metasploit-post模块信息
Name Disclosure Date Rank Description
---- --------------- ---- -----------
aix/hashdump normal AIX Gather Dump Password Hashes
cisco/gather/enum_cisco normal Gather Cisco Device General Information
linux/gather/checkvm normal Linux Gather Virtual Environment Detection
linux/gather/enum_configs normal Linux Gather Configurations
linux/gather/enum_network normal Linux Gather Network Information
linux/gather/enum_protections normal Linux Gather Protection Enumeration
linux/gather/enum_system normal Linux Gather System and User Information
linux/gather/enum_users_history normal Linux Gather User History
linux/gather/enum_xchat normal Linux Gather XChat Enumeration
linux/gather/hashdump normal Linux Gather Dump Password Hashes for Linux Systems
linux/gather/mount_cifs_creds normal Linux Gather Saved mount.cifs/mount.smbfs Credentials
multi/gather/apple_ios_backup normal Windows Gather Apple iOS MobileSync Backup File Collection
multi/gather/dns_bruteforce normal Multi Gather DNS Forward Lookup Bruteforce
multi/gather/dns_reverse_lookup normal Multi Gather DNS Reverse Lookup Scan
multi/gather/dns_srv_lookup normal Multi Gather DNS Service Record Lookup Scan
multi/gather/enum_vbox normal Multi Gather VirtualBox VM Enumeration
multi/gather/env normal Multi Gather Generic Operating System Environment Settings
multi/gather/fetchmailrc_creds normal UNIX Gather .fetchmailrc Credentials
multi/gather/filezilla_client_cred normal Multi Gather FileZilla FTP Client Credential Collection
multi/gather/find_vmx normal Multi Gather VMWare VM Identification
multi/gather/firefox_creds normal Multi Gather Firefox Signon Credential Collection
multi/gather/multi_command normal Multi Gather Run Shell Command Resource File
multi/gather/netrc_creds normal UNIX Gather .netrc Credentials
multi/gather/pidgin_cred normal Multi Gather Pidgin Instant Messenger Credential Collection
multi/gather/ping_sweep normal Multi Gather Ping Sweep
multi/gather/run_console_rc_file normal Multi Gather Run Console Resource File
multi/gather/skype_enum normal Multi Gather Skype User Data Enumeration
multi/gather/ssh_creds normal Multi Gather OpenSSH PKI Credentials Collection
multi/gather/thunderbird_creds normal Multi Gather Mozilla Thunderbird Signon Credential Collection
multi/general/close normal Multi Generic Operating System Session Close
multi/general/execute normal Multi Generic Operating System Session Command Execution
multi/manage/multi_post normal Multi Manage Post Module Macro Execution
multi/manage/sudo normal Multiple Linux / Unix Post Sudo Upgrade Shell
multi/manage/system_session normal Multi Manage System Remote TCP Shell Session
osx/admin/say normal OSX Text to Speech Utility
osx/gather/enum_adium normal OSX Gather Adium Enumeration
osx/gather/enum_airport normal OSX Gather Airport Wireless Preferences
osx/gather/enum_chicken_vnc_profile normal OSX Gather Chicken of the VNC Profile
osx/gather/enum_colloquy normal OSX Gather Colloquy Enumeration
osx/gather/enum_osx normal OS X Gather Mac OS X System Information Enumeration
osx/gather/hashdump normal OS X Gather Mac OS X Password Hash Collector
solaris/gather/checkvm normal Solaris Gather Virtual Environment Detection
solaris/gather/enum_packages normal Solaris Gather Installed Packages
solaris/gather/enum_services normal Solaris Gather Configured Services
solaris/gather/hashdump normal Solaris Gather Dump Password Hashes for Solaris Systems
windows/capture/keylog_recorder normal Windows Capture Keystroke Recorder
windows/capture/lockout_keylogger normal Winlogon Lockout Credential Keylogger
windows/escalate/bypassuac 2010-12-31 normal Windows Escalate UAC Protection Bypass
windows/escalate/droplnk normal Windows Escalate SMB Icon LNK dropper
windows/escalate/getsystem normal Windows Escalate Get System via Administrator
windows/escalate/ms10_073_kbdlayout 2010-10-12 normal Windows Escalate NtUserLoadKeyboardLayoutEx Privilege Escalation
windows/escalate/ms10_092_schelevator 2010-09-13 normal Windows Escalate Task Scheduler XML Privilege Escalation
windows/escalate/net_runtime_modify normal Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
windows/escalate/screen_unlock normal Windows Escalate Locked Desktop Unlocker
windows/escalate/service_permissions normal Windows Escalate Service Permissions Local Privilege Escalation
windows/gather/arp_scanner normal Windows Gather ARP Scanner
windows/gather/bitcoin_jacker normal Windows Gather Bitcoin wallet.dat
windows/gather/cachedump normal Windows Gather Credential Cache Dump
windows/gather/checkvm normal Windows Gather Virtual Environment Detection
windows/gather/credentials/coreftp normal Windows Gather CoreFTP Saved Password Extraction
windows/gather/credentials/credential_collector normal Windows Gather Credential Collector
windows/gather/credentials/dyndns normal Windows Gather Dyn-Dns Client Password Extractor
windows/gather/credentials/enum_cred_store normal Windows Gather Credential Store Enumeration and Decryption Module
windows/gather/credentials/enum_picasa_pwds normal Windows Gather Google Picasa Password Extractor
windows/gather/credentials/epo_sql normal Windows Gather McAfee ePO 4.6 Config SQL Credentials
windows/gather/credentials/filezilla_server normal Windows Gather FileZilla FTP Server Credential Collection
windows/gather/credentials/flashfxp normal Windows Gather FlashFXP Saved Password Extraction
windows/gather/credentials/ftpnavigator normal Windows Gather FTP Navigator Saved Password Extraction
windows/gather/credentials/idm normal Windows Gather Internet Download Manager (IDM) Password Extractor
windows/gather/credentials/imail normal Windows Gather IPSwitch iMail User Data Enumeration
windows/gather/credentials/imvu normal Windows Gather Credentials IMVU Game Client
windows/gather/credentials/meebo normal Windows Gather Meebo Password Extractor
windows/gather/credentials/mremote normal Windows Gather mRemote Saved Password Extraction
windows/gather/credentials/nimbuzz normal Windows Gather Nimbuzz Instant Messenger Password Extractor
windows/gather/credentials/outlook normal Windows Gather Microsoft Outlook Saved Password Extraction
windows/gather/credentials/razorsql normal Windows Gather RazorSQL Credentials
windows/gather/credentials/smartftp normal Windows Gather SmartFTP Saved Password Extraction
windows/gather/credentials/total_commander normal Windows Gather Total Commander Saved Password Extraction
windows/gather/credentials/trillian normal Windows Gather Trillian Password Extractor
windows/gather/credentials/vnc normal Windows Gather VNC Password Extraction
windows/gather/credentials/windows_autologin normal Windows Gather AutoLogin User Credential Extractor
windows/gather/credentials/winscp normal Windows Gather WinSCP Saved Password Extraction
windows/gather/credentials/wsftp_client normal Windows Gather WS_FTP Saved Password Extraction
windows/gather/dumplinks normal Windows Gather Dump Recent Files lnk Info
windows/gather/enum_applications normal Windows Gather Installed Application Enumeration
windows/gather/enum_artifacts normal Windows Gather File and Registry Artifacts Enumeration
windows/gather/enum_chrome normal Windows Gather Google Chrome User Data Enumeration
windows/gather/enum_computers normal Windows Gather Enumerate Computers
windows/gather/enum_devices normal Windows Gather Hardware Enumeration
windows/gather/enum_dirperms normal Windows Gather Directory Permissions Enumeration
windows/gather/enum_domain normal Windows Gather Enumerate Domain
windows/gather/enum_domain_group_users normal Windows Gather Enumerate Domain Group
windows/gather/enum_domain_tokens normal Windows Gather Enumerate Domain Tokens
windows/gather/enum_domains normal Windows Gather Domain Enumeration
windows/gather/enum_hostfile normal Windows Gather Windows Host File Enumeration
windows/gather/enum_ie normal Windows Gather Internet Explorer User Data Enumeration
windows/gather/enum_logged_on_users normal Windows Gather Logged On User Enumeration (Registry)
windows/gather/enum_ms_product_keys normal Windows Gather Product Key
windows/gather/enum_powershell_env normal Windows Gather Powershell Environment Setting Enumeration
windows/gather/enum_services normal Windows Gather Service Info Enumeration
windows/gather/enum_shares normal Windows Gather SMB Share Enumeration via Registry
windows/gather/enum_snmp normal Windows Gather SNMP Settings Enumeration (Registry)
windows/gather/enum_termserv normal Windows Gather Terminal Server Client Connection Information Dumper
windows/gather/enum_tokens normal Windows Gather Enumerate Domain Admin Tokens (Token Hunter)
windows/gather/forensics/duqu_check normal Windows Gather Forensics Duqu Registry Check
windows/gather/forensics/enum_drives normal Windows Gather Physical Drives and Logical Volumes
windows/gather/forensics/imager normal Windows Gather Forensic Imaging
windows/gather/forensics/nbd_server normal Windows Gather Local NBD Server
