adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

21851 Commits

Author SHA1 Message Date
Adam Cammack 7d36d41b20 Add stageless mettle for Linux/ppc64le 2016-12-09 18:27:22 -06:00
Adam Cammack ee7d5fc0c9 Add stageless mettle for Linux/ppc 2016-12-09 18:25:57 -06:00
Adam Cammack 4570a7198c Add stageless mettle for Linux/mipsle 2016-12-09 18:24:12 -06:00
Adam Cammack 25b069f6b4 Add stageless mettle for Linux/mipsbe 2016-12-09 18:23:03 -06:00
Adam Cammack 7aec68c1fe Add stageless mettle for Linux/mips64 2016-12-09 18:21:52 -06:00
Adam Cammack 7a654ca76c Add stageless mettle for Linux/armle 2016-12-09 18:19:58 -06:00
Adam Cammack b74482aa6e Add stageless mettle for Linux/armbe 2016-12-09 18:18:22 -06:00
Adam Cammack 12b296ab1a Add stageless mettle for Linux/aarch64 2016-12-09 18:05:34 -06:00
William Vu f0dca7abbf Land #7692, print_error for error_sql_injection 2016-12-09 17:09:52 -06:00
William Vu 2b0bce6459 Land #7690, drupal_views_user_enum user count fix 2016-12-09 16:55:01 -06:00
William Vu 4e235be484 Ensure a trailing slash for base_uri 
Technically, the GET parameters should be in vars_get, but we don't want
to refactor the entire module right now.
 2016-12-09 16:53:58 -06:00
Jin Qian 8780c325a7 Fixed issues #7691, silent exit. 
Add a print statement to alert user what is missing, user could be confused that "show missing" is empty yet something is missing.
 2016-12-09 16:20:44 -06:00
dmohanty-r7 77dd952370 Land #7592, check nil return value when using redis_command 2016-12-09 16:07:12 -06:00
Jin Qian 17c12a78f5 Fixed issue #7689, count of found users not accurate 
In module drupal_views_user_enum, the count of found users is not accurate.
Fixed it by doing flatten before doing counting.
 2016-12-09 15:19:43 -06:00
Brent Cook 50f95f9940 Land #7681, Get ready for stageless mettle 2016-12-09 09:31:47 -06:00
p3nt4 7b4dce5e7e One left! 2016-12-09 16:27:40 +11:00
p3nt4 74c48f5fa4 I'll get there! 2016-12-09 16:24:49 +11:00
p3nt4 c898e768f6 Struggling with tidyness 2016-12-09 16:00:32 +11:00
p3nt4 586b2d92e2 Corrected status prints 2016-12-09 15:45:30 +11:00
p3nt4 fb360e69c0 Initial Commit 
This module "carves" a hash in the registries to set it as a user password.

The benefits are:
1/ It doesn't change the password last change field
2/ You can set a hash directly, so you can change  a user's password and revert it without cracking its hash.

I have tested it in Windows 7, and 8.1. Should work on every version though.

Usage:
 run post/windows/manage/hashcarve user=test pass=<password>
 run post/windows/manage/hashcarve user=test pass=<nthash>
 run post/windows/manage/hashcarve user=test pass=<lmhash:nthash>

This work is based on the hashdump implementation.
 2016-12-09 15:41:01 +11:00
Javier Godinez 0d41160b03 Sanity checks, errors out with nil ptr if API call fails 2016-12-08 16:14:10 -08:00
Javier Godinez a17d1a7e19 Added options for setting the PASSWORD and GROUPNAME 2016-12-08 16:13:31 -08:00
Jon Hart 4614b7023d Land #7604, @godinezj's post module for creating AWS IAM accounts 2016-12-08 14:26:22 -08:00
Jon Hart aa29fcad80 Update docs and pretty print the loot 2016-12-08 14:25:07 -08:00
Jon Hart 70668c289f Use better loot args 2016-12-08 13:14:36 -08:00
wchen-r7 7e0b224eb2 Make ABORT_ON_LOCKOUT non default 2016-12-08 15:07:53 -06:00
Jon Hart 162204b338 Support creating a password for the user, etc 2016-12-08 12:56:00 -08:00
wchen-r7 0110b97fa2 Fix #7671, support LOCKED_OUT and DISABLED login status 
This allows login scanner modules to skip a user if it is
locked out, or disabled.

Fix #7671
 2016-12-07 16:49:16 -06:00
wchen-r7 ba9ce3fcfb Land #7665, Add ABORT_ON_LOCKOUT option for smb_login 2016-12-07 15:52:50 -06:00
Javier Godinez a9cb08a352 Token should be passed as nil if not set 2016-12-07 10:16:41 -08:00
OJ b902b4c28a Update payload sizes 2016-12-07 15:08:45 +10:00
Rich Whitcroft d3a8409a49 prevent further lockouts in smb_login 2016-12-06 21:53:08 -05:00
Jon Hart 1c3f0437ed Move some options back to non-advanced 2016-12-06 17:39:37 -08:00
Jon Hart a13382c80b Address most of rubocop's nits 2016-12-06 17:10:34 -08:00
Jon Hart 8f21a1f68c move most options to advance, since they never change 
Also, doc empty username
 2016-12-06 16:29:00 -08:00
Adam Cammack c5641c9681 Factor out mettle configuration 
Also cleans up some stuff: s/url/uri/ and base-64 encodes UUIDs
 2016-12-06 18:28:48 -06:00
Tod Beardsley a4f681ae35 Add quoted hex encoding 2016-12-06 09:05:35 -06:00
Brent Cook 7346223a65 update payloads 2016-12-06 07:16:44 -06:00
OJ ffee0ff1b6 Fix payload cache size issue, fix shell/bind payloads 2016-12-06 11:12:02 +10:00
h00die 3d09e283cf module ready 2016-12-02 22:03:23 -05:00
Jin Qian 4a35f8449a Fixed issue #7650 by matching Server header using regex as Wei suggested 
The suggestion by Wei is simpler than the one I checked in which checks for presence of Server header before calling include method.
 2016-12-02 20:26:38 -06:00
Jin Qian 35fdf1473b Fixed issue #7650 where etherpad_duo_login module may crash 
Add check for presence of Server header.
 2016-12-02 18:07:18 -06:00
Tod Beardsley d549c2793f Fix module filename to be TR-064 2016-12-02 08:49:21 -06:00
Tod Beardsley 9e4e9ae614 Add a reference to the TR-064 spec 2016-12-02 08:48:09 -06:00
Tod Beardsley ddac5600e3 Reference TR-064, not TR-069 2016-12-02 08:45:15 -06:00
William Vu ff8141c1b5 Land #7644, cred fix for vbulletin_vote_sqli_exec 2016-12-01 15:47:31 -06:00
Jin Qian 11906eb540 Fix issue #7645 where dolibarr_login module crashed 
Add "res" (http response) when trying to retrieve the cookie
 2016-12-01 15:38:26 -06:00
wchen-r7 41355898fa Remove extra def report_cred in vbulletin_vote_sqli_exec 2016-12-01 15:31:24 -06:00
wchen-r7 9325ef8d8f Land #7573, Add WP Symposium Plugin SQLI aux mod to steal credentials 2016-12-01 14:56:30 -06:00
wchen-r7 6b5dba72d4 Update description 2016-12-01 14:55:16 -06:00