends on rapid7/meterpreter#75 to function
 2014-03-19 08:42:36 -05:00
Tod Beardsley 35b94b04bf Land #2889, WMI support 
This depends on rapid7/meterpreter#69 to actually be useful.
 2014-03-19 08:42:03 -05:00
OJ 11f9bfadb1 Final bits of documentation and code tweaking 2014-03-19 18:40:53 +10:00
OJ 84728c9fc9 Code tidying and defaulting to empty strings for table format 2014-03-19 16:19:23 +10:00
OJ 959cedb9b1 Bit more code tidying 2014-03-19 16:19:05 +10:00
OJ f80c7b7b51 Fix silly typo 2014-03-19 15:55:12 +10:00
OJ 0dcf992781 Add comments to the kiwi source 2014-03-19 15:45:53 +10:00
OJ 3635fff98e Add support for kerberos ticket enumeration 
Fix up a bunch of other issues and do some code tidies too.
 2014-03-19 14:25:11 +10:00
OJ 91e198fd63 Add SAM key dump in LSA dumping output 2014-03-18 09:45:31 +10:00
OJ dfb4b22015 Merge branch 'upstream/master' into ext_server_kiwi 2014-03-18 08:08:45 +10:00
William Vu 9eada528d7 Land #3097, Rex::Text.uri_encode RFC 3986 fix 2014-03-14 15:38:24 -05:00
OJ a9758413c0 Add lsa secret dumps plus other tweaks 2014-03-14 19:50:01 +10:00
Tod Beardsley 520d1e69c4 Rapid7 Comma Inc 
After some more discussion with Rapid7's legal fellow.
 2014-03-13 09:46:20 -05:00
Matthew Hall c1db8e260f Add yardoc documentation for the SMBFileServer Class 2014-03-12 17:28:18 +00:00
Tod Beardsley 9d4ceaa3a0 Let's try to be consistent about Rapid7 Inc. 
According to

http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt

Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.

This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
 2014-03-12 11:20:17 -05:00
Matthew Hall 0f259d3032 Tidy lib/rex/proto/smb/server.rb following feedback from jlee-r7 
* Remove redundant ServerClient class
 * Use dlog/elog/ilog instead of printing to $stdout
 2014-03-12 15:41:21 +00:00
Matthew Hall c6d92796e6 Clean with msftidy.rb 2014-03-12 10:06:02 +00:00
sinn3r b431bf3da9 Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
OJ 1d70411ea7 Support service_control and new status field in query 
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
 2014-03-11 14:50:19 +10:00
sinn3r c76a1ab9f4 Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Matthew Hall d380435113 This commit adds support for implementing the SMBFileServer Module 
within Rex, allowing exploit modules to create a payload to be sent
to an SMBFileServer instance. This can be useful in cases where
you would find DLL injection in an system which will read files
over a UNC share, or other instances where a payload can be delivered
over SMB.

This code borrows heavily from the ms13_071_theme module written
by Juan Vazquez, however I have performed a fair amount of protocol
analysis and debugging to provide support for delivering an arbitrary
MSF payload over UNC.
The main differences being the presence of functions to support:
 -SMB CMD Trans Query Path Info (Basic and Standard)
 - SMB CMD Trans Query File Info (Standard and Internal)

This code can be considered "alpha", as I have only implemented support
for the SMB functions discovered during development of an exploit of an
arbitrary DLL injection into a server performing a "LoadLibraryA" call.*
However, this provides a basis upon which additional SMB functions can
be implemented to extend delivery of payloads over SMB.

A separate commit will expose the SMBFileServer Module within
./lib/msf/core/exploit/smb.rb

* This exploit will be committed separately once a fix has been confirmed
by the vendor.
 2014-03-07 15:00:45 +00:00
Joe Vennix 9638bc7061 Allow a custom .app bundle. 
* adds a method to Rex::Zip::Archive to allow recursive packing
 2014-03-06 16:11:30 -06:00
William Vu 096d6ad951 Land #3055, heapLib2 integration 2014-03-05 15:48:13 -06:00
Joe Vennix 5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Tod Beardsley 6e88bbd827 No need for that kind of language 2014-03-04 14:34:50 -06:00