windows/gather/hashdump normal Windows Gather Local User Account Password Hashes (Registry)
windows/gather/memory_grep normal Windows Gather Process Memory Grep
windows/gather/resolve_sid normal Windows Gather Local User Account SID Lookup
windows/gather/reverse_lookup normal Windows Gather IP Range Reverse Lookup
windows/gather/screen_spy normal Windows Gather Screen Spy
windows/gather/smart_hashdump normal Windows Gather Local and Domain Controller Account Password Hashes
windows/gather/usb_history normal Windows Gather USB Drive History
windows/gather/win_privs normal Windows Gather Privileges Enumeration
windows/gather/wmic_command normal Windows Gather Run Specified WMIC command
windows/manage/add_user_domain normal Windows Manage Add User to the Domain and/or to a Domain Group
windows/manage/autoroute normal Windows Manage Network Route via Meterpreter Session
windows/manage/delete_user normal Windows Manage Local User Account Deletion
windows/manage/download_exec normal Windows Manage Download and/or Execute
windows/manage/enable_rdp normal Windows Manage Enable Remote Desktop
windows/manage/inject_ca normal Windows Manage Certificate Authority Injection
windows/manage/inject_host normal Windows Manage Hosts File Injection
windows/manage/migrate normal Windows Manage Process Migration
windows/manage/multi_meterpreter_inject normal Windows Manage Inject in Memory Multiple Payloads
windows/manage/nbd_server normal Windows Manage Local NBD Server for Remote Disks
windows/manage/payload_inject normal Windows Manage Memory Payload Injection Module
windows/manage/persistence normal Windows Manage Persistent Payload Installer
windows/manage/powershell/exec_powershell normal Windows Manage PowerShell Download and/or Execute
windows/manage/pxexploit normal Windows Manage PXE Exploit Server
windows/manage/remove_ca normal Windows Certificate Authority Removal
windows/manage/remove_host normal Windows Manage Host File Entry Removal
windows/manage/run_as normal Windows Manage Run Command As User
windows/manage/vss_create normal Windows Manage Create Shadow Copy
windows/manage/vss_list normal Windows Manage List Shadow Copies
windows/manage/vss_mount normal Windows Manage Mount Shadow Copy
windows/manage/vss_set_storage normal Windows Manage Set Shadow Copy Storage Space
windows/manage/vss_storage normal Windows Manage Get Shadow Copy Storage Info
windows/recon/computer_browser_discovery normal Windows Recon Computer Browser Discovery
windows/recon/resolve_hostname normal Windows Recon Resolve Hostname
windows/wlan/wlan_bss_list normal Windows Gather Wireless BSS Info
windows/wlan/wlan_current_connection normal Windows Gather Wireless Current Connection Info
windows/wlan/wlan_disconnect normal Windows Disconnect Wireless Connection
windows/wlan/wlan_profile normal Windows Gather Wireless Profile
resource (display/show_post.rc)> info aix/hashdump
Name: AIX Gather Dump Password Hashes
Module: post/aix/hashdump
Version: $Revision$
Platform: AIX
Arch:
Rank: Normal
Provided by:
thelightcosine <thelightcosine@metasploit.com>
Description:
Post Module to dump the password hashes for all users on an AIX
System
resource (display/show_post.rc)> info cisco/gather/enum_cisco
Name: Gather Cisco Device General Information
Module: post/cisco/gather/enum_cisco
Version: 14822
Platform: Cisco
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module collects a Cisco IOS or NXOS device information and
configuration.
resource (display/show_post.rc)> info linux/gather/checkvm
Name: Linux Gather Virtual Environment Detection
Module: post/linux/gather/checkvm
Version: 14812
Platform: Linux
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module attempts to determine whether the system is running
inside of a virtual environment and if so, which one. This module
supports detection of Hyper-V, VMWare, VirtualBox, Xen, and
QEMU/KVM.
resource (display/show_post.rc)> info linux/gather/enum_configs
Name: Linux Gather Configurations
Module: post/linux/gather/enum_configs
Version: 0
Platform: Linux
Arch:
Rank: Normal
Provided by:
ohdae <bindshell@live.com>
Description:
This module collects configuration files found on commonly installed
applications and services, such as Apache, MySQL, Samba, Sendmail,
etc. If a config file is found in its default path, the module will
assume that is the file we want.
resource (display/show_post.rc)> info linux/gather/enum_network
Name: Linux Gather Network Information
Module: post/linux/gather/enum_network
Version: $Revision$
Platform: Linux
Arch:
Rank: Normal
Provided by:
ohdae <bindshell@live.com>
Stephen Haywood <averagesecurityguy@gmail.com>
Description:
This module gathers network information from the target system
IPTables rules, interfaces, wireless information, open and listening
ports, active network connections, DNS information and SSH
information.
resource (display/show_post.rc)> info linux/gather/enum_protections
Name: Linux Gather Protection Enumeration
Module: post/linux/gather/enum_protections
Version: 0
Platform: Linux
Arch:
Rank: Normal
Provided by:
ohdae <bindshell@live.com>
Description:
This module tries to find certain installed applications that can be
used to prevent, or detect our attacks, which is done by locating
certain binary locations, and see if they are indeed executables.
For example, if we are able to run 'snort' as a command, we assume
it's one of the files we are looking for. This module is meant to
cover various antivirus, rootkits, IDS/IPS, firewalls, and other
software.
resource (display/show_post.rc)> info linux/gather/enum_system
Name: Linux Gather System and User Information
Module: post/linux/gather/enum_system
Version: $Revision$
Platform: Linux
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Stephen Haywood <averagesecurityguy@gmail.com>
sinn3r <sinn3r@metasploit.com>
ohdae <bindshell@live.com>
Description:
This module gathers system information. We collect installed
packages, installed services, mount information, user list, user
bash history and cron jobs
resource (display/show_post.rc)> info linux/gather/enum_users_history
Name: Linux Gather User History
Module: post/linux/gather/enum_users_history
Version: $Revision$
Platform: Linux
Arch:
Rank: Normal
Provided by:
ohdae <bindshell@live.com>
Description:
This module gathers user specific information. User list, bash
history, mysql history, vim history, lastlog and sudoers.
resource (display/show_post.rc)> info linux/gather/enum_xchat
Name: Linux Gather XChat Enumeration
Module: post/linux/gather/enum_xchat
Version: 0
Platform: Linux
Arch:
Rank: Normal
Provided by:
sinn3r <sinn3r@metasploit.com>
Description:
This module will collect XChat's config files and chat logs from the
victim's machine. There are three actions you may choose: CONFIGS,
CHATS, and ALL. The CONFIGS option can be used to collect
information such as channel settings, channel/server passwords, etc.
The CHATS option will simply download all the .log files.
resource (display/show_post.rc)> info linux/gather/hashdump
Name: Linux Gather Dump Password Hashes for Linux Systems
Module: post/linux/gather/hashdump
Version: 14774
Platform: Linux
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
Post Module to dump the password hashes for all users on a Linux
System
resource (display/show_post.rc)> info linux/gather/mount_cifs_creds
Name: Linux Gather Saved mount.cifs/mount.smbfs Credentials
Module: post/linux/gather/mount_cifs_creds
Version: 0
Platform: Linux
Arch:
Rank: Normal
Provided by:
Jon Hart <jhart@spoofed.org>
Description:
Post Module to obtain credentials saved for mount.cifs/mount.smbfs
in /etc/fstab on a Linux system.
resource (display/show_post.rc)> info multi/gather/apple_ios_backup
Name: Windows Gather Apple iOS MobileSync Backup File Collection
Module: post/multi/gather/apple_ios_backup
Version: 14834
Platform: Windows, OSX
Arch:
Rank: Normal
Provided by:
hdm <hdm@metasploit.com>
bannedit <bannedit@metasploit.com>
Description:
This module will collect sensitive files from any on-disk iOS device
backups
resource (display/show_post.rc)> info multi/gather/dns_bruteforce
Name: Multi Gather DNS Forward Lookup Bruteforce
Module: post/multi/gather/dns_bruteforce
Version: 14774
Platform: Windows, Linux, OSX, BSD, Solaris
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
Brute force subdomains and hostnames via wordlist.
resource (display/show_post.rc)> info multi/gather/dns_reverse_lookup
Name: Multi Gather DNS Reverse Lookup Scan
Module: post/multi/gather/dns_reverse_lookup
Version: 14774
Platform: Windows, Linux, OSX, BSD, Solaris
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
Performs DNS reverse lookup using the OS included DNS query command.
resource (display/show_post.rc)> info multi/gather/dns_srv_lookup
Name: Multi Gather DNS Service Record Lookup Scan
Module: post/multi/gather/dns_srv_lookup
Version: 14774
Platform: Windows, Linux, OSX, BSD, Solaris
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
Enumerates know SRV Records for a given domaon using target host DNS
query tool.
