metasploit-post模块信息

Name                                             Disclosure Date  Rank    Description

   ----                                             ---------------  ----    -----------
    aix/hashdump                                                      normal  AIX Gather Dump Password Hashes
    cisco/gather/enum_cisco                                           normal  Gather Cisco Device General Information
    linux/gather/checkvm                                              normal  Linux Gather Virtual Environment Detection
    linux/gather/enum_configs                                         normal  Linux Gather Configurations
    linux/gather/enum_network                                         normal  Linux Gather Network Information
    linux/gather/enum_protections                                     normal  Linux Gather Protection Enumeration
    linux/gather/enum_system                                          normal  Linux Gather System and User Information
    linux/gather/enum_users_history                                   normal  Linux Gather User History
    linux/gather/enum_xchat                                           normal  Linux Gather XChat Enumeration
    linux/gather/hashdump                                             normal  Linux Gather Dump Password Hashes for Linux Systems
    linux/gather/mount_cifs_creds                                     normal  Linux Gather Saved mount.cifs/mount.smbfs Credentials
    multi/gather/apple_ios_backup                                     normal  Windows Gather Apple iOS MobileSync Backup File Collection
   multi/gather/dns_bruteforce                                       normal  Multi Gather DNS Forward Lookup Bruteforce
   multi/gather/dns_reverse_lookup                                  normal  Multi Gather DNS Reverse Lookup Scan
   multi/gather/dns_srv_lookup                                       normal  Multi Gather DNS Service Record Lookup Scan
   multi/gather/enum_vbox                                            normal  Multi Gather VirtualBox VM Enumeration
   multi/gather/env                                                  normal  Multi Gather Generic Operating System Environment Settings
   multi/gather/fetchmailrc_creds                                    normal  UNIX Gather .fetchmailrc Credentials
   multi/gather/filezilla_client_cred                                normal  Multi Gather FileZilla FTP Client Credential Collection
   multi/gather/find_vmx                                             normal  Multi Gather VMWare VM Identification
   multi/gather/firefox_creds                                        normal  Multi Gather Firefox Signon Credential Collection
   multi/gather/multi_command                                        normal  Multi Gather Run Shell Command Resource File
   multi/gather/netrc_creds                                          normal  UNIX Gather .netrc Credentials
   multi/gather/pidgin_cred                                          normal  Multi Gather Pidgin Instant Messenger Credential Collection
   multi/gather/ping_sweep                                           normal  Multi Gather Ping Sweep
   multi/gather/run_console_rc_file                                  normal  Multi Gather Run Console Resource File
   multi/gather/skype_enum                                           normal  Multi Gather Skype User Data Enumeration
   multi/gather/ssh_creds                                            normal  Multi Gather OpenSSH PKI Credentials Collection
   multi/gather/thunderbird_creds                                    normal  Multi Gather Mozilla Thunderbird Signon Credential Collection
   multi/general/close                                               normal  Multi Generic Operating System Session Close
   multi/general/execute                                             normal  Multi Generic Operating System Session Command Execution
   multi/manage/multi_post                                           normal  Multi Manage Post Module Macro Execution
   multi/manage/sudo                                                 normal  Multiple Linux / Unix Post Sudo Upgrade Shell
   multi/manage/system_session                                       normal  Multi Manage System Remote TCP Shell Session
   osx/admin/say                                                     normal  OSX Text to Speech Utility
   osx/gather/enum_adium                                             normal  OSX Gather Adium Enumeration
   osx/gather/enum_airport                                           normal  OSX Gather Airport Wireless Preferences
   osx/gather/enum_chicken_vnc_profile                               normal  OSX Gather Chicken of the VNC Profile
   osx/gather/enum_colloquy                                          normal  OSX Gather Colloquy Enumeration
   osx/gather/enum_osx                                               normal  OS X Gather Mac OS X System Information Enumeration
   osx/gather/hashdump                                               normal  OS X Gather Mac OS X Password Hash Collector
   solaris/gather/checkvm                                            normal  Solaris Gather Virtual Environment Detection
   solaris/gather/enum_packages                                      normal  Solaris Gather Installed Packages
   solaris/gather/enum_services                                      normal  Solaris Gather Configured Services
   solaris/gather/hashdump                                           normal  Solaris Gather Dump Password Hashes for Solaris Systems
   windows/capture/keylog_recorder                                   normal  Windows Capture Keystroke Recorder
   windows/capture/lockout_keylogger                                 normal  Winlogon Lockout Credential Keylogger
   windows/escalate/bypassuac                       2010-12-31       normal  Windows Escalate UAC Protection Bypass
   windows/escalate/droplnk                                          normal  Windows Escalate SMB Icon LNK dropper
   windows/escalate/getsystem                                        normal  Windows Escalate Get System via Administrator
   windows/escalate/ms10_073_kbdlayout              2010-10-12       normal  Windows Escalate NtUserLoadKeyboardLayoutEx Privilege Escalation
   windows/escalate/ms10_092_schelevator            2010-09-13       normal  Windows Escalate Task Scheduler XML Privilege Escalation
   windows/escalate/net_runtime_modify                               normal  Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
   windows/escalate/screen_unlock                                    normal  Windows Escalate Locked Desktop Unlocker
   windows/escalate/service_permissions                              normal  Windows Escalate Service Permissions Local Privilege Escalation
   windows/gather/arp_scanner                                        normal  Windows Gather ARP Scanner
   windows/gather/bitcoin_jacker                                     normal  Windows Gather Bitcoin wallet.dat
   windows/gather/cachedump                                          normal  Windows Gather Credential Cache Dump
   windows/gather/checkvm                                            normal  Windows Gather Virtual Environment Detection
   windows/gather/credentials/coreftp                                normal  Windows Gather CoreFTP Saved Password Extraction
   windows/gather/credentials/credential_collector                   normal  Windows Gather Credential Collector
   windows/gather/credentials/dyndns                                 normal  Windows Gather Dyn-Dns Client Password Extractor
   windows/gather/credentials/enum_cred_store                        normal  Windows Gather Credential Store Enumeration and Decryption Module
   windows/gather/credentials/enum_picasa_pwds                       normal  Windows Gather Google Picasa Password Extractor
   windows/gather/credentials/epo_sql                                normal  Windows Gather McAfee ePO 4.6 Config SQL Credentials
   windows/gather/credentials/filezilla_server                       normal  Windows Gather FileZilla FTP Server Credential Collection
   windows/gather/credentials/flashfxp                               normal  Windows Gather FlashFXP Saved Password Extraction
   windows/gather/credentials/ftpnavigator                           normal  Windows Gather FTP Navigator Saved Password Extraction
   windows/gather/credentials/idm                                    normal  Windows Gather Internet Download Manager (IDM) Password Extractor
   windows/gather/credentials/imail                                  normal  Windows Gather IPSwitch iMail User Data Enumeration
   windows/gather/credentials/imvu                                   normal  Windows Gather Credentials IMVU Game Client
   windows/gather/credentials/meebo                                  normal  Windows Gather Meebo Password Extractor
   windows/gather/credentials/mremote                                normal  Windows Gather mRemote Saved Password Extraction
   windows/gather/credentials/nimbuzz                                normal  Windows Gather Nimbuzz Instant Messenger Password Extractor
   windows/gather/credentials/outlook                                normal  Windows Gather Microsoft Outlook Saved Password Extraction
   windows/gather/credentials/razorsql                               normal  Windows Gather RazorSQL Credentials
   windows/gather/credentials/smartftp                               normal  Windows Gather SmartFTP Saved Password Extraction
   windows/gather/credentials/total_commander                        normal  Windows Gather Total Commander Saved Password Extraction
   windows/gather/credentials/trillian                               normal  Windows Gather Trillian Password Extractor
   windows/gather/credentials/vnc                                    normal  Windows Gather VNC Password Extraction
   windows/gather/credentials/windows_autologin                      normal  Windows Gather AutoLogin User Credential Extractor
   windows/gather/credentials/winscp                                 normal  Windows Gather WinSCP Saved Password Extraction
   windows/gather/credentials/wsftp_client                           normal  Windows Gather WS_FTP Saved Password Extraction
   windows/gather/dumplinks                                          normal  Windows Gather Dump Recent Files lnk Info
   windows/gather/enum_applications                                  normal  Windows Gather Installed Application Enumeration
   windows/gather/enum_artifacts                                     normal  Windows Gather File and Registry Artifacts Enumeration
   windows/gather/enum_chrome                                        normal  Windows Gather Google Chrome User Data Enumeration
   windows/gather/enum_computers                                     normal  Windows Gather Enumerate Computers
   windows/gather/enum_devices                                       normal  Windows Gather Hardware Enumeration
   windows/gather/enum_dirperms                                      normal  Windows Gather Directory Permissions Enumeration
   windows/gather/enum_domain                                        normal  Windows Gather Enumerate Domain
   windows/gather/enum_domain_group_users                            normal  Windows Gather Enumerate Domain Group
   windows/gather/enum_domain_tokens                                 normal  Windows Gather Enumerate Domain Tokens
   windows/gather/enum_domains                                       normal  Windows Gather Domain Enumeration
   windows/gather/enum_hostfile                                      normal  Windows Gather Windows Host File Enumeration
   windows/gather/enum_ie                                            normal  Windows Gather Internet Explorer User Data Enumeration
   windows/gather/enum_logged_on_users                               normal  Windows Gather Logged On User Enumeration (Registry)
   windows/gather/enum_ms_product_keys                               normal  Windows Gather Product Key
   windows/gather/enum_powershell_env                                normal  Windows Gather Powershell Environment Setting Enumeration
   windows/gather/enum_services                                      normal  Windows Gather Service Info Enumeration
   windows/gather/enum_shares                                        normal  Windows Gather SMB Share Enumeration via Registry
   windows/gather/enum_snmp                                          normal  Windows Gather SNMP Settings Enumeration (Registry)
   windows/gather/enum_termserv                                      normal  Windows Gather Terminal Server Client Connection Information Dumper
   windows/gather/enum_tokens                                        normal  Windows Gather Enumerate Domain Admin Tokens (Token Hunter)
   windows/gather/forensics/duqu_check                               normal  Windows Gather Forensics Duqu Registry Check
   windows/gather/forensics/enum_drives                              normal  Windows Gather Physical Drives and Logical Volumes
   windows/gather/forensics/imager                                   normal  Windows Gather Forensic Imaging
   windows/gather/forensics/nbd_server                               normal  Windows Gather Local NBD Server
   windows/gather/hashdump                                           normal  Windows Gather Local User Account Password Hashes (Registry)
   windows/gather/memory_grep                                        normal  Windows Gather Process Memory Grep
   windows/gather/resolve_sid                                        normal  Windows Gather Local User Account SID Lookup
   windows/gather/reverse_lookup                                     normal  Windows Gather IP Range Reverse Lookup
   windows/gather/screen_spy                                         normal  Windows Gather Screen Spy
   windows/gather/smart_hashdump                                     normal  Windows Gather Local and Domain Controller Account Password Hashes
   windows/gather/usb_history                                        normal  Windows Gather USB Drive History
   windows/gather/win_privs                                          normal  Windows Gather Privileges Enumeration
   windows/gather/wmic_command                                       normal  Windows Gather Run Specified WMIC command
   windows/manage/add_user_domain                                    normal  Windows Manage Add User to the Domain and/or to a Domain Group
   windows/manage/autoroute                                          normal  Windows Manage Network Route via Meterpreter Session
   windows/manage/delete_user                                        normal  Windows Manage Local User Account Deletion
   windows/manage/download_exec                                      normal  Windows Manage Download and/or Execute
   windows/manage/enable_rdp                                         normal  Windows Manage Enable Remote Desktop
   windows/manage/inject_ca                                          normal  Windows Manage Certificate Authority Injection
   windows/manage/inject_host                                        normal  Windows Manage Hosts File Injection
   windows/manage/migrate                                            normal  Windows Manage Process Migration
   windows/manage/multi_meterpreter_inject                           normal  Windows Manage Inject in Memory Multiple Payloads
   windows/manage/nbd_server                                         normal  Windows Manage Local NBD Server for Remote Disks
   windows/manage/payload_inject                                     normal  Windows Manage Memory Payload Injection Module
   windows/manage/persistence                                        normal  Windows Manage Persistent Payload Installer
   windows/manage/powershell/exec_powershell                         normal  Windows Manage PowerShell Download and/or Execute
   windows/manage/pxexploit                                          normal  Windows Manage PXE Exploit Server
   windows/manage/remove_ca                                          normal  Windows Certificate Authority Removal
   windows/manage/remove_host                                        normal  Windows Manage Host File Entry Removal
   windows/manage/run_as                                             normal  Windows Manage Run Command As User
   windows/manage/vss_create                                         normal  Windows Manage Create Shadow Copy
   windows/manage/vss_list                                           normal  Windows Manage List Shadow Copies
   windows/manage/vss_mount                                          normal  Windows Manage Mount Shadow Copy
   windows/manage/vss_set_storage                                    normal  Windows Manage Set Shadow Copy Storage Space
   windows/manage/vss_storage                                        normal  Windows Manage Get Shadow Copy Storage Info
   windows/recon/computer_browser_discovery                          normal  Windows Recon Computer Browser Discovery
   windows/recon/resolve_hostname                                    normal  Windows Recon Resolve Hostname
   windows/wlan/wlan_bss_list                                        normal  Windows Gather Wireless BSS Info
   windows/wlan/wlan_current_connection                              normal  Windows Gather Wireless Current Connection Info
   windows/wlan/wlan_disconnect                                      normal  Windows Disconnect Wireless Connection

