982795ee5d
Merge pull request #32 from todb-r7/saner-ifs-pr1473
...
Clean up the if.nils?
2014-01-23 15:50:25 -08:00
790e4d7559
Move options to mixin
2014-01-23 23:47:46 +00:00
e066d86d41
Clean up the if.nils?
2014-01-23 17:36:10 -06:00
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
61b30e8b60
Land #2869 , pre-release title/desc fixes
2014-01-13 14:29:27 -06:00
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
671027a126
Pre-release title/desc fixes
2014-01-13 13:57:34 -06:00
f11322b29f
Oh right, msftidy.
2014-01-13 13:44:34 -06:00
bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits
2014-01-13 11:17:36 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
f78ec1eeb2
Make sure we unwrap the SecurityWrapper.
2014-01-12 10:46:23 -06:00
bd91e36e06
Land #2851 , @wchen-r7's virustotal integration
2014-01-10 19:12:56 -06:00
d1d45059f2
use session_host instead
2014-01-10 18:27:03 -06:00
8534f7948a
Change the post module's default api key as well (to Metasploit's)
2014-01-10 17:59:51 -06:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
238d052073
Update description
...
key is no longer required.
2014-01-10 04:02:01 -06:00
da273f1440
Update the use of report_note
2014-01-10 01:49:07 -06:00
807d8c12c7
Have a default API key
...
Modules now should have a default API key. See the following for
details:
http://blog.virustotal.com/2012/12/public-api-request-rate-limits-and-tool.html
2014-01-10 01:26:42 -06:00
a99e2eb567
Update the post module
2014-01-08 18:41:22 -06:00
130a99f52b
Add a post module that checks with VirusTotal with a checksum
...
This post module will submit a SHA1 checksum to VirusTotal to see
if it's a malicious file.
2014-01-08 18:26:40 -06:00
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
266b040457
Update cachedump.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:14:10 +01:00
3bf728da61
Dont store in DB by default
2014-01-07 12:20:44 +00:00
49d1285d1b
Add explicit json require.
2014-01-06 11:15:10 -06:00
723c0480ab
Fix description to be accurate.
2014-01-04 19:06:01 -06:00
f2f68a61aa
Use shell primitives instead of resorting to
...
echo hacks.
2014-01-04 19:00:36 -06:00
b9c46cde47
Refactor runCmd, allow js exec.
...
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
cd38f1ec5d
Minor touchups to recent modules.
2014-01-03 13:39:14 -06:00
3f0ee081d9
Beautify description
2014-01-02 15:37:58 -06:00
d5e196707d
Include Msf::Post::Windows::Error
2014-01-02 13:41:37 -06:00
ec8d24c376
Update against upstream
2014-01-02 12:55:46 -06:00
3bccaa407f
Beautify use of Regexp
2014-01-02 12:54:54 -06:00
832b0455f1
Class constants and Regex added
2013-12-31 03:20:12 +01:00
4366d4da20
Delete comma
2013-12-30 11:45:52 -06:00
54a6a4aafa
Land #2807 , @todb-r7's armory support for bitcoin_jaker
2013-12-30 11:44:51 -06:00
e3d918a8a3
Applying changes
2013-12-30 01:49:13 +01:00
88cf1e4843
Default false KILL_PROCESSES for bitcoin_jacker
...
I seem to able to read associated wallet files while these processes are
running with the greatest of ease. Maybe there was a file locking
concern, but I haven't run into it. Feel free to avoid landing this
particular commit if you disagree.
2013-12-29 14:12:00 -06:00
5e0c7e4741
DRY up bitcoin_jacker.rb, support Armory
...
Also, make the process killing optional.
2013-12-29 13:07:43 -06:00
9384a466c1
Retab bitcoin_jacker.rb
2013-12-29 10:59:15 -06:00
6fcd12e36c
Refactor for clearer syntax and variables
...
This was done on a barely configured Windows machine, so mind the tabs.
2013-12-29 10:15:48 -06:00
ef73ca537f
First, clean up the original a little
2013-12-28 18:57:04 -06:00
f2335b5145
Land #2792 - SSO/Mimikatz module overwrites password with N/A
2013-12-27 17:25:44 -06:00
d6a63433a6
Space at EOL
2013-12-26 10:37:18 -06:00
78db7429d0
Turns out the latest Safari is still vulnerable.
...
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
2013-12-24 19:27:45 -06:00
a26e12b746
Updates descriiption and improves regex for safari_lastsession.rb
...
This updates two things for the safari_lastsession post module:
1. The description is updated: More information is added to describe
how Safari would end up storing the Gmail credential in the last
session state, and what it means to you as an attacker.
2. Regex update for the domain to search for: Before the module starts
extract the session data, it needs to know which domain to extract from.
Originally I only added mail.google.com, but turns out the sensitive info
can be found in accounts.google.com, so I added that one.
2013-12-24 14:00:55 -06:00
bf8c0b10fa
Dont store n/a creds
2013-12-21 09:04:02 +00:00
a043d384d4
Land #2738 , @jiuweigui update to enum_prefetch
2013-12-20 10:26:54 -06:00
62ef810e7c
Use Extapi if available
2013-12-19 18:18:47 +00:00
737154c2fe
Update to use extapi
2013-12-19 16:46:09 +00:00
9434d60021
Remove EOL whitespace from OS X hashdump
2013-12-19 10:39:49 -06:00
Meatballs1