resource (display/show_post.rc)> info multi/gather/enum_vbox
Name: Multi Gather VirtualBox VM Enumeration
Module: post/multi/gather/enum_vbox
Version: $Revision$
Platform: Unix, BSD, Linux, OSX, Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@metasploit.com>
Description:
This module will attempt to enumerate any VirtualBox VMs on the
target machine. Due to the nature of VirtualBox, this module can
only enumerate VMs registered for the current user, thereforce, this
module needs to be invoked from a user context.
resource (display/show_post.rc)> info multi/gather/env
Name: Multi Gather Generic Operating System Environment Settings
Module: post/multi/gather/env
Version: 14976
Platform: Linux, Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
egypt <egypt@metasploit.com>
Description:
This module prints out the operating system environment variables
resource (display/show_post.rc)> info multi/gather/fetchmailrc_creds
Name: UNIX Gather .fetchmailrc Credentials
Module: post/multi/gather/fetchmailrc_creds
Version: 0
Platform: BSD, Linux, OSX, Unix
Arch:
Rank: Normal
Provided by:
Jon Hart <jhart@spoofed.org>
Description:
Post Module to obtain credentials saved for IMAP, POP and other mail
retrieval protocols in fetchmail's .fetchmailrc
resource (display/show_post.rc)> info multi/gather/filezilla_client_cred
Name: Multi Gather FileZilla FTP Client Credential Collection
Module: post/multi/gather/filezilla_client_cred
Version: 14935
Platform: Unix, BSD, Linux, OSX, Windows
Arch:
Rank: Normal
Provided by:
bannedit <bannedit@metasploit.com>
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will collect credentials from the FileZilla FTP client
if it is installed.
resource (display/show_post.rc)> info multi/gather/find_vmx
Name: Multi Gather VMWare VM Identification
Module: post/multi/gather/find_vmx
Version: $Revision$
Platform: Unix, BSD, Linux, OSX, Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@metasploit.com>
Description:
This module will attempt to find any VMWare virtual machines stored
on the target.
resource (display/show_post.rc)> info multi/gather/firefox_creds
Name: Multi Gather Firefox Signon Credential Collection
Module: post/multi/gather/firefox_creds
Version: 14852
Platform: Windows, Linux, BSD, Unix, OSX
Arch:
Rank: Normal
Provided by:
bannedit <bannedit@metasploit.com>
Description:
This module will collect credentials from the Firefox web browser if
it is installed on the targeted machine. Additionally, cookies are
downloaded. Which could potentially yield valid web sessions.
Firefox stores passwords within the signons.sqlite database file.
There is also a keys3.db file which contains the key for decrypting
these passwords. In cases where a Master Password has not been set,
the passwords can easily be decrypted using third party tools. If a
Master Password was used the only option would be to bruteforce.
resource (display/show_post.rc)> info multi/gather/multi_command
Name: Multi Gather Run Shell Command Resource File
Module: post/multi/gather/multi_command
Version: 14774
Platform: Windows, Linux, BSD, Unix, OSX
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will read shell commands from a resource file and
execute the commands in the specified Meterpreter or shell session.
resource (display/show_post.rc)> info multi/gather/netrc_creds
Name: UNIX Gather .netrc Credentials
Module: post/multi/gather/netrc_creds
Version: 0
Platform: BSD, Linux, OSX, Unix
Arch:
Rank: Normal
Provided by:
Jon Hart <jhart@spoofed.org>
Description:
Post Module to obtain credentials saved for FTP and other services
in .netrc
resource (display/show_post.rc)> info multi/gather/pidgin_cred
Name: Multi Gather Pidgin Instant Messenger Credential Collection
Module: post/multi/gather/pidgin_cred
Version: 14774
Platform: Unix, BSD, Linux, OSX, Windows
Arch:
Rank: Normal
Provided by:
bannedit <bannedit@metasploit.com>
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will collect credentials from the Pidgin IM client if it
is installed.
resource (display/show_post.rc)> info multi/gather/ping_sweep
Name: Multi Gather Ping Sweep
Module: post/multi/gather/ping_sweep
Version: 14774
Platform: Windows, Linux, OSX, BSD, Solaris
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
Performs IPv4 ping sweep using the OS included ping command.
resource (display/show_post.rc)> info multi/gather/run_console_rc_file
Name: Multi Gather Run Console Resource File
Module: post/multi/gather/run_console_rc_file
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will read console commands from a resource file and
execute the commands in the specified Meterpreter session.
resource (display/show_post.rc)> info multi/gather/skype_enum
Name: Multi Gather Skype User Data Enumeration
Module: post/multi/gather/skype_enum
Version: $Revision$
Platform: Windows, OSX
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will enumerate Skype account settings, contact list,
call history, chat logs, file transfer history, and voicemail logs,
saving all the data to CSV files for analysis.
resource (display/show_post.rc)> info multi/gather/ssh_creds
Name: Multi Gather OpenSSH PKI Credentials Collection
Module: post/multi/gather/ssh_creds
Version: 14795
Platform: Linux, BSD, Unix, OSX
Arch:
Rank: Normal
Provided by:
Jim Halfpenny
Description:
This module will collect the contents of user's .ssh directory on
the targeted machine. Additionally, known_hosts and authorized_keys
and any other files are also downloaded. This module is largely
based on firefox_creds.rb.
resource (display/show_post.rc)> info multi/gather/thunderbird_creds
Name: Multi Gather Mozilla Thunderbird Signon Credential Collection
Module: post/multi/gather/thunderbird_creds
Version: 0
Platform: Windows, Linux, OSX
Arch:
Rank: Normal
Provided by:
sinn3r <sinn3r@metasploit.com>
Description:
This module will collect credentials from Mozilla Thunderbird by
downloading the necessary files such as 'signons.sqlite', 'key3.db',
and 'cert8.db' for offline decryption with third party tools. If
necessary, you may also set the PARSE optioin to true to parse the
sqlite file, which contains sensitive information such as the
encrypted username/password. However, this feature is not enabled by
default, because it requires SQLITE3 gem to be installed on your
machine.
resource (display/show_post.rc)> info multi/general/close
Name: Multi Generic Operating System Session Close
Module: post/multi/general/close
Version: 14976
Platform: Linux, Windows, Unix, OSX
Arch:
Rank: Normal
Provided by:
hdm <hdm@metasploit.com>
Description:
This module closes the specified session. This can be useful as a
finisher for automation tasks
resource (display/show_post.rc)> info multi/general/execute
Name: Multi Generic Operating System Session Command Execution
Module: post/multi/general/execute
Version: $Revision$
Platform: Linux, Windows, Unix, OSX
Arch:
Rank: Normal
Provided by:
hdm <hdm@metasploit.com>
Description:
This module executes an arbitrary command line
resource (display/show_post.rc)> info multi/manage/multi_post
Name: Multi Manage Post Module Macro Execution
Module: post/multi/manage/multi_post
Version: 14774
Platform: Windows, Unix, OSX, Linux, Solaris
Arch:
Rank: Normal
Provided by:
carlos_perez <carlos_perez@darkoperator.com>
Description:
This module will execute a list of modules given in a macro file in
the format of <module> <opt=val,opt=val> against the select session
checking for compatibility of the module against the sessions and
validation of the options provided.
resource (display/show_post.rc)> info multi/manage/sudo
Name: Multiple Linux / Unix Post Sudo Upgrade Shell
Module: post/multi/manage/sudo
Version: $
Platform: Linux, Unix, OSX, Solaris, AIX
Arch:
Rank: Normal
Provided by:
todb <todb@metasploit.com>
Description:
This module attempts to upgrade a shell account to UID 0 by reusing
the given password and passing it to sudo. This technique relies on
sudo versions from 2008 and later which support -A.
References:
http://www.sudo.ws/repos/sudo/file/05780f5f71fd/sudo.h
resource (display/show_post.rc)> info multi/manage/system_session
Name: Multi Manage System Remote TCP Shell Session
Module: post/multi/manage/system_session
Version: 14976
Platform: Unix, OSX, Linux
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will create a Reverse TCP Shell on the target system
using the system own scripting enviroments installed on the target.
resource (display/show_post.rc)> info osx/admin/say
Name: OSX Text to Speech Utility
Module: post/osx/admin/say
Version: 0
Platform: OSX
Arch:
Rank: Normal
Provided by:
sinn3r <sinn3r@metasploit.com>
Description:
This module will speak whatever is in the 'TEXT' option on the
victim machine.