   windows/wlan/wlan_profile                                         normal  Windows Gather Wireless Profile

 



resource (display/show_post.rc)> info aix/hashdump


       Name: AIX Gather Dump Password Hashes
     Module: post/aix/hashdump
    Version: $Revision$
   Platform: AIX
       Arch: 
       Rank: Normal


Provided by:
  thelightcosine <thelightcosine@metasploit.com>


Description:
  Post Module to dump the password hashes for all users on an AIX 
  System




resource (display/show_post.rc)> info cisco/gather/enum_cisco


       Name: Gather Cisco Device General Information
     Module: post/cisco/gather/enum_cisco
    Version: 14822
   Platform: Cisco
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module collects a Cisco IOS or NXOS device information and 
  configuration.




resource (display/show_post.rc)> info linux/gather/checkvm


       Name: Linux Gather Virtual Environment Detection
     Module: post/linux/gather/checkvm
    Version: 14812
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module attempts to determine whether the system is running 
  inside of a virtual environment and if so, which one. This module 
  supports detection of Hyper-V, VMWare, VirtualBox, Xen, and 
  QEMU/KVM.




resource (display/show_post.rc)> info linux/gather/enum_configs


       Name: Linux Gather Configurations
     Module: post/linux/gather/enum_configs
    Version: 0
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  ohdae <bindshell@live.com>


Description:
  This module collects configuration files found on commonly installed 
  applications and services, such as Apache, MySQL, Samba, Sendmail, 
  etc. If a config file is found in its default path, the module will 
  assume that is the file we want.




resource (display/show_post.rc)> info linux/gather/enum_network


       Name: Linux Gather Network Information
     Module: post/linux/gather/enum_network
    Version: $Revision$
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  ohdae <bindshell@live.com>
  Stephen Haywood <averagesecurityguy@gmail.com>


Description:
  This module gathers network information from the target system 
  IPTables rules, interfaces, wireless information, open and listening 
  ports, active network connections, DNS information and SSH 
  information.




resource (display/show_post.rc)> info linux/gather/enum_protections


       Name: Linux Gather Protection Enumeration
     Module: post/linux/gather/enum_protections
    Version: 0
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  ohdae <bindshell@live.com>


Description:
  This module tries to find certain installed applications that can be 
  used to prevent, or detect our attacks, which is done by locating 
  certain binary locations, and see if they are indeed executables. 
  For example, if we are able to run 'snort' as a command, we assume 
  it's one of the files we are looking for. This module is meant to 
  cover various antivirus, rootkits, IDS/IPS, firewalls, and other 
  software.




resource (display/show_post.rc)> info linux/gather/enum_system


       Name: Linux Gather System and User Information
     Module: post/linux/gather/enum_system
    Version: $Revision$
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>
  Stephen Haywood <averagesecurityguy@gmail.com>
  sinn3r <sinn3r@metasploit.com>
  ohdae <bindshell@live.com>


Description:
  This module gathers system information. We collect installed 
  packages, installed services, mount information, user list, user 
  bash history and cron jobs




resource (display/show_post.rc)> info linux/gather/enum_users_history


       Name: Linux Gather User History
     Module: post/linux/gather/enum_users_history
    Version: $Revision$
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  ohdae <bindshell@live.com>


Description:
  This module gathers user specific information. User list, bash 
  history, mysql history, vim history, lastlog and sudoers.




resource (display/show_post.rc)> info linux/gather/enum_xchat


       Name: Linux Gather XChat Enumeration
     Module: post/linux/gather/enum_xchat
    Version: 0
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  sinn3r <sinn3r@metasploit.com>


Description:
  This module will collect XChat's config files and chat logs from the 
  victim's machine. There are three actions you may choose: CONFIGS, 
  CHATS, and ALL. The CONFIGS option can be used to collect 
  information such as channel settings, channel/server passwords, etc. 
  The CHATS option will simply download all the .log files.




resource (display/show_post.rc)> info linux/gather/hashdump


       Name: Linux Gather Dump Password Hashes for Linux Systems
     Module: post/linux/gather/hashdump
    Version: 14774
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  Post Module to dump the password hashes for all users on a Linux 
  System




resource (display/show_post.rc)> info linux/gather/mount_cifs_creds


       Name: Linux Gather Saved mount.cifs/mount.smbfs Credentials
     Module: post/linux/gather/mount_cifs_creds
    Version: 0
   Platform: Linux
       Arch: 
       Rank: Normal


Provided by:
  Jon Hart <jhart@spoofed.org>


Description:
  Post Module to obtain credentials saved for mount.cifs/mount.smbfs 
  in /etc/fstab on a Linux system.




resource (display/show_post.rc)> info multi/gather/apple_ios_backup


       Name: Windows Gather Apple iOS MobileSync Backup File Collection
     Module: post/multi/gather/apple_ios_backup
    Version: 14834
   Platform: Windows, OSX
       Arch: 
       Rank: Normal


Provided by:
  hdm <hdm@metasploit.com>
  bannedit <bannedit@metasploit.com>


Description:
  This module will collect sensitive files from any on-disk iOS device 
  backups




resource (display/show_post.rc)> info multi/gather/dns_bruteforce


       Name: Multi Gather DNS Forward Lookup Bruteforce
     Module: post/multi/gather/dns_bruteforce
    Version: 14774
   Platform: Windows, Linux, OSX, BSD, Solaris
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  Brute force subdomains and hostnames via wordlist.




