Brendan Coles
a31052afbd
post/multi/manage/sudo: Abort if session type is Meterpreter
2022-01-20 12:44:29 +00:00
Brendan Coles
2bb5edac9e
local_exploit_suggester: Print session_host if session is valid
2022-01-16 03:24:41 +00:00
Grant Willcox
e21812fa5c
Land #15864 , fix #15856 , fix shell_to_meterpreter to detect x64 windows and return an x64 meterpreter session
2021-11-24 17:41:31 -06:00
Grant Willcox
1b9f9f0620
Add in final review fixes to handle Windows ARM if ever encountered
2021-11-24 16:37:21 -06:00
Jeffrey Martin
21a6a18d92
trade `URI.encode` & `URI.escape` for Ruby 3
...
Ruby 3 removed the `URI.escape` methods however access to
the a parse for the same RFC is stil available at `URI::DEFAULT_PARSER.escape`.
Per the Ruby forum [comment](https://bugs.ruby-lang.org/issues/17309#note-1 ) this should equal.
2021-11-22 14:11:03 -06:00
Tim W
423810ca5c
fix shell_to_meterpreter cmd_exec powershell
2021-11-22 03:11:26 +00:00
Tim W
f2d7f33280
run rubocop on shell_to_meterpreter
2021-11-11 16:00:05 +00:00
Tim W
7a2eb1cbcb
fix #15856 , fix shell_to_meterpreter to detect x64 windows and return an x64 meterpreter session
2021-11-11 14:40:18 +00:00
dwelch-r7
73e55fcaee
Land #15665 , Add Meterpreter compatibility metadata
2021-10-29 12:45:26 +01:00
Christophe De La Fuente
1befd545e3
Land #15558 , add module to access a sessions filesystem in a browser
2021-10-25 18:37:42 +02:00
Tim W
86d1e3cb0a
fix get_drives format
2021-10-25 17:30:47 +01:00
adfoster-r7
28eab4d871
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
adfoster-r7
959527a4c4
Land #15669 , Add meterpreter compatibility metadata to screenshare module
2021-09-27 15:18:01 +01:00
adfoster-r7
06762d0934
Update references to railgun to be consistent
2021-09-27 12:37:14 +01:00
adfoster-r7
e81f1b5687
Gracefully fallback to sesion.ui.screenshot when espia is not supported
2021-09-23 21:10:40 +01:00
Tim W
4d3dda67ea
fix msftidy
2021-09-23 13:02:17 +01:00
Tim W
18015e5a0e
add support for powershell sessions
2021-09-23 13:02:17 +01:00
Tim W
d3a372e92b
add support for shell sessions
2021-09-23 13:02:17 +01:00
Tim W
fad8aef5f7
add support for 404 and 500 if files are inaccessible
2021-09-23 13:02:17 +01:00
Tim W
fdea8bb805
add module to access a sessions filesystem in a browser
2021-09-23 13:02:17 +01:00
adfoster-r7
39ca4660a9
Add meterpreter compatibility metadata to screenshare module
2021-09-15 17:34:57 +01:00
adfoster-r7
46718e3390
Run Rubocop layout rules on modules
2021-09-10 12:53:39 +01:00
adfoster-r7
ded8200396
Land #15537 , Add support for ruby 3
2021-09-01 10:30:54 +01:00
adfoster-r7
4a9a15e638
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
Alan Foster
03400991af
Update uses of open ssl
2021-08-10 15:40:23 +01:00
Tim W
d1fa2e857d
fix #15528 , fix powershell command length in shell_to_meterpreter
2021-08-10 12:08:50 +01:00
sjanusz
1288e85b6b
Improved exception handling
2021-07-28 10:22:15 +01:00
sjanusz
c63ef142c5
Update local exploit suggester to handle nil targets
2021-07-28 10:22:15 +01:00
bwatters
8266f2ffdc
Land #15113 , post gather module for saltstack salt #15113
...
