Hynek Petrak
f8bf996233
author Hynek Petrak <hynek.petrak@gmail.com> 1595628792 +0200 committer Spencer McIntyre <Spencer_McIntyre@rapid7.com> 1598532753 -0400 Added module to dump hashes from LDAP added hash formatters, documentation, ldap authentication typo sanitizing added scenario for NASDeluxe added few hash attribute examples typo correction Co-authored-by: bcoles <bcoles@gmail.com> typo correction Co-authored-by: bcoles <bcoles@gmail.com> typo correction Co-authored-by: bcoles <bcoles@gmail.com> avoid option name conflicts added test scenario linted linted Dump all nameContexts, not just the first one. Search creds in multiple attributes. attemt to dump special and operational attributes check if ldap bind succeeded sanitize the ldap hashes, skip invalid, remove {crypt} prefix memory optimization for large LDAP servers spaces at eols put header to the ldif loot added other LDAP hash formats, don't save empty ldif, dump root DSE now we handle vmdir case too explictly set md5crypt for $ Converted to scanner to improve performance on large networks krbprincipalkey, memory optimization for ldap.search handle additional hash types be verbose about search errors added per host timeout catch exception from Net::Ldap shorten the param value handle pwdhistory entries added comment about sambapwdhistory value reject shorter empty sambapassordhistory entries reject null nt and lm hashes report assumed clear text passwords refactored timeout for the sake of the loot ignore {SASL} pass-trough auth entries distinguish unresolved hashes from clear passwords print ldap server error message, meaningful loot name correct exception handling handle hashes with eol remove debug line handle pkcs12 in binary form attemt to control timeout on bind operation leave LDAP#bind to be called implicitly in #search remove debug line fixed bug, when pillage broke the outer LDAP#search learning ruby monkey patched ldap connection handling, ignoring bind errors commenting the net:LDAP misbehaviour review fixes review fixes moving ldap.search into a function remove fail_with, store loot from one place, print statistics linting consolidated ldap_new and connect, don't catch exceptions in the mixin Complete the credential creation Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
Metasploit Developer Documentation
*(last updated December 1, 2014)
Metasploit is actively supported by a community of hundreds of contributors and thousands of users world-wide. As a result, the accompanying documentation moves quite quickly.
The best source of documentation on Metasploit development is https://github.com/rapid7/metasploit-framework/wiki. There are many treasures there, such as:
- Evading Antivirus
- How Payloads Work
- How to use Datastore Options
- How to write browser exploits with BES
- How to write a bruteforcer
...and many, many more.
API Documentation
If you are looking for API documentation, you may run rake yard to
generate a navigatable view of the comment documentation used throughout
Metasploit, or visit https://rapid7.github.io/metasploit-framework/api
for a recently generated online version.
Contributing
If you would like to contribute to the documentation effort, please see http://yardoc.org/ for details on how to write YARD-compatible comments, and send us a Pull Request with your contribution.