References:
http://www.gabrielserafini.com/blog/2008/08/19/mac-os-x-voices-for-using-with-the-say-command/
resource (display/show_post.rc)> info osx/gather/enum_adium
Name: OSX Gather Adium Enumeration
Module: post/osx/gather/enum_adium
Version: 0
Platform: OSX
Arch:
Rank: Normal
Provided by:
sinn3r <sinn3r@metasploit.com>
Description:
This module will collect Adium's account plist files and chat logs
from the victim's machine. There are three different actions you may
choose: ACCOUNTS, CHATS, and ALL. Note that to use the 'CHATS'
action, make sure you set the regex 'PATTERN' option in order to
look for certain log names (which consists of a contact's name, and
a timestamp). The current 'PATTERN' option is configured to look for
any log created on February 2012 as an example. To loot both account
plists and chat logs, simply set the action to 'ALL'.
resource (display/show_post.rc)> info osx/gather/enum_airport
Name: OSX Gather Airport Wireless Preferences
Module: post/osx/gather/enum_airport
Version: 0
Platform: OSX
Arch:
Rank: Normal
Provided by:
sinn3r <sinn3r@metasploit.com>
Description:
This module will download OSX Airport Wireless preferences from the
victim machine. The preferences file (which is a plist) contains
information such as: SSID, Channels, Security Type, Password ID,
etc.
resource (display/show_post.rc)> info osx/gather/enum_chicken_vnc_profile
Name: OSX Gather Chicken of the VNC Profile
Module: post/osx/gather/enum_chicken_vnc_profile
Version: 0
Platform: OSX
Arch:
Rank: Normal
Provided by:
sinn3r <sinn3r@metasploit.com>
Description:
This module will download the "Chicken of the VNC" client
application's profile file, which is used to store other VNC
servers' information such as as the IP and password.
resource (display/show_post.rc)> info osx/gather/enum_colloquy
Name: OSX Gather Colloquy Enumeration
Module: post/osx/gather/enum_colloquy
Version: 0
Platform: OSX
Arch:
Rank: Normal
Provided by:
sinn3r <sinn3r@metasploit.com>
Description:
This module will collect Colloquy's info plist file and chat logs
from the victim's machine. There are three actions you may choose:
INFO, CHATS, and ALL. Please note that the CHAT action may take a
long time depending on the victim machine, therefore we suggest to
set the regex 'PATTERN' option in order to search for certain log
names (which consists of the contact's name, and a timestamp). The
default 'PATTERN' is configured as "^alien" as an example to search
for any chat logs associated with the name "alien".
resource (display/show_post.rc)> info osx/gather/enum_osx
Name: OS X Gather Mac OS X System Information Enumeration
Module: post/osx/gather/enum_osx
Version: 15406
Platform: OSX
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module gathers basic system information from Mac OS X Tiger,
Leopard, Snow Leopard and Lion systems.
resource (display/show_post.rc)> info osx/gather/hashdump
Name: OS X Gather Mac OS X Password Hash Collector
Module: post/osx/gather/hashdump
Version: 15406
Platform: OSX
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
hammackj <jacob.hammack@hammackj.com>
Description:
This module dumps SHA-1, LM and NT Hashes of Mac OS X Tiger,
Leopard, Snow Leopard and Lion Systems.
resource (display/show_post.rc)> info solaris/gather/checkvm
Name: Solaris Gather Virtual Environment Detection
Module: post/solaris/gather/checkvm
Version: 14976
Platform: Solaris
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module attempts to determine whether the system is running
inside of a virtual environment and if so, which one. This module
supports detectoin of Solaris Zone, VMWare, VirtualBox, Xen, and
QEMU/KVM.
resource (display/show_post.rc)> info solaris/gather/enum_packages
Name: Solaris Gather Installed Packages
Module: post/solaris/gather/enum_packages
Version: 14774
Platform: Solaris
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
Post Module to enumerate installed packages on a Solaris System
resource (display/show_post.rc)> info solaris/gather/enum_services
Name: Solaris Gather Configured Services
Module: post/solaris/gather/enum_services
Version: 14774
Platform: Solaris
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
Post Module to enumerate services on a Solaris System
resource (display/show_post.rc)> info solaris/gather/hashdump
Name: Solaris Gather Dump Password Hashes for Solaris Systems
Module: post/solaris/gather/hashdump
Version: 14774
Platform: Solaris
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
Post Module to dump the password hashes for all users on a Solaris
System
resource (display/show_post.rc)> info windows/capture/keylog_recorder
Name: Windows Capture Keystroke Recorder
Module: post/windows/capture/keylog_recorder
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module can be used to capture keystrokes. To capture keystrokes
when the session is running as SYSTEM, the MIGRATE option must be
enabled and the CAPTURE_TYPE option should be set to one of
Explorer, Winlogon, or a specific PID. To capture the keystrokes of
the interactive user, the Explorer option should be used with
MIGRATE enabled. Keep in mind that this will demote this session to
the user's privileges, so it makes sense to create a separate
session for this task. The Winlogon option will capture the username
and password entered into the logon and unlock dialog. The
LOCKSCREEN option can be combined with the Winlogon CAPTURE_TYPE to
for the user to enter their clear-text password.
resource (display/show_post.rc)> info windows/capture/lockout_keylogger
Name: Winlogon Lockout Credential Keylogger
Module: post/windows/capture/lockout_keylogger
Version: 14822
Platform: Windows
Arch:
Rank: Normal
Provided by:
Rob Fuller <mubix@hak5.org>
cg
Description:
This module migrates and logs Microsoft Windows user's passwords via
Winlogon.exe. Using idle time and natural system changes to give a
false sense of security to the user.
References:
http://blog.metasploit.com/2010/12/capturing-windows-logons-with.html
resource (display/show_post.rc)> info windows/escalate/bypassuac
Name: Windows Escalate UAC Protection Bypass
Module: post/windows/escalate/bypassuac
Version: 14976
Platform: Windows
Arch:
Rank: Normal
Provided by:
David Kennedy "ReL1K" <kennedyd013@gmail.com>
mitnick
Description:
This module will bypass Windows UAC by utilizing the trusted
publisher certificate through process injection. It will spawn a
second shell that has the UAC flag turned off.
References:
http://www.secmaniac.com/december-2010/bypass-windows-uac/
resource (display/show_post.rc)> info windows/escalate/droplnk
Name: Windows Escalate SMB Icon LNK dropper
Module: post/windows/escalate/droplnk
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
Rob Fuller <mubix@hak5.org>
Description:
This module drops a shortcut (LNK file) that has a ICON reference
existing on the specified remote host, causing SMB and WebDAV
connections to be initiated from any user that views the shortcut.
resource (display/show_post.rc)> info windows/escalate/getsystem
Name: Windows Escalate Get System via Administrator
Module: post/windows/escalate/getsystem
Version: $Revision$
Platform: Windows
Arch:
Rank: Normal
Provided by:
hdm <hdm@metasploit.com>
Description:
This module uses the builtin 'getsystem' command to escalate the
current session to the SYSTEM account from an administrator user
account.
resource (display/show_post.rc)> info windows/escalate/ms10_073_kbdlayout
Name: Windows Escalate NtUserLoadKeyboardLayoutEx Privilege Escalation
Module: post/windows/escalate/ms10_073_kbdlayout
Version: 15014
Platform: Windows
Arch:
Rank: Normal
Provided by:
Ruben Santamarta
jduck <jduck@metasploit.com>
Description:
This module exploits the keyboard layout vulnerability exploited by
Stuxnet. When processing specially crafted keyboard layout files
(DLLs), the Windows kernel fails to validate that an array index is
within the bounds of the array. By loading a specially crafted
keyboard layout, an attacker can execute code in Ring 0.
References:
http://www.osvdb.org/68552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2743
http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx
http://www.vupen.com/blog/20101018.Stuxnet_Win32k_Windows_Kernel_0Day_Exploit_CVE-2010-2743.php
http://www.reversemode.com/index.php?option=com_content&task=view&id=71&Itemid=1
http://www.exploit-db.com/exploits/15985
resource (display/show_post.rc)> info windows/escalate/ms10_092_schelevator
Name: Windows Escalate Task Scheduler XML Privilege Escalation
Module: post/windows/escalate/ms10_092_schelevator
Version: 15014
Platform: Windows
Arch:
Rank: Normal
Provided by:
jduck <jduck@metasploit.com>
Description:
This module exploits the Task Scheduler 2.0 XML 0day exploited by
Stuxnet. When processing task files, the Windows Task Scheduler only
uses a CRC32 checksum to validate that the file has not been
tampered with. Also, In a default configuration, normal users can
read and write the task files that they have created. By modifying
the task file and creating a CRC32 collision, an attacker can
execute arbitrary commands with SYSTEM privileges. NOTE: Thanks to
webDEViL for the information about disable/enable.
References:
http://www.osvdb.org/68518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3338
http://www.securityfocus.com/bid/44357
http://www.microsoft.com/technet/security/bulletin/MS10-092.mspx
http://www.exploit-db.com/exploits/15589
resource (display/show_post.rc)> info windows/escalate/net_runtime_modify
Name: Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
Module: post/windows/escalate/net_runtime_modify
Version: 15014
Platform: Windows
Arch:
Rank: Normal
Provided by:
bannedit <bannedit@metasploit.com>
Description:
This module attempts to exploit the security permissions set on the
.NET Runtime Optimization service. Vulnerable versions of the .NET
Framework include 4.0 and 2.0. The permissions on this service allow
domain users and local power users to modify the mscorsvw.exe
binary.
References:
http://www.osvdb.org/71013
http://www.exploit-db.com/exploits/16940
resource (display/show_post.rc)> info windows/escalate/screen_unlock
Name: Windows Escalate Locked Desktop Unlocker
Module: post/windows/escalate/screen_unlock
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
L4teral <l4teral[4t]gmail com>
Metlstorm
Description:
This module unlocks a locked Windows desktop by patching the
respective code inside the LSASS.exe process. This patching process
can result in the target system hanging or even rebooting, so be
careful when using this module on production systems.