resource (display/show_post.rc)> info multi/gather/dns_reverse_lookup


       Name: Multi Gather DNS Reverse Lookup Scan
     Module: post/multi/gather/dns_reverse_lookup
    Version: 14774
   Platform: Windows, Linux, OSX, BSD, Solaris
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  Performs DNS reverse lookup using the OS included DNS query command.




resource (display/show_post.rc)> info multi/gather/dns_srv_lookup


       Name: Multi Gather DNS Service Record Lookup Scan
     Module: post/multi/gather/dns_srv_lookup
    Version: 14774
   Platform: Windows, Linux, OSX, BSD, Solaris
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  Enumerates know SRV Records for a given domaon using target host DNS 
  query tool.




resource (display/show_post.rc)> info multi/gather/enum_vbox


       Name: Multi Gather VirtualBox VM Enumeration
     Module: post/multi/gather/enum_vbox
    Version: $Revision$
   Platform: Unix, BSD, Linux, OSX, Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@metasploit.com>


Description:
  This module will attempt to enumerate any VirtualBox VMs on the 
  target machine. Due to the nature of VirtualBox, this module can 
  only enumerate VMs registered for the current user, thereforce, this 
  module needs to be invoked from a user context.




resource (display/show_post.rc)> info multi/gather/env


       Name: Multi Gather Generic Operating System Environment Settings
     Module: post/multi/gather/env
    Version: 14976
   Platform: Linux, Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>
  egypt <egypt@metasploit.com>


Description:
  This module prints out the operating system environment variables




resource (display/show_post.rc)> info multi/gather/fetchmailrc_creds


       Name: UNIX Gather .fetchmailrc Credentials
     Module: post/multi/gather/fetchmailrc_creds
    Version: 0
   Platform: BSD, Linux, OSX, Unix
       Arch: 
       Rank: Normal


Provided by:
  Jon Hart <jhart@spoofed.org>


Description:
  Post Module to obtain credentials saved for IMAP, POP and other mail 
  retrieval protocols in fetchmail's .fetchmailrc




resource (display/show_post.rc)> info multi/gather/filezilla_client_cred


       Name: Multi Gather FileZilla FTP Client Credential Collection
     Module: post/multi/gather/filezilla_client_cred
    Version: 14935
   Platform: Unix, BSD, Linux, OSX, Windows
       Arch: 
       Rank: Normal


Provided by:
  bannedit <bannedit@metasploit.com>
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will collect credentials from the FileZilla FTP client 
  if it is installed.




resource (display/show_post.rc)> info multi/gather/find_vmx


       Name: Multi Gather VMWare VM Identification
     Module: post/multi/gather/find_vmx
    Version: $Revision$
   Platform: Unix, BSD, Linux, OSX, Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@metasploit.com>


Description:
  This module will attempt to find any VMWare virtual machines stored 
  on the target.




resource (display/show_post.rc)> info multi/gather/firefox_creds


       Name: Multi Gather Firefox Signon Credential Collection
     Module: post/multi/gather/firefox_creds
    Version: 14852
   Platform: Windows, Linux, BSD, Unix, OSX
       Arch: 
       Rank: Normal


Provided by:
  bannedit <bannedit@metasploit.com>


Description:
  This module will collect credentials from the Firefox web browser if 
  it is installed on the targeted machine. Additionally, cookies are 
  downloaded. Which could potentially yield valid web sessions. 
  Firefox stores passwords within the signons.sqlite database file. 
  There is also a keys3.db file which contains the key for decrypting 
  these passwords. In cases where a Master Password has not been set, 
  the passwords can easily be decrypted using third party tools. If a 
  Master Password was used the only option would be to bruteforce.




resource (display/show_post.rc)> info multi/gather/multi_command


       Name: Multi Gather Run Shell Command Resource File
     Module: post/multi/gather/multi_command
    Version: 14774
   Platform: Windows, Linux, BSD, Unix, OSX
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will read shell commands from a resource file and 
  execute the commands in the specified Meterpreter or shell session.




resource (display/show_post.rc)> info multi/gather/netrc_creds


       Name: UNIX Gather .netrc Credentials
     Module: post/multi/gather/netrc_creds
    Version: 0
   Platform: BSD, Linux, OSX, Unix
       Arch: 
       Rank: Normal


Provided by:
  Jon Hart <jhart@spoofed.org>


Description:
  Post Module to obtain credentials saved for FTP and other services 
  in .netrc




resource (display/show_post.rc)> info multi/gather/pidgin_cred


       Name: Multi Gather Pidgin Instant Messenger Credential Collection
     Module: post/multi/gather/pidgin_cred
    Version: 14774
   Platform: Unix, BSD, Linux, OSX, Windows
       Arch: 
       Rank: Normal


Provided by:
  bannedit <bannedit@metasploit.com>
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will collect credentials from the Pidgin IM client if it 
  is installed.




resource (display/show_post.rc)> info multi/gather/ping_sweep


       Name: Multi Gather Ping Sweep
     Module: post/multi/gather/ping_sweep
    Version: 14774
   Platform: Windows, Linux, OSX, BSD, Solaris
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  Performs IPv4 ping sweep using the OS included ping command.




resource (display/show_post.rc)> info multi/gather/run_console_rc_file


       Name: Multi Gather Run Console Resource File
     Module: post/multi/gather/run_console_rc_file
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will read console commands from a resource file and 
  execute the commands in the specified Meterpreter session.




resource (display/show_post.rc)> info multi/gather/skype_enum


       Name: Multi Gather Skype User Data Enumeration
     Module: post/multi/gather/skype_enum
    Version: $Revision$
   Platform: Windows, OSX
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will enumerate Skype account settings, contact list, 
  call history, chat logs, file transfer history, and voicemail logs, 
  saving all the data to CSV files for analysis.




resource (display/show_post.rc)> info multi/gather/ssh_creds


       Name: Multi Gather OpenSSH PKI Credentials Collection
     Module: post/multi/gather/ssh_creds
    Version: 14795
   Platform: Linux, BSD, Unix, OSX
       Arch: 
       Rank: Normal


Provided by:
  Jim Halfpenny


Description:
  This module will collect the contents of user's .ssh directory on 
  the targeted machine. Additionally, known_hosts and authorized_keys 
  and any other files are also downloaded. This module is largely 
  based on firefox_creds.rb.




resource (display/show_post.rc)> info multi/gather/thunderbird_creds


       Name: Multi Gather Mozilla Thunderbird Signon Credential Collection
     Module: post/multi/gather/thunderbird_creds
    Version: 0
   Platform: Windows, Linux, OSX
       Arch: 
       Rank: Normal


Provided by:
  sinn3r <sinn3r@metasploit.com>


Description:
  This module will collect credentials from Mozilla Thunderbird by 
  downloading the necessary files such as 'signons.sqlite', 'key3.db', 
  and 'cert8.db' for offline decryption with third party tools. If 
  necessary, you may also set the PARSE optioin to true to parse the 
  sqlite file, which contains sensitive information such as the 
  encrypted username/password. However, this feature is not enabled by 
  default, because it requires SQLITE3 gem to be installed on your 
  machine.




resource (display/show_post.rc)> info multi/general/close


       Name: Multi Generic Operating System Session Close
     Module: post/multi/general/close
    Version: 14976
   Platform: Linux, Windows, Unix, OSX
       Arch: 
       Rank: Normal


Provided by:
  hdm <hdm@metasploit.com>


Description:
  This module closes the specified session. This can be useful as a 
  finisher for automation tasks




resource (display/show_post.rc)> info multi/general/execute


       Name: Multi Generic Operating System Session Command Execution
     Module: post/multi/general/execute
    Version: $Revision$
   Platform: Linux, Windows, Unix, OSX
       Arch: 
       Rank: Normal


Provided by:
  hdm <hdm@metasploit.com>


Description:
  This module executes an arbitrary command line




resource (display/show_post.rc)> info multi/manage/multi_post


       Name: Multi Manage Post Module Macro Execution
     Module: post/multi/manage/multi_post
    Version: 14774
   Platform: Windows, Unix, OSX, Linux, Solaris
       Arch: 
       Rank: Normal


Provided by:
  carlos_perez <carlos_perez@darkoperator.com>


Description:
  This module will execute a list of modules given in a macro file in 
  the format of <module> <opt=val,opt=val> against the select session 
  checking for compatibility of the module against the sessions and 
  validation of the options provided.




resource (display/show_post.rc)> info multi/manage/sudo


       Name: Multiple Linux / Unix Post Sudo Upgrade Shell
     Module: post/multi/manage/sudo
    Version: $
   Platform: Linux, Unix, OSX, Solaris, AIX
       Arch: 
       Rank: Normal


Provided by:
  todb <todb@metasploit.com>


Description:
  This module attempts to upgrade a shell account to UID 0 by reusing 
  the given password and passing it to sudo. This technique relies on 
  sudo versions from 2008 and later which support -A.


References:
  http://www.sudo.ws/repos/sudo/file/05780f5f71fd/sudo.h




resource (display/show_post.rc)> info multi/manage/system_session


       Name: Multi Manage System Remote TCP Shell Session
     Module: post/multi/manage/system_session
    Version: 14976
   Platform: Unix, OSX, Linux
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will create a Reverse TCP Shell on the target system 
  using the system own scripting enviroments installed on the target.




resource (display/show_post.rc)> info osx/admin/say


       Name: OSX Text to Speech Utility
     Module: post/osx/admin/say
    Version: 0
   Platform: OSX
       Arch: 
       Rank: Normal


Provided by:
  sinn3r <sinn3r@metasploit.com>


Description:
  This module will speak whatever is in the 'TEXT' option on the 
  victim machine.


