adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

23791 Commits

Author SHA1 Message Date
p3nt4 7b4dce5e7e One left! 2016-12-09 16:27:40 +11:00
p3nt4 74c48f5fa4 I'll get there! 2016-12-09 16:24:49 +11:00
p3nt4 c898e768f6 Struggling with tidyness 2016-12-09 16:00:32 +11:00
p3nt4 586b2d92e2 Corrected status prints 2016-12-09 15:45:30 +11:00
p3nt4 fb360e69c0 Initial Commit 
This module "carves" a hash in the registries to set it as a user password.

The benefits are:
1/ It doesn't change the password last change field
2/ You can set a hash directly, so you can change  a user's password and revert it without cracking its hash.

I have tested it in Windows 7, and 8.1. Should work on every version though.

Usage:
 run post/windows/manage/hashcarve user=test pass=<password>
 run post/windows/manage/hashcarve user=test pass=<nthash>
 run post/windows/manage/hashcarve user=test pass=<lmhash:nthash>

This work is based on the hashdump implementation.
 2016-12-09 15:41:01 +11:00
Javier Godinez 0d41160b03 Sanity checks, errors out with nil ptr if API call fails 2016-12-08 16:14:10 -08:00
Javier Godinez a17d1a7e19 Added options for setting the PASSWORD and GROUPNAME 2016-12-08 16:13:31 -08:00
Jon Hart 4614b7023d Land #7604, @godinezj's post module for creating AWS IAM accounts 2016-12-08 14:26:22 -08:00
Jon Hart aa29fcad80 Update docs and pretty print the loot 2016-12-08 14:25:07 -08:00
Jon Hart 70668c289f Use better loot args 2016-12-08 13:14:36 -08:00
wchen-r7 7e0b224eb2 Make ABORT_ON_LOCKOUT non default 2016-12-08 15:07:53 -06:00
Jon Hart 162204b338 Support creating a password for the user, etc 2016-12-08 12:56:00 -08:00
wchen-r7 0110b97fa2 Fix #7671, support LOCKED_OUT and DISABLED login status 
This allows login scanner modules to skip a user if it is
locked out, or disabled.

Fix #7671
 2016-12-07 16:49:16 -06:00
wchen-r7 ba9ce3fcfb Land #7665, Add ABORT_ON_LOCKOUT option for smb_login 2016-12-07 15:52:50 -06:00
Javier Godinez a9cb08a352 Token should be passed as nil if not set 2016-12-07 10:16:41 -08:00
OJ b902b4c28a Update payload sizes 2016-12-07 15:08:45 +10:00
Rich Whitcroft d3a8409a49 prevent further lockouts in smb_login 2016-12-06 21:53:08 -05:00
Jon Hart 1c3f0437ed Move some options back to non-advanced 2016-12-06 17:39:37 -08:00
Jon Hart a13382c80b Address most of rubocop's nits 2016-12-06 17:10:34 -08:00
Jon Hart 8f21a1f68c move most options to advance, since they never change 
Also, doc empty username
 2016-12-06 16:29:00 -08:00
Adam Cammack c5641c9681 Factor out mettle configuration 
Also cleans up some stuff: s/url/uri/ and base-64 encodes UUIDs
 2016-12-06 18:28:48 -06:00
Tod Beardsley a4f681ae35 Add quoted hex encoding 2016-12-06 09:05:35 -06:00
Brent Cook 7346223a65 update payloads 2016-12-06 07:16:44 -06:00
OJ ffee0ff1b6 Fix payload cache size issue, fix shell/bind payloads 2016-12-06 11:12:02 +10:00
h00die 3d09e283cf module ready 2016-12-02 22:03:23 -05:00
Jin Qian 4a35f8449a Fixed issue #7650 by matching Server header using regex as Wei suggested 
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
 2016-12-02 20:26:38 -06:00
Jin Qian 35fdf1473b Fixed issue #7650 where etherpad_duo_login module may crash 
Add check for presence of Server header.
 2016-12-02 18:07:18 -06:00
Tod Beardsley d549c2793f Fix module filename to be TR-064 2016-12-02 08:49:21 -06:00
Tod Beardsley 9e4e9ae614 Add a reference to the TR-064 spec 2016-12-02 08:48:09 -06:00
Tod Beardsley ddac5600e3 Reference TR-064, not TR-069 2016-12-02 08:45:15 -06:00
William Vu ff8141c1b5 Land #7644, cred fix for vbulletin_vote_sqli_exec 2016-12-01 15:47:31 -06:00
Jin Qian 11906eb540 Fix issue #7645 where dolibarr_login module crashed 
Add "res" (http response) when trying to retrieve the cookie
 2016-12-01 15:38:26 -06:00
wchen-r7 41355898fa Remove extra def report_cred in vbulletin_vote_sqli_exec 2016-12-01 15:31:24 -06:00
wchen-r7 9325ef8d8f Land #7573, Add WP Symposium Plugin SQLI aux mod to steal credentials 2016-12-01 14:56:30 -06:00
wchen-r7 6b5dba72d4 Update description 2016-12-01 14:55:16 -06:00
wchen-r7 64bc029106 Fix Ruby style 2016-12-01 14:53:55 -06:00
wchen-r7 90ec367a99 Add method to save creds to database 2016-12-01 14:52:51 -06:00
wchen-r7 174cd74900 Land #7532, Add bypass UAC local exploit via Event Viewer module 2016-12-01 11:16:49 -06:00
wchen-r7 1e9d80c998 Fix another typo 2016-12-01 11:16:06 -06:00
wchen-r7 b8243b5d10 Fix a typo 2016-12-01 11:15:26 -06:00
William Vu 54684d31bd Land #7641, check_conn? fix for cisco_ssl_vpn 2016-11-30 21:14:19 -06:00
William Vu 032312d40b Properly check res 2016-11-30 21:03:29 -06:00
OJ 72a20ce464 Merge timwr's changes that fix android/reverse_http 2016-12-01 09:59:41 +10:00
William Vu 1d6ee7192a Land #7427, new options for nagios_xi_chained_rce 2016-11-30 17:11:02 -06:00
William Vu 3e8cdd1f36 Polish up USER_ID and API_TOKEN options 2016-11-30 17:10:52 -06:00
Jin Qian ec83a861c8 Fix issue #7640 where cisco SSL VPN not move despite server responded 
Add the "return true" statement that was missing.
 2016-11-30 16:25:13 -06:00
OJ ebf5121359 Merge branch 'upstream/master' into add-bypassuac-eventvwr 2016-12-01 07:58:16 +10:00
OJ 6890e56b30 Remove call to missing function 2016-12-01 07:57:54 +10:00
wchen-r7 56505d2cc1 Resolve merge conflict 2016-11-30 14:33:23 -06:00
wchen-r7 c70c3701c5 Fix #7628, concrete5_member_list HTML parser 
Fix #7628
 2016-11-30 14:20:36 -06:00