References:
http://www.storm.net.nz/projects/16
resource (display/show_post.rc)> info windows/escalate/service_permissions
Name: Windows Escalate Service Permissions Local Privilege Escalation
Module: post/windows/escalate/service_permissions
Version: 15394
Platform: Windows
Arch:
Rank: Normal
Provided by:
scriptjunkie
Description:
This module attempts to exploit existing administrative privileges
to obtain a SYSTEM session. If directly creating a service fails,
this module will inspect existing services to look for insecure file
or configuration permissions that may be hijacked. It will then
attempt to restart the replaced service to run the payload. This
will result in a new session when this succeeds. If the module is
able to modify the service but does not have permission to start and
stop the affected service, the attacker must wait for the system to
restart before a session will be created.
resource (display/show_post.rc)> info windows/gather/arp_scanner
Name: Windows Gather ARP Scanner
Module: post/windows/gather/arp_scanner
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This Module will perform an ARP scan for a given IP range through a
Meterpreter Session.
resource (display/show_post.rc)> info windows/gather/bitcoin_jacker
Name: Windows Gather Bitcoin wallet.dat
Module: post/windows/gather/bitcoin_jacker
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
illwill <illwill@illmob.org>
Description:
This module downloads any Bitcoin wallet.dat files from the target
system
resource (display/show_post.rc)> info windows/gather/cachedump
Name: Windows Gather Credential Cache Dump
Module: post/windows/gather/cachedump
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Maurizio Agazzini <inode@mediaservice.net>
Rob Fuller <mubix@hak5.org>
Description:
This module uses the registry to extract the stored domain hashes
that have been cached as a result of a GPO setting. The default
setting on Windows is to store the last ten successful logins.
References:
http://lab.mediaservice.net/code/cachedump.rb
resource (display/show_post.rc)> info windows/gather/checkvm
Name: Windows Gather Virtual Environment Detection
Module: post/windows/gather/checkvm
Version: 15394
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module attempts to determine whether the system is running
inside of a virtual environment and if so, which one. This module
supports detectoin of Hyper-V, VMWare, Virtual PC, VirtualBox, Xen,
and QEMU.
resource (display/show_post.rc)> info windows/gather/credentials/coreftp
Name: Windows Gather CoreFTP Saved Password Extraction
Module: post/windows/gather/credentials/coreftp
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module extracts saved passwords from the CoreFTP FTP client.
These passwords are stored in the registry. They are encrypted with
AES-128-ECB. This module extracts and decrypts these passwords.
resource (display/show_post.rc)> info windows/gather/credentials/credential_collector
Name: Windows Gather Credential Collector
Module: post/windows/gather/credentials/credential_collector
Version: 14800
Platform: Windows
Arch:
Rank: Normal
Provided by:
tebo <tebo@attackresearch.com>
Description:
This module harvests credentials found on the host and stores them
in the database.
resource (display/show_post.rc)> info windows/gather/credentials/dyndns
Name: Windows Gather Dyn-Dns Client Password Extractor
Module: post/windows/gather/credentials/dyndns
Version: 14822
Platform: Windows
Arch:
Rank: Normal
Provided by:
Shubham Dawra <shubham2dawra@gmail.com>
sinn3r <sinn3r@metasploit.com>
Description:
This module extracts the username, password, and hosts for Dyn-Dns
version 4.1.8. This is done by downloading the config.dyndns file
from the victim machine, and then automatically decode the password
field. The original copy of the config file is also saved to disk.
resource (display/show_post.rc)> info windows/gather/credentials/enum_cred_store
Name: Windows Gather Credential Store Enumeration and Decryption Module
Module: post/windows/gather/credentials/enum_cred_store
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Kx499
Description:
This module will enumerate the Microsoft Credential Store and
decrypt the credentials. This module can only access credentials
created by the user the process is running as. It cannot decrypt
Domain Network Passwords, but will display the username and
location.
resource (display/show_post.rc)> info windows/gather/credentials/enum_picasa_pwds
Name: Windows Gather Google Picasa Password Extractor
Module: post/windows/gather/credentials/enum_picasa_pwds
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
SecurityXploded Team
Sil3ntDre4m <sil3ntdre4m@gmail.com>
Description:
This module extracts and decrypts the login passwords stored by
Google Picasa.
resource (display/show_post.rc)> info windows/gather/credentials/epo_sql
Name: Windows Gather McAfee ePO 4.6 Config SQL Credentials
Module: post/windows/gather/credentials/epo_sql
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Nathan Einwechter <neinwechter@gmail.com>
Description:
This module extracts connection details and decrypts the saved
password for the SQL database in use by a McAfee ePO 4.6 server. The
passwords are stored in a config file. They are encrypted with
AES-128-ECB and a static key.
resource (display/show_post.rc)> info windows/gather/credentials/filezilla_server
Name: Windows Gather FileZilla FTP Server Credential Collection
Module: post/windows/gather/credentials/filezilla_server
Version: 14871
Platform: Windows
Arch:
Rank: Normal
Provided by:
bannedit <bannedit@metasploit.com>
Description:
This module will collect credentials from the FileZilla FTP server
if installed.
resource (display/show_post.rc)> info windows/gather/credentials/flashfxp
Name: Windows Gather FlashFXP Saved Password Extraction
Module: post/windows/gather/credentials/flashfxp
Version: 14789
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module extracts weakly encrypted saved FTP Passwords from
FlashFXP. It finds saved FTP connections in the Sites.dat file.
resource (display/show_post.rc)> info windows/gather/credentials/ftpnavigator
Name: Windows Gather FTP Navigator Saved Password Extraction
Module: post/windows/gather/credentials/ftpnavigator
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module extracts saved passwords from the FTP Navigator FTP
client. It will decode the saved passwords and store them in the
database.
resource (display/show_post.rc)> info windows/gather/credentials/idm
Name: Windows Gather Internet Download Manager (IDM) Password Extractor
Module: post/windows/gather/credentials/idm
Version: 14976
Platform: Windows
Arch:
Rank: Normal
Provided by:
sil3ntdre4m <sil3ntdre4m@gmail.com>
SecurityXploded Team <contact@securityxploded.com>
Description:
This module recovers the saved premium download account passwords
from Internet Download Manager (IDM). These passwords are stored in
an encoded format in the registry. This module traverses through
these registry entries and decodes them. Thanks to the template code
of thelightcosine's CoreFTP password module.
resource (display/show_post.rc)> info windows/gather/credentials/imail
Name: Windows Gather IPSwitch iMail User Data Enumeration
Module: post/windows/gather/credentials/imail
Version: 15014
Platform: Windows
Arch:
Rank: Normal
Provided by:
sinn3r <sinn3r@metasploit.com>
Description:
This module will collect iMail user data such as the username,
domain, full name, e-mail, and the decoded password. Please note if
IMAILUSER is specified, the module extracts user data from all the
domains found. If IMAILDOMAIN is specified, then it will extract all
user data under that particular category.
References:
http://www.exploit-db.com/exploits/11331
resource (display/show_post.rc)> info windows/gather/credentials/imvu
Name: Windows Gather Credentials IMVU Game Client
Module: post/windows/gather/credentials/imvu
Version: 14100
Platform: Windows
Arch:
Rank: Normal
Provided by:
Shubham Dawra <shubham2dawra@gmail.com>
Description:
This module extracts account username & password from the IMVU game
client and stores it as loot.
resource (display/show_post.rc)> info windows/gather/credentials/meebo
Name: Windows Gather Meebo Password Extractor
Module: post/windows/gather/credentials/meebo
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Sil3ntDre4m <sil3ntdre4m@gmail.com>
SecurityXploded Team <www.SecurityXploded.com>
Description:
This module extracts login account password stored by Meebo
Notifier, a desktop version of Meebo's Online Messenger.
resource (display/show_post.rc)> info windows/gather/credentials/mremote
Name: Windows Gather mRemote Saved Password Extraction
Module: post/windows/gather/credentials/mremote
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
hdm <hdm@metasploit.com>
Rob Fuller <mubix@hak5.org>
Description:
This module extracts saved passwords from mRemote. mRemote stores
connections for RDP, VNC, SSH, Telnet, rlogin and other protocols.