References:
  http://www.gabrielserafini.com/blog/2008/08/19/mac-os-x-voices-for-using-with-the-say-command/




resource (display/show_post.rc)> info osx/gather/enum_adium


       Name: OSX Gather Adium Enumeration
     Module: post/osx/gather/enum_adium
    Version: 0
   Platform: OSX
       Arch: 
       Rank: Normal


Provided by:
  sinn3r <sinn3r@metasploit.com>


Description:
  This module will collect Adium's account plist files and chat logs 
  from the victim's machine. There are three different actions you may 
  choose: ACCOUNTS, CHATS, and ALL. Note that to use the 'CHATS' 
  action, make sure you set the regex 'PATTERN' option in order to 
  look for certain log names (which consists of a contact's name, and 
  a timestamp). The current 'PATTERN' option is configured to look for 
  any log created on February 2012 as an example. To loot both account 
  plists and chat logs, simply set the action to 'ALL'.




resource (display/show_post.rc)> info osx/gather/enum_airport


       Name: OSX Gather Airport Wireless Preferences
     Module: post/osx/gather/enum_airport
    Version: 0
   Platform: OSX
       Arch: 
       Rank: Normal


Provided by:
  sinn3r <sinn3r@metasploit.com>


Description:
  This module will download OSX Airport Wireless preferences from the 
  victim machine. The preferences file (which is a plist) contains 
  information such as: SSID, Channels, Security Type, Password ID, 
  etc.




resource (display/show_post.rc)> info osx/gather/enum_chicken_vnc_profile


       Name: OSX Gather Chicken of the VNC Profile
     Module: post/osx/gather/enum_chicken_vnc_profile
    Version: 0
   Platform: OSX
       Arch: 
       Rank: Normal


Provided by:
  sinn3r <sinn3r@metasploit.com>


Description:
  This module will download the "Chicken of the VNC" client 
  application's profile file, which is used to store other VNC 
  servers' information such as as the IP and password.




resource (display/show_post.rc)> info osx/gather/enum_colloquy


       Name: OSX Gather Colloquy Enumeration
     Module: post/osx/gather/enum_colloquy
    Version: 0
   Platform: OSX
       Arch: 
       Rank: Normal


Provided by:
  sinn3r <sinn3r@metasploit.com>


Description:
  This module will collect Colloquy's info plist file and chat logs 
  from the victim's machine. There are three actions you may choose: 
  INFO, CHATS, and ALL. Please note that the CHAT action may take a 
  long time depending on the victim machine, therefore we suggest to 
  set the regex 'PATTERN' option in order to search for certain log 
  names (which consists of the contact's name, and a timestamp). The 
  default 'PATTERN' is configured as "^alien" as an example to search 
  for any chat logs associated with the name "alien".




resource (display/show_post.rc)> info osx/gather/enum_osx


       Name: OS X Gather Mac OS X System Information Enumeration
     Module: post/osx/gather/enum_osx
    Version: 15406
   Platform: OSX
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module gathers basic system information from Mac OS X Tiger, 
  Leopard, Snow Leopard and Lion systems.




resource (display/show_post.rc)> info osx/gather/hashdump


       Name: OS X Gather Mac OS X Password Hash Collector
     Module: post/osx/gather/hashdump
    Version: 15406
   Platform: OSX
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>
  hammackj <jacob.hammack@hammackj.com>


Description:
  This module dumps SHA-1, LM and NT Hashes of Mac OS X Tiger, 
  Leopard, Snow Leopard and Lion Systems.




resource (display/show_post.rc)> info solaris/gather/checkvm


       Name: Solaris Gather Virtual Environment Detection
     Module: post/solaris/gather/checkvm
    Version: 14976
   Platform: Solaris
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module attempts to determine whether the system is running 
  inside of a virtual environment and if so, which one. This module 
  supports detectoin of Solaris Zone, VMWare, VirtualBox, Xen, and 
  QEMU/KVM.




resource (display/show_post.rc)> info solaris/gather/enum_packages


       Name: Solaris Gather Installed Packages
     Module: post/solaris/gather/enum_packages
    Version: 14774
   Platform: Solaris
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  Post Module to enumerate installed packages on a Solaris System




resource (display/show_post.rc)> info solaris/gather/enum_services


       Name: Solaris Gather Configured Services
     Module: post/solaris/gather/enum_services
    Version: 14774
   Platform: Solaris
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  Post Module to enumerate services on a Solaris System




resource (display/show_post.rc)> info solaris/gather/hashdump


       Name: Solaris Gather Dump Password Hashes for Solaris Systems
     Module: post/solaris/gather/hashdump
    Version: 14774
   Platform: Solaris
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  Post Module to dump the password hashes for all users on a Solaris 
  System




resource (display/show_post.rc)> info windows/capture/keylog_recorder


       Name: Windows Capture Keystroke Recorder
     Module: post/windows/capture/keylog_recorder
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module can be used to capture keystrokes. To capture keystrokes 
  when the session is running as SYSTEM, the MIGRATE option must be 
  enabled and the CAPTURE_TYPE option should be set to one of 
  Explorer, Winlogon, or a specific PID. To capture the keystrokes of 
  the interactive user, the Explorer option should be used with 
  MIGRATE enabled. Keep in mind that this will demote this session to 
  the user's privileges, so it makes sense to create a separate 
  session for this task. The Winlogon option will capture the username 
  and password entered into the logon and unlock dialog. The 
  LOCKSCREEN option can be combined with the Winlogon CAPTURE_TYPE to 
  for the user to enter their clear-text password.




resource (display/show_post.rc)> info windows/capture/lockout_keylogger


       Name: Winlogon Lockout Credential Keylogger
     Module: post/windows/capture/lockout_keylogger
    Version: 14822
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Rob Fuller <mubix@hak5.org>
  cg


Description:
  This module migrates and logs Microsoft Windows user's passwords via 
  Winlogon.exe. Using idle time and natural system changes to give a 
  false sense of security to the user.


References:
  http://blog.metasploit.com/2010/12/capturing-windows-logons-with.html




resource (display/show_post.rc)> info windows/escalate/bypassuac


       Name: Windows Escalate UAC Protection Bypass
     Module: post/windows/escalate/bypassuac
    Version: 14976
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  David Kennedy "ReL1K" <kennedyd013@gmail.com>
  mitnick


Description:
  This module will bypass Windows UAC by utilizing the trusted 
  publisher certificate through process injection. It will spawn a 
  second shell that has the UAC flag turned off.


References:
  http://www.secmaniac.com/december-2010/bypass-windows-uac/




resource (display/show_post.rc)> info windows/escalate/droplnk


       Name: Windows Escalate SMB Icon LNK dropper
     Module: post/windows/escalate/droplnk
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Rob Fuller <mubix@hak5.org>


Description:
  This module drops a shortcut (LNK file) that has a ICON reference 
  existing on the specified remote host, causing SMB and WebDAV 
  connections to be initiated from any user that views the shortcut.




resource (display/show_post.rc)> info windows/escalate/getsystem


       Name: Windows Escalate Get System via Administrator
     Module: post/windows/escalate/getsystem
    Version: $Revision$
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  hdm <hdm@metasploit.com>


Description:
  This module uses the builtin 'getsystem' command to escalate the 
  current session to the SYSTEM account from an administrator user 
  account.




resource (display/show_post.rc)> info windows/escalate/ms10_073_kbdlayout


       Name: Windows Escalate NtUserLoadKeyboardLayoutEx Privilege Escalation
     Module: post/windows/escalate/ms10_073_kbdlayout
    Version: 15014
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Ruben Santamarta
  jduck <jduck@metasploit.com>


Description:
  This module exploits the keyboard layout vulnerability exploited by 
  Stuxnet. When processing specially crafted keyboard layout files 
  (DLLs), the Windows kernel fails to validate that an array index is 
  within the bounds of the array. By loading a specially crafted 
  keyboard layout, an attacker can execute code in Ring 0.


References:
  http://www.osvdb.org/68552
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2743
  http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx
  http://www.vupen.com/blog/20101018.Stuxnet_Win32k_Windows_Kernel_0Day_Exploit_CVE-2010-2743.php
  http://www.reversemode.com/index.php?option=com_content&task=view&id=71&Itemid=1
  http://www.exploit-db.com/exploits/15985




resource (display/show_post.rc)> info windows/escalate/ms10_092_schelevator


       Name: Windows Escalate Task Scheduler XML Privilege Escalation
     Module: post/windows/escalate/ms10_092_schelevator
    Version: 15014
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  jduck <jduck@metasploit.com>


Description:
  This module exploits the Task Scheduler 2.0 XML 0day exploited by 
  Stuxnet. When processing task files, the Windows Task Scheduler only 
  uses a CRC32 checksum to validate that the file has not been 
  tampered with. Also, In a default configuration, normal users can 
  read and write the task files that they have created. By modifying 
  the task file and creating a CRC32 collision, an attacker can 
  execute arbitrary commands with SYSTEM privileges. NOTE: Thanks to 
  webDEViL for the information about disable/enable.