Merge branch 'land-15113' into upstream-master
2021-05-17 15:33:20 -05:00
h00die
b2f8bc6958
guard on nil minions
2021-05-15 09:38:15 -04:00
Ashley Donaldson
929197b85e
Fix rubocop errors
2021-05-04 11:34:22 +10:00
Ashley Donaldson
2ac4eeb141
Check VAS configuration to find defined kerberos location.
...
Also verify root prior to exploitation (gives better error message)
2021-05-04 11:31:11 +10:00
h00die
75ed65a0ab
properly name saltstack salt
2021-05-03 19:34:37 -04:00
Ashley Donaldson
4cd7637274
Fixed Rubocop errors added since this module was forked
2021-05-03 13:28:07 +10:00
Ashley Donaldson
f0a442b77d
Retrieve configured kerberos ticket location before retrieving tickets
...
Rather than assume that file-configured kerberos tickets will be at /tmp/krb5_*, let's check the config file.
Also allows us to give more meaningful error messages and point people in the direction of where to look if it doesn't work.
2021-05-03 13:07:45 +10:00
h00die
2c76671436
add windows minion file
2021-05-02 10:01:06 -04:00
h00die
2c0c7791a0
more error handling, updated docs
2021-05-02 08:19:43 -04:00
Ashley Donaldson
86a7b7b915
Forked a long time ago, so let's get it closer to the main branch
2021-05-02 14:23:56 +10:00
h00die
fde1696ae2
windows and osx updates
2021-04-30 20:59:54 -04:00
h00die
938b4741a9
saltstack doc update and tested
2021-04-10 13:46:19 -04:00
Vladimir Ivanov
690e687e7e
Updates from code review
...
Update modules/post/multi/sap/smdagent_get_properties.rb
Update modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb
Update documentation for auxiliary module cve_2020_6207_solman_rce.md
Update documentation for post module smdagent_get_properties.md
Move setup_xml_and_variables to `run` method in auxiliary module cve_2020_6207_solman_rce.rb
Delete list_dir, read_file, file_exist in post module smdagent_get_properties.rb
2021-04-06 21:23:39 +02:00
Vladimir Ivanov
1f4046c45f
Update references and delete check_addr in post module smdagent_get_properties.rb
2021-03-29 22:58:48 +03:00
Ivanov Vladimir
a803d7a0d1
CVE-2019-0307
...
Add post module smdagent_get_properties.rb
Add lib sap_smd_agent_unencrypted_property.rb
Update auxiliary module cve_2020_6207_solman_rce.rb
Update lib sap_sol_man_eem_miss_auth.rb
2021-03-29 20:29:30 +03:00
friedrico
3b5cdd767f
Base64 encoding is set iff encoding attribute is set to base64 and not when it "could be due to length and alphabet of the password"
2021-03-17 08:49:28 +01:00
Security Curious
59086989f7
Update Firefox Default Profile Directory
...
The default firefox profile directory now no longer ends in `.default`
but instead `.default-release`. For backwards compat the new regex
supports both. For more information see:
https://support.mozilla.org/bm/questions/1264072#answer-1235567
It's possible we might want to also support things like
`.default-nightly`, etc but really if we want to do more than grab
the default profile we should read the `profiles.ini` file to get
an itemized list of profiles from Firefox itself. This would also
future-proof this script.
Since profiles are not generally used by most Firefox users just going
for the simpler solution of looking for `.default-release`.
2021-03-10 21:43:04 -05:00
Alan Foster
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
agalway-r7
8a339f54c1
Land #14734 , updates and runs rubocop against recent modules
...
Rubocop recently landed modules
2021-02-19 13:48:47 +00:00
agalway-r7
275e9c5454
Land #14696 , Further Zeitwerk lands to improve boot speed
...
Zeitwerk rex folder
2021-02-19 10:33:37 +00:00
Alan Foster
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
Tim W
0ab4213630
use & disown
2021-02-11 12:26:27 +00:00