It saves the passwords in an encrypted format. The module will
extract the connection info and decrypt the saved passwords.
resource (display/show_post.rc)> info windows/gather/credentials/nimbuzz
Name: Windows Gather Nimbuzz Instant Messenger Password Extractor
Module: post/windows/gather/credentials/nimbuzz
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
sil3ntdre4m <sil3ntdre4m@gmail.com>
SecurityXploded Team
Description:
This module extracts the account passwords saved by Nimbuzz Instant
Messenger in hex format.
resource (display/show_post.rc)> info windows/gather/credentials/outlook
Name: Windows Gather Microsoft Outlook Saved Password Extraction
Module: post/windows/gather/credentials/outlook
Version: 14835
Platform: Windows
Arch:
Rank: Normal
Provided by:
Justin Cacak
Description:
This module extracts and attempts to decrypt saved Microsoft Outlook
(versions 2002-2010) passwords from the Windows Registry for
POP3/IMAP/SMTP/HTTP accounts. In order for decryption to be
successful, this module must be executed with the same privileges as
the user which originally encrypted the password.
resource (display/show_post.rc)> info windows/gather/credentials/razorsql
Name: Windows Gather RazorSQL Credentials
Module: post/windows/gather/credentials/razorsql
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
Paul Rascagneres <rascagneres@itrust.lu>
sinn3r <sinn3r@metasploit.com>
Description:
This module stores username, password, type, host, port, database
(and name) collected from profiles.txt of RazorSQL.
resource (display/show_post.rc)> info windows/gather/credentials/smartftp
Name: Windows Gather SmartFTP Saved Password Extraction
Module: post/windows/gather/credentials/smartftp
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module finds saved login credentials for the SmartFTP FTP
client for windows. It finds the saved passwords and decrypts them.
resource (display/show_post.rc)> info windows/gather/credentials/total_commander
Name: Windows Gather Total Commander Saved Password Extraction
Module: post/windows/gather/credentials/total_commander
Version: 14789
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module extracts weakly encrypted saved FTP Passwords from Total
Commander. It finds saved FTP connections in the wcx_ftp.ini file.
resource (display/show_post.rc)> info windows/gather/credentials/trillian
Name: Windows Gather Trillian Password Extractor
Module: post/windows/gather/credentials/trillian
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Sil3ntDre4m <sil3ntdre4m@gmail.com>
SecurityXploded Team
Description:
This module extracts account password from Trillian & Trillian Astra
v4.x-5.x instant messenger.
resource (display/show_post.rc)> info windows/gather/credentials/vnc
Name: Windows Gather VNC Password Extraction
Module: post/windows/gather/credentials/vnc
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Kurt Grutzmacher <grutz@jingojango.net>
Rob Fuller <mubix@hak5.org>
Description:
This module extract DES encrypted passwords in known VNC locations
resource (display/show_post.rc)> info windows/gather/credentials/windows_autologin
Name: Windows Gather AutoLogin User Credential Extractor
Module: post/windows/gather/credentials/windows_autologin
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Myo Soe <YGN Ethical Hacker Group, http://yehg.net>
Description:
This module extracts the plain-text Windows user login password in
Registry. It exploits a Windows feature that Windows (2000 to 2008
R2) allows a user or third-party Windows Utility tools to configure
User AutoLogin via plain-text password insertion in
(Alt)DefaultPassword field in the registry location -
HKLM\Software\Microsoft\Windows NT\WinLogon. This is readable by all
users.
References:
http://support.microsoft.com/kb/315231
http://core.yehg.net/lab/#tools.exploits
resource (display/show_post.rc)> info windows/gather/credentials/winscp
Name: Windows Gather WinSCP Saved Password Extraction
Module: post/windows/gather/credentials/winscp
Version: 15349
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module extracts weakly encrypted saved passwords from WinSCP.
It searches for saved sessions in the Windows Registry and the
WinSCP.ini file. It cannot decrypt passwords if a master password is
used.
resource (display/show_post.rc)> info windows/gather/credentials/wsftp_client
Name: Windows Gather WS_FTP Saved Password Extraction
Module: post/windows/gather/credentials/wsftp_client
Version: 14789
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module extracts weakly encrypted saved FTP Passwords from
WS_FTP. It finds saved FTP connections in the ws_ftp.ini file.
resource (display/show_post.rc)> info windows/gather/dumplinks
Name: Windows Gather Dump Recent Files lnk Info
Module: post/windows/gather/dumplinks
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
davehull <dph_msf@trustedsignal.com>
Description:
The dumplinks module is a modified port of Harlan Carvey's lslnk.pl
Perl script. This module will parse .lnk files from a user's Recent
Documents folder and Microsoft Office's Recent Documents folder, if
present. Windows creates these link files automatically for many
common file types. The .lnk files contain time stamps, file
locations, including share names, volume serial numbers, and more.
resource (display/show_post.rc)> info windows/gather/enum_applications
Name: Windows Gather Installed Application Enumeration
Module: post/windows/gather/enum_applications
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will enumerate all installed applications
resource (display/show_post.rc)> info windows/gather/enum_artifacts
Name: Windows Gather File and Registry Artifacts Enumeration
Module: post/windows/gather/enum_artifacts
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
averagesecurityguy <stephen@averagesecurityguy.info>
Description:
This module will check the file system and registry for particular
artifacts. The list of artifacts is read from
data/post/enum_artifacts_list.txt or a user specified file. Any
matches are written to the loot.
resource (display/show_post.rc)> info windows/gather/enum_chrome
Name: Windows Gather Google Chrome User Data Enumeration
Module: post/windows/gather/enum_chrome
Version: 14837
Platform: Windows
Arch:
Rank: Normal
Provided by:
Sven Taute
sinn3r <sinn3r@metasploit.com>
Kx499
Description:
This module will collect user data from Google Chrome and attempt to
decrypt sensitive information.
resource (display/show_post.rc)> info windows/gather/enum_computers
Name: Windows Gather Enumerate Computers
Module: post/windows/gather/enum_computers
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
Joshua Abraham <jabra@rapid7.com>
Description:
This module will enumerate computers included in the primary Domain.
resource (display/show_post.rc)> info windows/gather/enum_devices
Name: Windows Gather Hardware Enumeration
Module: post/windows/gather/enum_devices
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Brandon Perry <bperry.volatile@gmail.com>
Description:
Enumerate PCI hardware information from the registry. Please note
this script will run through registry subkeys such as: 'PCI',
'ACPI', 'ACPI_HAL', 'FDC', 'HID', 'HTREE', 'IDE', 'ISAPNP',
'LEGACY'', LPTENUM', 'PCIIDE', 'SCSI', 'STORAGE', 'SW', and 'USB';
it will take time to finish. It is recommended to run this module as
a background job.
resource (display/show_post.rc)> info windows/gather/enum_dirperms
Name: Windows Gather Directory Permissions Enumeration
Module: post/windows/gather/enum_dirperms
Version: 15228
Platform: Windows
Arch:
Rank: Normal
Provided by:
Kx499
Description:
This module enumerates directories and lists the permissions set on
found directories.
resource (display/show_post.rc)> info windows/gather/enum_domain
Name: Windows Gather Enumerate Domain
Module: post/windows/gather/enum_domain
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Joshua Abraham <jabra@rapid7.com>
Description:
This module identifies the primary domain via the registry. The
registry value used is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group
Policy\History\DCName.
resource (display/show_post.rc)> info windows/gather/enum_domain_group_users
Name: Windows Gather Enumerate Domain Group
Module: post/windows/gather/enum_domain_group_users
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Stephen Haywood <haywoodsb@gmail.com>
Description:
This module extracts user accounts from specified group and stores
the results in the loot. It will also verify if session account is
in the group. Data is stored in loot in a format that is compatible
with the token_hunter plugin. This module should be run over as
session with domain credentials.
resource (display/show_post.rc)> info windows/gather/enum_domain_tokens
Name: Windows Gather Enumerate Domain Tokens
Module: post/windows/gather/enum_domain_tokens
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will enumerate tokens present on a system that are part
of the domain the target host is part of, will also enumerate users
in the local Administrators, Users and Backup Operator groups to
identify Domain members. Processes will be also enumerated and
checked if they are running under a Domain account, on all checks
the accounts, processes and tokens will be checked if they are part
of the Domain Admin group of the domain the machine is a member of.
resource (display/show_post.rc)> info windows/gather/enum_domains
Name: Windows Gather Domain Enumeration
Module: post/windows/gather/enum_domains
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
Rob Fuller <mubix@hak5.org>
Description:
This module enumerates currently the domains a host can see and the
domain controllers for that domain.
resource (display/show_post.rc)> info windows/gather/enum_hostfile
Name: Windows Gather Windows Host File Enumeration
Module: post/windows/gather/enum_hostfile
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
vt <nick.freeman@security-assessment.com>
Description:
This module returns a list of entries in the target system's hosts
file.
resource (display/show_post.rc)> info windows/gather/enum_ie
Name: Windows Gather Internet Explorer User Data Enumeration
Module: post/windows/gather/enum_ie
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
Kx499
Description:
This module will collect history, cookies, and credentials (from
either HTTP auth passwords, or saved form passwords found in
auto-complete) in Internet Explorer. The ability to gather
credentials is only supported for versions of IE >=7, while history
and cookies can be extracted for all versions.
resource (display/show_post.rc)> info windows/gather/enum_logged_on_users
Name: Windows Gather Logged On User Enumeration (Registry)
Module: post/windows/gather/enum_logged_on_users
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will enumerate current and recently logged on Windows
users
resource (display/show_post.rc)> info windows/gather/enum_ms_product_keys
Name: Windows Gather Product Key
Module: post/windows/gather/enum_ms_product_keys
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Brandon Perry <bperry.volatile@gmail.com>
Description:
This module will enumerate the OS license key
resource (display/show_post.rc)> info windows/gather/enum_powershell_env
Name: Windows Gather Powershell Environment Setting Enumeration
Module: post/windows/gather/enum_powershell_env
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will enumerate Microsoft Powershell settings
resource (display/show_post.rc)> info windows/gather/enum_services
Name: Windows Gather Service Info Enumeration
Module: post/windows/gather/enum_services
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Keith Faber
Kx499
Description:
This module will query the system for services and display name and
configuration info for each returned service. It allows you to
optionally search the credentials, path, or start type for a string
and only return the results that match. These query operations are
cumulative and if no query strings are specified, it just returns
all services. NOTE: If the script hangs, windows firewall is most
likely on and you did not migrate to a safe process (explorer.exe
for example).