References:
  http://www.osvdb.org/68518
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3338
  http://www.securityfocus.com/bid/44357
  http://www.microsoft.com/technet/security/bulletin/MS10-092.mspx
  http://www.exploit-db.com/exploits/15589




resource (display/show_post.rc)> info windows/escalate/net_runtime_modify


       Name: Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
     Module: post/windows/escalate/net_runtime_modify
    Version: 15014
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  bannedit <bannedit@metasploit.com>


Description:
  This module attempts to exploit the security permissions set on the 
  .NET Runtime Optimization service. Vulnerable versions of the .NET 
  Framework include 4.0 and 2.0. The permissions on this service allow 
  domain users and local power users to modify the mscorsvw.exe 
  binary.


References:
  http://www.osvdb.org/71013
  http://www.exploit-db.com/exploits/16940




resource (display/show_post.rc)> info windows/escalate/screen_unlock


       Name: Windows Escalate Locked Desktop Unlocker
     Module: post/windows/escalate/screen_unlock
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  L4teral <l4teral[4t]gmail com>
  Metlstorm


Description:
  This module unlocks a locked Windows desktop by patching the 
  respective code inside the LSASS.exe process. This patching process 
  can result in the target system hanging or even rebooting, so be 
  careful when using this module on production systems.


References:
  http://www.storm.net.nz/projects/16




resource (display/show_post.rc)> info windows/escalate/service_permissions


       Name: Windows Escalate Service Permissions Local Privilege Escalation
     Module: post/windows/escalate/service_permissions
    Version: 15394
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  scriptjunkie


Description:
  This module attempts to exploit existing administrative privileges 
  to obtain a SYSTEM session. If directly creating a service fails, 
  this module will inspect existing services to look for insecure file 
  or configuration permissions that may be hijacked. It will then 
  attempt to restart the replaced service to run the payload. This 
  will result in a new session when this succeeds. If the module is 
  able to modify the service but does not have permission to start and 
  stop the affected service, the attacker must wait for the system to 
  restart before a session will be created.




resource (display/show_post.rc)> info windows/gather/arp_scanner


       Name: Windows Gather ARP Scanner
     Module: post/windows/gather/arp_scanner
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This Module will perform an ARP scan for a given IP range through a 
  Meterpreter Session.




resource (display/show_post.rc)> info windows/gather/bitcoin_jacker


       Name: Windows Gather Bitcoin wallet.dat
     Module: post/windows/gather/bitcoin_jacker
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  illwill <illwill@illmob.org>


Description:
  This module downloads any Bitcoin wallet.dat files from the target 
  system




resource (display/show_post.rc)> info windows/gather/cachedump


       Name: Windows Gather Credential Cache Dump
     Module: post/windows/gather/cachedump
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Maurizio Agazzini <inode@mediaservice.net>
  Rob Fuller <mubix@hak5.org>


Description:
  This module uses the registry to extract the stored domain hashes 
  that have been cached as a result of a GPO setting. The default 
  setting on Windows is to store the last ten successful logins.


References:
  http://lab.mediaservice.net/code/cachedump.rb




resource (display/show_post.rc)> info windows/gather/checkvm


       Name: Windows Gather Virtual Environment Detection
     Module: post/windows/gather/checkvm
    Version: 15394
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module attempts to determine whether the system is running 
  inside of a virtual environment and if so, which one. This module 
  supports detectoin of Hyper-V, VMWare, Virtual PC, VirtualBox, Xen, 
  and QEMU.




resource (display/show_post.rc)> info windows/gather/credentials/coreftp


       Name: Windows Gather CoreFTP Saved Password Extraction
     Module: post/windows/gather/credentials/coreftp
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module extracts saved passwords from the CoreFTP FTP client. 
  These passwords are stored in the registry. They are encrypted with 
  AES-128-ECB. This module extracts and decrypts these passwords.




resource (display/show_post.rc)> info windows/gather/credentials/credential_collector


       Name: Windows Gather Credential Collector
     Module: post/windows/gather/credentials/credential_collector
    Version: 14800
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  tebo <tebo@attackresearch.com>


Description:
  This module harvests credentials found on the host and stores them 
  in the database.




resource (display/show_post.rc)> info windows/gather/credentials/dyndns


       Name: Windows Gather Dyn-Dns Client Password Extractor
     Module: post/windows/gather/credentials/dyndns
    Version: 14822
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Shubham Dawra <shubham2dawra@gmail.com>
  sinn3r <sinn3r@metasploit.com>


Description:
  This module extracts the username, password, and hosts for Dyn-Dns 
  version 4.1.8. This is done by downloading the config.dyndns file 
  from the victim machine, and then automatically decode the password 
  field. The original copy of the config file is also saved to disk.




resource (display/show_post.rc)> info windows/gather/credentials/enum_cred_store


       Name: Windows Gather Credential Store Enumeration and Decryption Module
     Module: post/windows/gather/credentials/enum_cred_store
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Kx499


Description:
  This module will enumerate the Microsoft Credential Store and 
  decrypt the credentials. This module can only access credentials 
  created by the user the process is running as. It cannot decrypt 
  Domain Network Passwords, but will display the username and 
  location.




resource (display/show_post.rc)> info windows/gather/credentials/enum_picasa_pwds


       Name: Windows Gather Google Picasa Password Extractor
     Module: post/windows/gather/credentials/enum_picasa_pwds
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  SecurityXploded Team
  Sil3ntDre4m <sil3ntdre4m@gmail.com>


Description:
  This module extracts and decrypts the login passwords stored by 
  Google Picasa.




resource (display/show_post.rc)> info windows/gather/credentials/epo_sql


       Name: Windows Gather McAfee ePO 4.6 Config SQL Credentials
     Module: post/windows/gather/credentials/epo_sql
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Nathan Einwechter <neinwechter@gmail.com>


Description:
  This module extracts connection details and decrypts the saved 
  password for the SQL database in use by a McAfee ePO 4.6 server. The 
  passwords are stored in a config file. They are encrypted with 
  AES-128-ECB and a static key.




resource (display/show_post.rc)> info windows/gather/credentials/filezilla_server


       Name: Windows Gather FileZilla FTP Server Credential Collection
     Module: post/windows/gather/credentials/filezilla_server
    Version: 14871
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  bannedit <bannedit@metasploit.com>


Description:
  This module will collect credentials from the FileZilla FTP server 
  if installed.




resource (display/show_post.rc)> info windows/gather/credentials/flashfxp


       Name: Windows Gather FlashFXP Saved Password Extraction
     Module: post/windows/gather/credentials/flashfxp
    Version: 14789
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module extracts weakly encrypted saved FTP Passwords from 
  FlashFXP. It finds saved FTP connections in the Sites.dat file.




resource (display/show_post.rc)> info windows/gather/credentials/ftpnavigator


       Name: Windows Gather FTP Navigator Saved Password Extraction
     Module: post/windows/gather/credentials/ftpnavigator
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module extracts saved passwords from the FTP Navigator FTP 
  client. It will decode the saved passwords and store them in the 
  database.




resource (display/show_post.rc)> info windows/gather/credentials/idm


       Name: Windows Gather Internet Download Manager (IDM) Password Extractor
     Module: post/windows/gather/credentials/idm
    Version: 14976
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  sil3ntdre4m <sil3ntdre4m@gmail.com>
  SecurityXploded Team <contact@securityxploded.com>


Description:
  This module recovers the saved premium download account passwords 
  from Internet Download Manager (IDM). These passwords are stored in 
  an encoded format in the registry. This module traverses through 
  these registry entries and decodes them. Thanks to the template code 
  of thelightcosine's CoreFTP password module.




resource (display/show_post.rc)> info windows/gather/credentials/imail


       Name: Windows Gather IPSwitch iMail User Data Enumeration
     Module: post/windows/gather/credentials/imail
    Version: 15014
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  sinn3r <sinn3r@metasploit.com>


Description:
  This module will collect iMail user data such as the username, 
  domain, full name, e-mail, and the decoded password. Please note if 
  IMAILUSER is specified, the module extracts user data from all the 
  domains found. If IMAILDOMAIN is specified, then it will extract all 
  user data under that particular category.


References:
  http://www.exploit-db.com/exploits/11331




resource (display/show_post.rc)> info windows/gather/credentials/imvu


       Name: Windows Gather Credentials IMVU Game Client
     Module: post/windows/gather/credentials/imvu
    Version: 14100
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Shubham Dawra <shubham2dawra@gmail.com>


Description:
  This module extracts account username & password from the IMVU game 
  client and stores it as loot.




resource (display/show_post.rc)> info windows/gather/credentials/meebo


       Name: Windows Gather Meebo Password Extractor
     Module: post/windows/gather/credentials/meebo
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Sil3ntDre4m <sil3ntdre4m@gmail.com>
  SecurityXploded Team <www.SecurityXploded.com>


Description:
  This module extracts login account password stored by Meebo 
  Notifier, a desktop version of Meebo's Online Messenger.




resource (display/show_post.rc)> info windows/gather/credentials/mremote


       Name: Windows Gather mRemote Saved Password Extraction
     Module: post/windows/gather/credentials/mremote
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>
  hdm <hdm@metasploit.com>
  Rob Fuller <mubix@hak5.org>


Description:
  This module extracts saved passwords from mRemote. mRemote stores 
  connections for RDP, VNC, SSH, Telnet, rlogin and other protocols. 
  It saves the passwords in an encrypted format. The module will 
  extract the connection info and decrypt the saved passwords.




resource (display/show_post.rc)> info windows/gather/credentials/nimbuzz


       Name: Windows Gather Nimbuzz Instant Messenger Password Extractor
     Module: post/windows/gather/credentials/nimbuzz
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  sil3ntdre4m <sil3ntdre4m@gmail.com>
  SecurityXploded Team


