7b72120016
Land #14252 , Update Avira password gatherer module and associated libaries and add in documentation
2020-11-02 14:37:47 -06:00
46c937089d
Fix up regex to properly match on Raw-MD5u only, and fix up refname to be self.refname to fit in with other modules in this directory
2020-10-30 12:37:35 -05:00
3a66984808
Update enum_putty_saved_sessions.rb
...
updating enum_putty_saved_sesssion.rb with additional fields
2020-10-25 15:45:33 -04:00
39a623f3e0
docs for domain post modules
2020-10-11 18:53:28 -04:00
f75367d8bd
docs and rubocop
2020-10-11 17:44:21 -04:00
3b5e05aff4
update avira password gather, add raw-md5u processing
2020-10-10 11:47:41 -04:00
71b9b5c2e7
Land #14235 , Patch smart_hashdump so it doesn't skip RID 1001 when dumping hashes
2020-10-08 14:51:52 -05:00
69c68823d2
Land #14226 , convert myworkspace.id to myworkspace_id for no db compat
2020-10-08 08:49:53 -05:00
4e40ae5d92
Spelling fix; 'controler' -> 'controller'.
2020-10-08 13:13:15 +09:00
659138d6ef
Removing unused variables as per rubocop suggestions.
2020-10-08 12:24:58 +09:00
fb04106c2f
Applying suggested rubocop formatting fixes.
2020-10-08 12:22:34 +09:00
ac4159b657
Removing 'skip rid 1001' from hashdump loop as per issue #14094 .
2020-10-08 10:50:40 +09:00
339c1941ef
Add in myworkspace.id patch for the other missing modules
2020-10-07 17:08:00 -05:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
fb73be7e35
Land #14199 , Fix SecureCRT missing registry key bug
2020-09-30 13:17:06 -05:00
b0bad9fc85
Fix up small issue with one of the checks and update the documentation with the new SESSION_PATH option
2020-09-30 12:26:32 -05:00
dce8bdc19a
Check that the folder does not exist
2020-09-30 07:39:33 +08:00
bb04041c93
Land #14172 , Fix #14170 , Add option to disable autorun in persistence_exe
2020-09-25 13:16:51 +08:00
77b7cf4f65
make RUN_NOW a non-advanced option
2020-09-25 13:15:34 +08:00
72111a9677
don't start service unless RUN_NOW is true
2020-09-25 13:15:30 +08:00
62481f0159
Changed DisableExec with RUN_NOW for consistency
2020-09-23 09:12:31 +00:00
13bf1b7711
Land #14118 , SecureCRT Session Credential Grabber, try 2
2020-09-22 15:38:25 -05:00
a96827a823
Land #14118 , SecureCRT Session Credential Grabber
2020-09-22 15:17:04 -05:00
b9fa36c89b
Add in option to decrypt Login Script V3 within session files and also update some of the existing regex to fix some minor mistakes
2020-09-22 14:47:28 -05:00
e6978d7ef9
Added option to spik execution
2020-09-22 12:21:27 +00:00
67d43bcc15
Add in RuboCop fixes
2020-09-21 13:49:05 -05:00
9b1fec069f
Add in final touch up fixes to make sure that securecrt_store_config checks its input correctly, and to fix up some further mistakes found whilst reviewing the code for nil errors that could be fixed
2020-09-21 13:15:03 -05:00
ba76eabc72
Fix potential nil error with filling in the protocol field in enum_session_file
2020-09-21 12:23:23 -05:00
966ae4a6a3
Fix up the logic for calling securecrt_store_config
2020-09-21 12:10:12 -05:00
dadd0fef89
Simplify the code
2020-09-19 10:09:42 +08:00
85ef2b602e
Fix up regex in module to address changes noted in review. Also update documentation to remove an extra line and to address review recommendtations
2020-09-16 16:02:54 -05:00
6ba06f2e74
add protocols
2020-09-12 15:29:02 +08:00
03c410215e
Add HyperSine as an author since he discovered the decryption keys, update some of the logic to use ternary operators to be more explicit in nature, update securecrt_crypto to fix a bug where it could end up with a defined return value, update the warnings to be a bit more explicit, and fix a logic bug in the run function due to how expand_path and registry_getvaldata interact with one another
2020-09-11 16:55:16 -05:00
2a520606f7
Apply fixes to module and documentation so that the output is easier to understand, contains better installation instructions, and also reflects the fact that this module really gathers SecureCRT sessions and decrypts the password if it is available, aka its still useful even if we don't decrypt the password
2020-09-11 13:41:56 -05:00
b3d386bdb4
Apply msftidy_docs.rb fixes and RuboCop the module
2020-09-11 09:40:37 -05:00
2a50368591
remove comment
2020-09-11 11:54:12 +08:00
7267c504c3
add Gather_Securecrt_Password module
2020-09-11 11:40:52 +08:00
905fb73b7a
Add in initial copy of module and documentation
2020-09-10 18:52:13 -05:00
a870b1df71
Fix user path on newer Windows
2020-09-05 10:43:41 -05:00
b2bd40ef03
Updated module description
...
Changed string description to call out the modified WMI query that now also pulls in the InstalledOn metadata for a given KB.
2020-09-02 11:33:50 -07:00
ca846fa8c1
Changing print statements to follow Ruby style
...
In response to PR feedback
2020-09-02 10:59:15 -07:00
fb4acd53b5
Include KB installation date in enum_patches
...
Currently, the output of this module only lists the KB packages installed on a Windows PC.
This change improves the module by also having it output when a given patch package was installed (this information can also be retrieved from the WMI query); this will provide insight into how regularly and reliably a PC (and by extension, environment) patches - for example, are they late in installing patches by months, when did they last patch etc.
2020-08-31 17:38:02 -07:00
35017886b8
Land #13935 , Preliminary Version 6
2020-08-06 10:19:34 -05:00
0ca7581b67
disk write method success
2020-08-03 13:08:39 -04:00
2dc04709e7
less privs needed
2020-08-03 13:08:39 -04:00
dac3cbcbcd
more options, more optimizations
2020-08-03 13:08:39 -04:00
498a94a9c0
bloodhound cleanup
2020-08-03 13:08:39 -04:00
65039a5091
Merge upstream into 6.x
2020-07-15 09:58:07 -05:00
8627cb2c35
Land #13626 , checkvm post module cleanup
2020-07-10 13:31:03 -05:00
00d0d2cf15
Use service_exists? method
2020-07-10 18:10:26 +00:00
Grant Willcox