resource (display/show_post.rc)> info windows/gather/enum_shares
Name: Windows Gather SMB Share Enumeration via Registry
Module: post/windows/gather/enum_shares
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will enumerate configured and recently used file shares
resource (display/show_post.rc)> info windows/gather/enum_snmp
Name: Windows Gather SNMP Settings Enumeration (Registry)
Module: post/windows/gather/enum_snmp
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Tebo <tebo@attackresearch.com>
Description:
This module will enumerate the SNMP service configuration
resource (display/show_post.rc)> info windows/gather/enum_termserv
Name: Windows Gather Terminal Server Client Connection Information Dumper
Module: post/windows/gather/enum_termserv
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Rob Fuller <mubix@hak5.org>
Description:
This module dumps MRU and connection data for RDP sessions
resource (display/show_post.rc)> info windows/gather/enum_tokens
Name: Windows Gather Enumerate Domain Admin Tokens (Token Hunter)
Module: post/windows/gather/enum_tokens
Version: 14822
Platform: Windows
Arch:
Rank: Normal
Provided by:
Joshua Abraham <jabra@rapid7.com>
Description:
This module will identify systems that have a Domain Admin
(delegation) token on them. The module will first check if
sufficient privileges are present for certain actions, and run
getprivs for system. If you elevated privs to system, the
SeAssignPrimaryTokenPrivilege will not be assigned, in that case try
migrating to another process that is running as system. If no
sufficient privileges are available, the script will not continue.
resource (display/show_post.rc)> info windows/gather/forensics/duqu_check
Name: Windows Gather Forensics Duqu Registry Check
Module: post/windows/gather/forensics/duqu_check
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
Marcus J. Carey <mjc@threatagent.com>
Description:
This module searches for CVE-2011-3402 (Duqu) related registry
artifacts.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3402
http://r-7.co/w5h7fY
resource (display/show_post.rc)> info windows/gather/forensics/enum_drives
Name: Windows Gather Physical Drives and Logical Volumes
Module: post/windows/gather/forensics/enum_drives
Version: 14287
Platform: Windows
Arch:
Rank: Normal
Provided by:
Wesley McGrew <wesley@mcgrewsecurity.com>
Description:
This module will list physical drives and logical volumes
resource (display/show_post.rc)> info windows/gather/forensics/imager
Name: Windows Gather Forensic Imaging
Module: post/windows/gather/forensics/imager
Version: 14287
Platform: Windows
Arch:
Rank: Normal
Provided by:
Wesley McGrew <wesley@mcgrewsecurity.com>
Description:
This module will perform byte-for-byte imaging of remote disks and
volumes
resource (display/show_post.rc)> info windows/gather/forensics/nbd_server
Name: Windows Gather Local NBD Server
Module: post/windows/gather/forensics/nbd_server
Version: 14287
Platform: Windows
Arch:
Rank: Normal
Provided by:
Wesley McGrew <wesley@mcgrewsecurity.com>
Description:
Maps remote disks and logical volumes to a local Network Block
Device server. Allows for forensic tools to be executed on the
remote disk directly.
resource (display/show_post.rc)> info windows/gather/hashdump
Name: Windows Gather Local User Account Password Hashes (Registry)
Module: post/windows/gather/hashdump
Version: 15268
Platform: Windows
Arch:
Rank: Normal
Provided by:
hdm <hdm@metasploit.com>
Description:
This module will dump the local user accounts from the SAM database
using the registry
resource (display/show_post.rc)> info windows/gather/memory_grep
Name: Windows Gather Process Memory Grep
Module: post/windows/gather/memory_grep
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
bannedit <bannedit@metasploit.com>
Description:
This module allows for searching the memory space of a proccess for
potentially sensitive data.
resource (display/show_post.rc)> info windows/gather/resolve_sid
Name: Windows Gather Local User Account SID Lookup
Module: post/windows/gather/resolve_sid
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
chao-mu
Description:
This module prints information about a given SID from the
perspective of this session
resource (display/show_post.rc)> info windows/gather/reverse_lookup
Name: Windows Gather IP Range Reverse Lookup
Module: post/windows/gather/reverse_lookup
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
mubix
Description:
This module uses Railgun, calling the gethostbyaddr function to
resolve a hostname to an IP.
resource (display/show_post.rc)> info windows/gather/screen_spy
Name: Windows Gather Screen Spy
Module: post/windows/gather/screen_spy
Version: 14822
Platform: Windows
Arch:
Rank: Normal
Provided by:
Roni Bachar <roni.bachar.blog@gmail.com>
bannedit <bannedit@metasploit.com>
kernelsmith <kernelsmith /x40 kernelsmith /x2E com>
Adrian Kubok
Description:
This module will incrementally take screenshots of the meterpreter
host. This allows for screen spying which can be useful to determine
if there is an active user on a machine, or to record the screen for
later data extraction.
resource (display/show_post.rc)> info windows/gather/smart_hashdump
Name: Windows Gather Local and Domain Controller Account Password Hashes
Module: post/windows/gather/smart_hashdump
Version: 14822
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This will dump local accounts from the SAM Database. If the target
host is a Domain Controller, it will dump the Domain Account
Database using the proper technique depending on privilege level, OS
and role of the host.
resource (display/show_post.rc)> info windows/gather/usb_history
Name: Windows Gather USB Drive History
Module: post/windows/gather/usb_history
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
nebulus
Description:
This module will enumerate USB Drive history on a target host.
resource (display/show_post.rc)> info windows/gather/win_privs
Name: Windows Gather Privileges Enumeration
Module: post/windows/gather/win_privs
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
Merlyn Cousins <drforbin6@gmail.com>
Description:
This module will print if UAC is enabled, and if the current account
is ADMIN enabled. It will also print UID, foreground SESSION ID, is
SYSTEM status and current process PRIVILEGES.
resource (display/show_post.rc)> info windows/gather/wmic_command
Name: Windows Gather Run Specified WMIC command
Module: post/windows/gather/wmic_command
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will execute a given WMIC command options or read WMIC
commands options from a resource file and execute the commands in
the specified Meterpreter session.
resource (display/show_post.rc)> info windows/manage/add_user_domain
Name: Windows Manage Add User to the Domain and/or to a Domain Group
Module: post/windows/manage/add_user_domain
Version: 14822
Platform: Windows
Arch:
Rank: Normal
Provided by:
Joshua Abraham <jabra@rapid7.com>
Description:
This module adds a user to the Domain and/or to a Domain group. It
will check if sufficient privileges are present for certain actions
and run getprivs for system. If you elevated privs to system,the
SeAssignPrimaryTokenPrivilege will not be assigned. You need to
migrate to a process that is running as system. If you don't have
privs, this script exits.
resource (display/show_post.rc)> info windows/manage/autoroute
Name: Windows Manage Network Route via Meterpreter Session
Module: post/windows/manage/autoroute
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
todb <todb@metasploit.com>
Description:
This module manages session routing via an existing Meterpreter
session. It enables other modules to 'pivot' through a compromised
host when connecting to the named NETWORK and SUBMASK.
resource (display/show_post.rc)> info windows/manage/delete_user
Name: Windows Manage Local User Account Deletion
Module: post/windows/manage/delete_user
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
chao-mu
Description:
This module deletes a local user account from the specified server,
or the local machine if no server is given.
resource (display/show_post.rc)> info windows/manage/download_exec
Name: Windows Manage Download and/or Execute
Module: post/windows/manage/download_exec
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
RageLtMan
Description:
This module will download a file by importing urlmon via railgun.