Description:
  This module extracts the account passwords saved by Nimbuzz Instant 
  Messenger in hex format.




resource (display/show_post.rc)> info windows/gather/credentials/outlook


       Name: Windows Gather Microsoft Outlook Saved Password Extraction
     Module: post/windows/gather/credentials/outlook
    Version: 14835
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Justin Cacak


Description:
  This module extracts and attempts to decrypt saved Microsoft Outlook 
  (versions 2002-2010) passwords from the Windows Registry for 
  POP3/IMAP/SMTP/HTTP accounts. In order for decryption to be 
  successful, this module must be executed with the same privileges as 
  the user which originally encrypted the password.




resource (display/show_post.rc)> info windows/gather/credentials/razorsql


       Name: Windows Gather RazorSQL Credentials
     Module: post/windows/gather/credentials/razorsql
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Paul Rascagneres <rascagneres@itrust.lu>
  sinn3r <sinn3r@metasploit.com>


Description:
  This module stores username, password, type, host, port, database 
  (and name) collected from profiles.txt of RazorSQL.




resource (display/show_post.rc)> info windows/gather/credentials/smartftp


       Name: Windows Gather SmartFTP Saved Password Extraction
     Module: post/windows/gather/credentials/smartftp
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module finds saved login credentials for the SmartFTP FTP 
  client for windows. It finds the saved passwords and decrypts them.




resource (display/show_post.rc)> info windows/gather/credentials/total_commander


       Name: Windows Gather Total Commander Saved Password Extraction
     Module: post/windows/gather/credentials/total_commander
    Version: 14789
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module extracts weakly encrypted saved FTP Passwords from Total 
  Commander. It finds saved FTP connections in the wcx_ftp.ini file.




resource (display/show_post.rc)> info windows/gather/credentials/trillian


       Name: Windows Gather Trillian Password Extractor
     Module: post/windows/gather/credentials/trillian
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Sil3ntDre4m <sil3ntdre4m@gmail.com>
  SecurityXploded Team


Description:
  This module extracts account password from Trillian & Trillian Astra 
  v4.x-5.x instant messenger.




resource (display/show_post.rc)> info windows/gather/credentials/vnc


       Name: Windows Gather VNC Password Extraction
     Module: post/windows/gather/credentials/vnc
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Kurt Grutzmacher <grutz@jingojango.net>
  Rob Fuller <mubix@hak5.org>


Description:
  This module extract DES encrypted passwords in known VNC locations




resource (display/show_post.rc)> info windows/gather/credentials/windows_autologin


       Name: Windows Gather AutoLogin User Credential Extractor
     Module: post/windows/gather/credentials/windows_autologin
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Myo Soe <YGN Ethical Hacker Group, http://yehg.net>


Description:
  This module extracts the plain-text Windows user login password in 
  Registry. It exploits a Windows feature that Windows (2000 to 2008 
  R2) allows a user or third-party Windows Utility tools to configure 
  User AutoLogin via plain-text password insertion in 
  (Alt)DefaultPassword field in the registry location - 
  HKLM\Software\Microsoft\Windows NT\WinLogon. This is readable by all 
  users.


References:
  http://support.microsoft.com/kb/315231
  http://core.yehg.net/lab/#tools.exploits




resource (display/show_post.rc)> info windows/gather/credentials/winscp


       Name: Windows Gather WinSCP Saved Password Extraction
     Module: post/windows/gather/credentials/winscp
    Version: 15349
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module extracts weakly encrypted saved passwords from WinSCP. 
  It searches for saved sessions in the Windows Registry and the 
  WinSCP.ini file. It cannot decrypt passwords if a master password is 
  used.




resource (display/show_post.rc)> info windows/gather/credentials/wsftp_client


       Name: Windows Gather WS_FTP Saved Password Extraction
     Module: post/windows/gather/credentials/wsftp_client
    Version: 14789
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module extracts weakly encrypted saved FTP Passwords from 
  WS_FTP. It finds saved FTP connections in the ws_ftp.ini file.




resource (display/show_post.rc)> info windows/gather/dumplinks


       Name: Windows Gather Dump Recent Files lnk Info
     Module: post/windows/gather/dumplinks
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  davehull <dph_msf@trustedsignal.com>


Description:
  The dumplinks module is a modified port of Harlan Carvey's lslnk.pl 
  Perl script. This module will parse .lnk files from a user's Recent 
  Documents folder and Microsoft Office's Recent Documents folder, if 
  present. Windows creates these link files automatically for many 
  common file types. The .lnk files contain time stamps, file 
  locations, including share names, volume serial numbers, and more.




resource (display/show_post.rc)> info windows/gather/enum_applications


       Name: Windows Gather Installed Application Enumeration
     Module: post/windows/gather/enum_applications
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will enumerate all installed applications




resource (display/show_post.rc)> info windows/gather/enum_artifacts


       Name: Windows Gather File and Registry Artifacts Enumeration
     Module: post/windows/gather/enum_artifacts
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  averagesecurityguy <stephen@averagesecurityguy.info>


Description:
  This module will check the file system and registry for particular 
  artifacts. The list of artifacts is read from 
  data/post/enum_artifacts_list.txt or a user specified file. Any 
  matches are written to the loot.




resource (display/show_post.rc)> info windows/gather/enum_chrome


       Name: Windows Gather Google Chrome User Data Enumeration
     Module: post/windows/gather/enum_chrome
    Version: 14837
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Sven Taute
  sinn3r <sinn3r@metasploit.com>
  Kx499


Description:
  This module will collect user data from Google Chrome and attempt to 
  decrypt sensitive information.




resource (display/show_post.rc)> info windows/gather/enum_computers


       Name: Windows Gather Enumerate Computers
     Module: post/windows/gather/enum_computers
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Joshua Abraham <jabra@rapid7.com>


Description:
  This module will enumerate computers included in the primary Domain.




resource (display/show_post.rc)> info windows/gather/enum_devices


       Name: Windows Gather Hardware Enumeration
     Module: post/windows/gather/enum_devices
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Brandon Perry <bperry.volatile@gmail.com>


Description:
  Enumerate PCI hardware information from the registry. Please note 
  this script will run through registry subkeys such as: 'PCI', 
  'ACPI', 'ACPI_HAL', 'FDC', 'HID', 'HTREE', 'IDE', 'ISAPNP', 
  'LEGACY'', LPTENUM', 'PCIIDE', 'SCSI', 'STORAGE', 'SW', and 'USB'; 
  it will take time to finish. It is recommended to run this module as 
  a background job.




resource (display/show_post.rc)> info windows/gather/enum_dirperms


       Name: Windows Gather Directory Permissions Enumeration
     Module: post/windows/gather/enum_dirperms
    Version: 15228
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Kx499


Description:
  This module enumerates directories and lists the permissions set on 
  found directories.




resource (display/show_post.rc)> info windows/gather/enum_domain


       Name: Windows Gather Enumerate Domain
     Module: post/windows/gather/enum_domain
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Joshua Abraham <jabra@rapid7.com>


Description:
  This module identifies the primary domain via the registry. The 
  registry value used is: 
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group 
  Policy\History\DCName.




resource (display/show_post.rc)> info windows/gather/enum_domain_group_users


       Name: Windows Gather Enumerate Domain Group
     Module: post/windows/gather/enum_domain_group_users
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>
  Stephen Haywood <haywoodsb@gmail.com>


Description:
  This module extracts user accounts from specified group and stores 
  the results in the loot. It will also verify if session account is 
  in the group. Data is stored in loot in a format that is compatible 
  with the token_hunter plugin. This module should be run over as 
  session with domain credentials.




resource (display/show_post.rc)> info windows/gather/enum_domain_tokens


       Name: Windows Gather Enumerate Domain Tokens
     Module: post/windows/gather/enum_domain_tokens
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will enumerate tokens present on a system that are part 
  of the domain the target host is part of, will also enumerate users 
  in the local Administrators, Users and Backup Operator groups to 
  identify Domain members. Processes will be also enumerated and 
  checked if they are running under a Domain account, on all checks 
  the accounts, processes and tokens will be checked if they are part 
  of the Domain Admin group of the domain the machine is a member of.




resource (display/show_post.rc)> info windows/gather/enum_domains


       Name: Windows Gather Domain Enumeration
     Module: post/windows/gather/enum_domains
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Rob Fuller <mubix@hak5.org>


Description:
  This module enumerates currently the domains a host can see and the 
  domain controllers for that domain.




resource (display/show_post.rc)> info windows/gather/enum_hostfile


       Name: Windows Gather Windows Host File Enumeration
     Module: post/windows/gather/enum_hostfile
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  vt <nick.freeman@security-assessment.com>


Description:
  This module returns a list of entries in the target system's hosts 
  file.




resource (display/show_post.rc)> info windows/gather/enum_ie


       Name: Windows Gather Internet Explorer User Data Enumeration
     Module: post/windows/gather/enum_ie
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Kx499


Description:
  This module will collect history, cookies, and credentials (from 
  either HTTP auth passwords, or saved form passwords found in 
  auto-complete) in Internet Explorer. The ability to gather 
  credentials is only supported for versions of IE >=7, while history 
  and cookies can be extracted for all versions.




resource (display/show_post.rc)> info windows/gather/enum_logged_on_users


       Name: Windows Gather Logged On User Enumeration (Registry)
     Module: post/windows/gather/enum_logged_on_users
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will enumerate current and recently logged on Windows 
  users




resource (display/show_post.rc)> info windows/gather/enum_ms_product_keys


       Name: Windows Gather Product Key
     Module: post/windows/gather/enum_ms_product_keys
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Brandon Perry <bperry.volatile@gmail.com>


Description:
  This module will enumerate the OS license key




resource (display/show_post.rc)> info windows/gather/enum_powershell_env


       Name: Windows Gather Powershell Environment Setting Enumeration
     Module: post/windows/gather/enum_powershell_env
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will enumerate Microsoft Powershell settings




resource (display/show_post.rc)> info windows/gather/enum_services


       Name: Windows Gather Service Info Enumeration
     Module: post/windows/gather/enum_services
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Keith Faber
  Kx499


Description:
  This module will query the system for services and display name and 
  configuration info for each returned service. It allows you to 
  optionally search the credentials, path, or start type for a string 
  and only return the results that match. These query operations are 
  cumulative and if no query strings are specified, it just returns 
  all services. NOTE: If the script hangs, windows firewall is most 
  likely on and you did not migrate to a safe process (explorer.exe 
  for example).




resource (display/show_post.rc)> info windows/gather/enum_shares


       Name: Windows Gather SMB Share Enumeration via Registry
     Module: post/windows/gather/enum_shares
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will enumerate configured and recently used file shares




resource (display/show_post.rc)> info windows/gather/enum_snmp


       Name: Windows Gather SNMP Settings Enumeration (Registry)
     Module: post/windows/gather/enum_snmp
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>
  Tebo <tebo@attackresearch.com>


Description:
  This module will enumerate the SNMP service configuration




resource (display/show_post.rc)> info windows/gather/enum_termserv


       Name: Windows Gather Terminal Server Client Connection Information Dumper
     Module: post/windows/gather/enum_termserv
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Rob Fuller <mubix@hak5.org>


Description:
  This module dumps MRU and connection data for RDP sessions




resource (display/show_post.rc)> info windows/gather/enum_tokens


       Name: Windows Gather Enumerate Domain Admin Tokens (Token Hunter)
     Module: post/windows/gather/enum_tokens
    Version: 14822
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Joshua Abraham <jabra@rapid7.com>


Description:
  This module will identify systems that have a Domain Admin 
  (delegation) token on them. The module will first check if 
  sufficient privileges are present for certain actions, and run 
  getprivs for system. If you elevated privs to system, the 
  SeAssignPrimaryTokenPrivilege will not be assigned, in that case try 
  migrating to another process that is running as system. If no 
  sufficient privileges are available, the script will not continue.




resource (display/show_post.rc)> info windows/gather/forensics/duqu_check


       Name: Windows Gather Forensics Duqu Registry Check
     Module: post/windows/gather/forensics/duqu_check
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Marcus J. Carey <mjc@threatagent.com>


Description:
  This module searches for CVE-2011-3402 (Duqu) related registry 
  artifacts.


References:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3402
  http://r-7.co/w5h7fY




resource (display/show_post.rc)> info windows/gather/forensics/enum_drives


       Name: Windows Gather Physical Drives and Logical Volumes
     Module: post/windows/gather/forensics/enum_drives
    Version: 14287
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Wesley McGrew <wesley@mcgrewsecurity.com>


Description:
  This module will list physical drives and logical volumes




resource (display/show_post.rc)> info windows/gather/forensics/imager


       Name: Windows Gather Forensic Imaging
     Module: post/windows/gather/forensics/imager
    Version: 14287
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Wesley McGrew <wesley@mcgrewsecurity.com>


Description:
  This module will perform byte-for-byte imaging of remote disks and 
  volumes




resource (display/show_post.rc)> info windows/gather/forensics/nbd_server


       Name: Windows Gather Local NBD Server
     Module: post/windows/gather/forensics/nbd_server
    Version: 14287
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Wesley McGrew <wesley@mcgrewsecurity.com>


Description:
  Maps remote disks and logical volumes to a local Network Block 
  Device server. Allows for forensic tools to be executed on the 
  remote disk directly.




resource (display/show_post.rc)> info windows/gather/hashdump


       Name: Windows Gather Local User Account Password Hashes (Registry)
     Module: post/windows/gather/hashdump
    Version: 15268
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  hdm <hdm@metasploit.com>


Description:
  This module will dump the local user accounts from the SAM database 
  using the registry




resource (display/show_post.rc)> info windows/gather/memory_grep


       Name: Windows Gather Process Memory Grep
     Module: post/windows/gather/memory_grep
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  bannedit <bannedit@metasploit.com>


Description:
  This module allows for searching the memory space of a proccess for 
  potentially sensitive data.




resource (display/show_post.rc)> info windows/gather/resolve_sid


       Name: Windows Gather Local User Account SID Lookup
     Module: post/windows/gather/resolve_sid
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  chao-mu


Description:
  This module prints information about a given SID from the 
  perspective of this session




resource (display/show_post.rc)> info windows/gather/reverse_lookup


       Name: Windows Gather IP Range Reverse Lookup
     Module: post/windows/gather/reverse_lookup
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  mubix


Description:
  This module uses Railgun, calling the gethostbyaddr function to 
  resolve a hostname to an IP.




resource (display/show_post.rc)> info windows/gather/screen_spy


       Name: Windows Gather Screen Spy
     Module: post/windows/gather/screen_spy
    Version: 14822
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Roni Bachar <roni.bachar.blog@gmail.com>
  bannedit <bannedit@metasploit.com>
  kernelsmith <kernelsmith /x40 kernelsmith /x2E com>
  Adrian Kubok


Description:
  This module will incrementally take screenshots of the meterpreter 
  host. This allows for screen spying which can be useful to determine 
  if there is an active user on a machine, or to record the screen for 
  later data extraction.




resource (display/show_post.rc)> info windows/gather/smart_hashdump


       Name: Windows Gather Local and Domain Controller Account Password Hashes
     Module: post/windows/gather/smart_hashdump
    Version: 14822
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This will dump local accounts from the SAM Database. If the target 
  host is a Domain Controller, it will dump the Domain Account 
  Database using the proper technique depending on privilege level, OS 
  and role of the host.




resource (display/show_post.rc)> info windows/gather/usb_history


       Name: Windows Gather USB Drive History
     Module: post/windows/gather/usb_history
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  nebulus


Description:
  This module will enumerate USB Drive history on a target host.




resource (display/show_post.rc)> info windows/gather/win_privs


       Name: Windows Gather Privileges Enumeration
     Module: post/windows/gather/win_privs
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Merlyn Cousins <drforbin6@gmail.com>


Description:
  This module will print if UAC is enabled, and if the current account 
  is ADMIN enabled. It will also print UID, foreground SESSION ID, is 
  SYSTEM status and current process PRIVILEGES.




resource (display/show_post.rc)> info windows/gather/wmic_command


       Name: Windows Gather Run Specified WMIC command
     Module: post/windows/gather/wmic_command
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will execute a given WMIC command options or read WMIC 
  commands options from a resource file and execute the commands in 
  the specified Meterpreter session.




resource (display/show_post.rc)> info windows/manage/add_user_domain


       Name: Windows Manage Add User to the Domain and/or to a Domain Group
     Module: post/windows/manage/add_user_domain
    Version: 14822
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Joshua Abraham <jabra@rapid7.com>


Description:
  This module adds a user to the Domain and/or to a Domain group. It 
  will check if sufficient privileges are present for certain actions 
  and run getprivs for system. If you elevated privs to system,the 
  SeAssignPrimaryTokenPrivilege will not be assigned. You need to 
  migrate to a process that is running as system. If you don't have 
  privs, this script exits.




resource (display/show_post.rc)> info windows/manage/autoroute


       Name: Windows Manage Network Route via Meterpreter Session
     Module: post/windows/manage/autoroute
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  todb <todb@metasploit.com>


Description:
  This module manages session routing via an existing Meterpreter 
  session. It enables other modules to 'pivot' through a compromised 
  host when connecting to the named NETWORK and SUBMASK.




resource (display/show_post.rc)> info windows/manage/delete_user


       Name: Windows Manage Local User Account Deletion
     Module: post/windows/manage/delete_user
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  chao-mu


Description:
  This module deletes a local user account from the specified server, 
  or the local machine if no server is given.




resource (display/show_post.rc)> info windows/manage/download_exec


       Name: Windows Manage Download and/or Execute
     Module: post/windows/manage/download_exec
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  RageLtMan


Description:
  This module will download a file by importing urlmon via railgun. 
  The user may also choose to execute the file with arguments via 
  exec_string.




resource (display/show_post.rc)> info windows/manage/enable_rdp


       Name: Windows Manage Enable Remote Desktop
     Module: post/windows/manage/enable_rdp
    Version: 15406
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module enables the Remote Desktop Service (RDP). It provides 
  the options to create an account and configure it to be a member of 
  the Local Administrators and Remote Desktop Users group. It can also 
  forward the target's port 3389/tcp.




resource (display/show_post.rc)> info windows/manage/inject_ca


       Name: Windows Manage Certificate Authority Injection
     Module: post/windows/manage/inject_ca
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  vt <nick.freeman@security-assessment.com>


Description:
  This module allows the attacker to insert an arbitrary CA 
  certificate into the victim's Trusted Root store.




resource (display/show_post.rc)> info windows/manage/inject_host


       Name: Windows Manage Hosts File Injection
     Module: post/windows/manage/inject_host
    Version: 15175
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  vt <nick.freeman@security-assessment.com>