The user may also choose to execute the file with arguments via
exec_string.
resource (display/show_post.rc)> info windows/manage/enable_rdp
Name: Windows Manage Enable Remote Desktop
Module: post/windows/manage/enable_rdp
Version: 15406
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module enables the Remote Desktop Service (RDP). It provides
the options to create an account and configure it to be a member of
the Local Administrators and Remote Desktop Users group. It can also
forward the target's port 3389/tcp.
resource (display/show_post.rc)> info windows/manage/inject_ca
Name: Windows Manage Certificate Authority Injection
Module: post/windows/manage/inject_ca
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
vt <nick.freeman@security-assessment.com>
Description:
This module allows the attacker to insert an arbitrary CA
certificate into the victim's Trusted Root store.
resource (display/show_post.rc)> info windows/manage/inject_host
Name: Windows Manage Hosts File Injection
Module: post/windows/manage/inject_host
Version: 15175
Platform: Windows
Arch:
Rank: Normal
Provided by:
vt <nick.freeman@security-assessment.com>
Description:
This module allows the attacker to insert a new entry into the
target system's hosts file.
resource (display/show_post.rc)> info windows/manage/migrate
Name: Windows Manage Process Migration
Module: post/windows/manage/migrate
Version: 15191
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will migrate a Meterpreter session from one process to
another. A given process PID to migrate to or the module can spawn
one and migrate to that newly spawned process.
resource (display/show_post.rc)> info windows/manage/multi_meterpreter_inject
Name: Windows Manage Inject in Memory Multiple Payloads
Module: post/windows/manage/multi_meterpreter_inject
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will inject in to several process a given payload and
connecting to a given list of IP Addresses. The module works with a
given lists of IP Addresses and process PIDs if no PID is given it
will start a the given process in the advanced options and inject
the selected payload in to the memory of the created module.
resource (display/show_post.rc)> info windows/manage/nbd_server
Name: Windows Manage Local NBD Server for Remote Disks
Module: post/windows/manage/nbd_server
Version: 14976
Platform: Windows
Arch:
Rank: Normal
Provided by:
Wesley McGrew <wesley@mcgrewsecurity.com>
Description:
Maps remote disks and logical volumes to a local Network Block
Device server. Allows for forensic tools to be executed on the
remote disk directly.
resource (display/show_post.rc)> info windows/manage/payload_inject
Name: Windows Manage Memory Payload Injection Module
Module: post/windows/manage/payload_inject
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Description:
This module will inject into the memory of a process a specified
windows payload. If a payload or process is not provided one will be
created by default using a reverse x86 TCP Meterpreter Payload.
resource (display/show_post.rc)> info windows/manage/persistence
Name: Windows Manage Persistent Payload Installer
Module: post/windows/manage/persistence
Version: 15394
Platform: Windows
Arch:
Rank: Normal
Provided by:
Carlos Perez <carlos_perez@darkoperator.com>
Merlyn drforbin Cousins <drforbin6@gmail.com>
Description:
This Module will create a boot persistent reverse Meterpreter
session by installing on the target host the payload as a script
that will be executed at user logon or system startup depending on
privilege and selected startup method. REXE mode will transfer a
binary of your choosing to remote host to be used as a payload.
resource (display/show_post.rc)> info windows/manage/powershell/exec_powershell
Name: Windows Manage PowerShell Download and/or Execute
Module: post/windows/manage/powershell/exec_powershell
Version: $Revision$
Platform: Windows
Arch:
Rank: Normal
Provided by:
Nicholas Nam (nick <Nicholas Nam (nick@executionflow.org)>
RageLtMan
Description:
This module will download and execute a PowerShell script over a
meterpreter session. The user may also enter text substitutions to
be made in memory before execution. Setting VERBOSE to true will
output both the script prior to execution and the results.
resource (display/show_post.rc)> info windows/manage/pxexploit
Name: Windows Manage PXE Exploit Server
Module: post/windows/manage/pxexploit
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
scriptjunkie
Description:
This module provides a PXE server, running a DHCP and TFTP server.
The default configuration loads a linux kernel and initrd into
memory that reads the hard drive; placing a payload to install
metsvc, disable the firewall, and add a new user metasploit on any
Windows partition seen, and add a uid 0 user with username and
password metasploit to any linux partition seen. The windows user
will have the password p@SSw0rd!123456 (in case of complexity
requirements) and will be added to the administrators group. See
exploit/windows/misc/pxesploit for a version to deliver a specific
payload. Note: the displayed IP address of a target is the address
this DHCP server handed out, not the "normal" IP address the host
uses.
resource (display/show_post.rc)> info windows/manage/remove_ca
Name: Windows Certificate Authority Removal
Module: post/windows/manage/remove_ca
Version: 15175
Platform: Windows
Arch:
Rank: Normal
Provided by:
vt <nick.freeman@security-assessment.com>
Description:
This module allows the attacker to remove an arbitrary CA
certificate from the victim's Trusted Root store.
resource (display/show_post.rc)> info windows/manage/remove_host
Name: Windows Manage Host File Entry Removal
Module: post/windows/manage/remove_host
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
vt <nick.freeman@security-assessment.com>
Description:
This module allows the attacker to remove an entry from the Windows
hosts file.
resource (display/show_post.rc)> info windows/manage/run_as
Name: Windows Manage Run Command As User
Module: post/windows/manage/run_as
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Kx499
Description:
This module will login with the specified username/password and
execute the supplied command as a hidden process. Output is not
returned by default, by setting CMDOUT to false output will be
redirected to a temp file and read back in to display.By setting
advanced option SETPASS to true, it will reset the users password
and then execute the command.
resource (display/show_post.rc)> info windows/manage/vss_create
Name: Windows Manage Create Shadow Copy
Module: post/windows/manage/vss_create
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
thelightcosine <thelightcosine@metasploit.com>
Description:
This module will attempt to create a new volume shadow copy. This is
based on the VSSOwn Script originally posted by Tim Tomes and Mark
Baggett. Works on win2k3 and later.
References:
http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html
resource (display/show_post.rc)> info windows/manage/vss_list
Name: Windows Manage List Shadow Copies
Module: post/windows/manage/vss_list
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
thelightcosine <thelightcosine@metasploit.com>
Description:
This module will attempt to list any Volume Shadow Copies on the
system. This is based on the VSSOwn Script originally posted by Tim
Tomes and Mark Baggett. Works on win2k3 and later.
References:
http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html
resource (display/show_post.rc)> info windows/manage/vss_mount
Name: Windows Manage Mount Shadow Copy
Module: post/windows/manage/vss_mount
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
thelightcosine <thelightcosine@metasploit.com>
Description:
This module will attempt to mount a Volume Shadow Copy on the
system. This is based on the VSSOwn Script originally posted by Tim
Tomes and Mark Baggett. Works on win2k3 and later.
References:
http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html
resource (display/show_post.rc)> info windows/manage/vss_set_storage
Name: Windows Manage Set Shadow Copy Storage Space
Module: post/windows/manage/vss_set_storage
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
thelightcosine <thelightcosine@metasploit.com>
Description:
This module will attempt to change the ammount of space for volume
shadow copy storage. This is based on the VSSOwn Script originally
posted by Tim Tomes and Mark Baggett. Works on win2k3 and later.
References:
http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html
resource (display/show_post.rc)> info windows/manage/vss_storage
Name: Windows Manage Get Shadow Copy Storage Info
Module: post/windows/manage/vss_storage
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
thelightcosine <thelightcosine@metasploit.com>
Description:
This module will attempt to get volume shadow copy storage info.
This is based on the VSSOwn Script originally posted by Tim Tomes
and Mark Baggett. Works on win2k3 and later.
References:
http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html
resource (display/show_post.rc)> info windows/recon/computer_browser_discovery
Name: Windows Recon Computer Browser Discovery
Module: post/windows/recon/computer_browser_discovery
Version: 14774
Platform: Windows
Arch:
Rank: Normal
Provided by:
Rob Fuller <mubix@hak5.org>
Description:
This module uses railgun to discover hostnames and IPs on the
network. LTYPE should be set to one of the following values: WK (all
workstations), SVR (all servers), SQL (all SQL servers), DC (all
Domain Controllers), DCBKUP (all Domain Backup Servers), NOVELL (all
Novell servers), PRINTSVR (all Print Que servers), MASTERBROWSER
(all Master Browswers), WINDOWS (all Windows hosts), or UNIX (all
Unix hosts).
resource (display/show_post.rc)> info windows/recon/resolve_hostname
Name: Windows Recon Resolve Hostname
Module: post/windows/recon/resolve_hostname
Version: 0
Platform: Windows
Arch:
Rank: Normal
Provided by:
Rob Fuller <mubix@hak5.org>
Description:
This module resolves a hostname to IP address via the victim,
similiar to the Unix dig command
resource (display/show_post.rc)> info windows/wlan/wlan_bss_list
Name: Windows Gather Wireless BSS Info
Module: post/windows/wlan/wlan_bss_list
Version: $Revision$
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module gathers information about the wireless Basic Service
Sets available to the victim machine.
resource (display/show_post.rc)> info windows/wlan/wlan_current_connection
Name: Windows Gather Wireless Current Connection Info
Module: post/windows/wlan/wlan_current_connection
Version: $Revision$
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module gathers information about the current connection on each
wireless lan interface on the target machine.
resource (display/show_post.rc)> info windows/wlan/wlan_disconnect
Name: Windows Disconnect Wireless Connection
Module: post/windows/wlan/wlan_disconnect
Version: $Revision$
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module disconnects the current wireless network connection on
the specified interface.
resource (display/show_post.rc)> info windows/wlan/wlan_profile
Name: Windows Gather Wireless Profile
Module: post/windows/wlan/wlan_profile
Version: $Revision$
Platform: Windows
Arch:
Rank: Normal
Provided by:
TheLightCosine <thelightcosine@gmail.com>
Description:
This module extracts saved Wireless LAN profiles. It will also try
to decrypt the network key material. Behaviour is slightly different
bewteen OS versions when it comes to WPA. In Windows Vista/7 we will
get the passphrase. In Windows XP we will get the PBKDF2 derived
key.
resource (display/show_post.rc)> exit