Description:
  This module allows the attacker to insert a new entry into the 
  target system's hosts file.




resource (display/show_post.rc)> info windows/manage/migrate


       Name: Windows Manage Process Migration
     Module: post/windows/manage/migrate
    Version: 15191
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will migrate a Meterpreter session from one process to 
  another. A given process PID to migrate to or the module can spawn 
  one and migrate to that newly spawned process.




resource (display/show_post.rc)> info windows/manage/multi_meterpreter_inject


       Name: Windows Manage Inject in Memory Multiple Payloads
     Module: post/windows/manage/multi_meterpreter_inject
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will inject in to several process a given payload and 
  connecting to a given list of IP Addresses. The module works with a 
  given lists of IP Addresses and process PIDs if no PID is given it 
  will start a the given process in the advanced options and inject 
  the selected payload in to the memory of the created module.




resource (display/show_post.rc)> info windows/manage/nbd_server


       Name: Windows Manage Local NBD Server for Remote Disks
     Module: post/windows/manage/nbd_server
    Version: 14976
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Wesley McGrew <wesley@mcgrewsecurity.com>


Description:
  Maps remote disks and logical volumes to a local Network Block 
  Device server. Allows for forensic tools to be executed on the 
  remote disk directly.




resource (display/show_post.rc)> info windows/manage/payload_inject


       Name: Windows Manage Memory Payload Injection Module
     Module: post/windows/manage/payload_inject
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>


Description:
  This module will inject into the memory of a process a specified 
  windows payload. If a payload or process is not provided one will be 
  created by default using a reverse x86 TCP Meterpreter Payload.




resource (display/show_post.rc)> info windows/manage/persistence


       Name: Windows Manage Persistent Payload Installer
     Module: post/windows/manage/persistence
    Version: 15394
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Carlos Perez <carlos_perez@darkoperator.com>
  Merlyn drforbin Cousins <drforbin6@gmail.com>


Description:
  This Module will create a boot persistent reverse Meterpreter 
  session by installing on the target host the payload as a script 
  that will be executed at user logon or system startup depending on 
  privilege and selected startup method. REXE mode will transfer a 
  binary of your choosing to remote host to be used as a payload.




resource (display/show_post.rc)> info windows/manage/powershell/exec_powershell


       Name: Windows Manage PowerShell Download and/or Execute
     Module: post/windows/manage/powershell/exec_powershell
    Version: $Revision$
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Nicholas Nam (nick <Nicholas Nam (nick@executionflow.org)>
  RageLtMan


Description:
  This module will download and execute a PowerShell script over a 
  meterpreter session. The user may also enter text substitutions to 
  be made in memory before execution. Setting VERBOSE to true will 
  output both the script prior to execution and the results.




resource (display/show_post.rc)> info windows/manage/pxexploit


       Name: Windows Manage PXE Exploit Server
     Module: post/windows/manage/pxexploit
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  scriptjunkie


Description:
  This module provides a PXE server, running a DHCP and TFTP server. 
  The default configuration loads a linux kernel and initrd into 
  memory that reads the hard drive; placing a payload to install 
  metsvc, disable the firewall, and add a new user metasploit on any 
  Windows partition seen, and add a uid 0 user with username and 
  password metasploit to any linux partition seen. The windows user 
  will have the password p@SSw0rd!123456 (in case of complexity 
  requirements) and will be added to the administrators group. See 
  exploit/windows/misc/pxesploit for a version to deliver a specific 
  payload. Note: the displayed IP address of a target is the address 
  this DHCP server handed out, not the "normal" IP address the host 
  uses.




resource (display/show_post.rc)> info windows/manage/remove_ca


       Name: Windows Certificate Authority Removal
     Module: post/windows/manage/remove_ca
    Version: 15175
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  vt <nick.freeman@security-assessment.com>


Description:
  This module allows the attacker to remove an arbitrary CA 
  certificate from the victim's Trusted Root store.




resource (display/show_post.rc)> info windows/manage/remove_host


       Name: Windows Manage Host File Entry Removal
     Module: post/windows/manage/remove_host
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  vt <nick.freeman@security-assessment.com>


Description:
  This module allows the attacker to remove an entry from the Windows 
  hosts file.




resource (display/show_post.rc)> info windows/manage/run_as


       Name: Windows Manage Run Command As User
     Module: post/windows/manage/run_as
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Kx499


Description:
  This module will login with the specified username/password and 
  execute the supplied command as a hidden process. Output is not 
  returned by default, by setting CMDOUT to false output will be 
  redirected to a temp file and read back in to display.By setting 
  advanced option SETPASS to true, it will reset the users password 
  and then execute the command.




resource (display/show_post.rc)> info windows/manage/vss_create


       Name: Windows Manage Create Shadow Copy
     Module: post/windows/manage/vss_create
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  thelightcosine <thelightcosine@metasploit.com>


Description:
  This module will attempt to create a new volume shadow copy. This is 
  based on the VSSOwn Script originally posted by Tim Tomes and Mark 
  Baggett. Works on win2k3 and later.


References:
  http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html




resource (display/show_post.rc)> info windows/manage/vss_list


       Name: Windows Manage List Shadow Copies
     Module: post/windows/manage/vss_list
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  thelightcosine <thelightcosine@metasploit.com>


Description:
  This module will attempt to list any Volume Shadow Copies on the 
  system. This is based on the VSSOwn Script originally posted by Tim 
  Tomes and Mark Baggett. Works on win2k3 and later.


References:
  http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html




resource (display/show_post.rc)> info windows/manage/vss_mount


       Name: Windows Manage Mount Shadow Copy
     Module: post/windows/manage/vss_mount
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  thelightcosine <thelightcosine@metasploit.com>


Description:
  This module will attempt to mount a Volume Shadow Copy on the 
  system. This is based on the VSSOwn Script originally posted by Tim 
  Tomes and Mark Baggett. Works on win2k3 and later.


References:
  http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html




resource (display/show_post.rc)> info windows/manage/vss_set_storage


       Name: Windows Manage Set Shadow Copy Storage Space
     Module: post/windows/manage/vss_set_storage
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  thelightcosine <thelightcosine@metasploit.com>


Description:
  This module will attempt to change the ammount of space for volume 
  shadow copy storage. This is based on the VSSOwn Script originally 
  posted by Tim Tomes and Mark Baggett. Works on win2k3 and later.


References:
  http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html




resource (display/show_post.rc)> info windows/manage/vss_storage


       Name: Windows Manage Get Shadow Copy Storage Info
     Module: post/windows/manage/vss_storage
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  thelightcosine <thelightcosine@metasploit.com>


Description:
  This module will attempt to get volume shadow copy storage info. 
  This is based on the VSSOwn Script originally posted by Tim Tomes 
  and Mark Baggett. Works on win2k3 and later.


References:
  http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html




resource (display/show_post.rc)> info windows/recon/computer_browser_discovery


       Name: Windows Recon Computer Browser Discovery
     Module: post/windows/recon/computer_browser_discovery
    Version: 14774
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Rob Fuller <mubix@hak5.org>


Description:
  This module uses railgun to discover hostnames and IPs on the 
  network. LTYPE should be set to one of the following values: WK (all 
  workstations), SVR (all servers), SQL (all SQL servers), DC (all 
  Domain Controllers), DCBKUP (all Domain Backup Servers), NOVELL (all 
  Novell servers), PRINTSVR (all Print Que servers), MASTERBROWSER 
  (all Master Browswers), WINDOWS (all Windows hosts), or UNIX (all 
  Unix hosts).




resource (display/show_post.rc)> info windows/recon/resolve_hostname


       Name: Windows Recon Resolve Hostname
     Module: post/windows/recon/resolve_hostname
    Version: 0
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  Rob Fuller <mubix@hak5.org>


Description:
  This module resolves a hostname to IP address via the victim, 
  similiar to the Unix dig command




resource (display/show_post.rc)> info windows/wlan/wlan_bss_list


       Name: Windows Gather Wireless BSS Info
     Module: post/windows/wlan/wlan_bss_list
    Version: $Revision$
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module gathers information about the wireless Basic Service 
  Sets available to the victim machine.




resource (display/show_post.rc)> info windows/wlan/wlan_current_connection


       Name: Windows Gather Wireless Current Connection Info
     Module: post/windows/wlan/wlan_current_connection
    Version: $Revision$
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module gathers information about the current connection on each 
  wireless lan interface on the target machine.




resource (display/show_post.rc)> info windows/wlan/wlan_disconnect


       Name: Windows Disconnect Wireless Connection
     Module: post/windows/wlan/wlan_disconnect
    Version: $Revision$
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module disconnects the current wireless network connection on 
  the specified interface.




resource (display/show_post.rc)> info windows/wlan/wlan_profile


       Name: Windows Gather Wireless Profile
     Module: post/windows/wlan/wlan_profile
    Version: $Revision$
   Platform: Windows
       Arch: 
       Rank: Normal


Provided by:
  TheLightCosine <thelightcosine@gmail.com>


Description:
  This module extracts saved Wireless LAN profiles. It will also try 
  to decrypt the network key material. Behaviour is slightly different 
  bewteen OS versions when it comes to WPA. In Windows Vista/7 we will 
  get the passphrase. In Windows XP we will get the PBKDF2 derived 
  key.




resource (display/show_post.rc)> exit

posted @ 2015-12-21 17:32  创业男生  阅读(1235)  评论(0编辑  收藏  举报