

Name                                             Disclosure Date  Rank    Description

   ----                                             ---------------  ----    -----------
    aix/hashdump                                                      normal  AIX Gather Dump Password Hashes
    cisco/gather/enum_cisco                                           normal  Gather Cisco Device General Information
    linux/gather/checkvm                                              normal  Linux Gather Virtual Environment Detection
    linux/gather/enum_configs                                         normal  Linux Gather Configurations
    linux/gather/enum_network                                         normal  Linux Gather Network Information
    linux/gather/enum_protections                                     normal  Linux Gather Protection Enumeration
    linux/gather/enum_system                                          normal  Linux Gather System and User Information
    linux/gather/enum_users_history                                   normal  Linux Gather User History
    linux/gather/enum_xchat                                           normal  Linux Gather XChat Enumeration
    linux/gather/hashdump                                             normal  Linux Gather Dump Password Hashes for Linux Systems
    linux/gather/mount_cifs_creds                                     normal  Linux Gather Saved mount.cifs/mount.smbfs Credentials
    multi/gather/apple_ios_backup                                     normal  Windows Gather Apple iOS MobileSync Backup File Collection
    multi/gather/dns_bruteforce                                       normal  Multi Gather DNS Forward Lookup Bruteforce
    multi/gather/dns_reverse_lookup                                  normal  Multi Gather DNS Reverse Lookup Scan
    multi/gather/dns_srv_lookup                                       normal  Multi Gather DNS Service Record Lookup Scan
    multi/gather/enum_vbox                                            normal  Multi Gather VirtualBox VM Enumeration
    multi/gather/env                                                  normal  Multi Gather Generic Operating System Environment Settings
    multi/gather/fetchmailrc_creds                                    normal  UNIX Gather .fetchmailrc Credentials
    multi/gather/filezilla_client_cred                                normal  Multi Gather FileZilla FTP Client Credential Collection
    multi/gather/find_vmx                                             normal  Multi Gather VMWare VM Identification
    multi/gather/firefox_creds                                        normal  Multi Gather Firefox Signon Credential Collection
    multi/gather/multi_command                                        normal  Multi Gather Run Shell Command Resource File
    multi/gather/netrc_creds                                          normal  UNIX Gather .netrc Credentials
    multi/gather/pidgin_cred                                          normal  Multi Gather Pidgin Instant Messenger Credential Collection
    multi/gather/ping_sweep                                           normal  Multi Gather Ping Sweep
    multi/gather/run_console_rc_file                                  normal  Multi Gather Run Console Resource File
    multi/gather/skype_enum                                           normal  Multi Gather Skype User Data Enumeration
    multi/gather/ssh_creds                                            normal  Multi Gather OpenSSH PKI Credentials Collection
    multi/gather/thunderbird_creds                                    normal  Multi Gather Mozilla Thunderbird Signon Credential Collection
    multi/general/close                                               normal  Multi Generic Operating System Session Close
    multi/general/execute                                             normal  Multi Generic Operating System Session Command Execution
    multi/manage/multi_post                                           normal  Multi Manage Post Module Macro Execution
    multi/manage/sudo                                                 normal  Multiple Linux / Unix Post Sudo Upgrade Shell
    multi/manage/system_session                                       normal  Multi Manage System Remote TCP Shell Session
    osx/admin/say                                                     normal  OSX Text to Speech Utility
    osx/gather/enum_adium                                             normal  OSX Gather Adium Enumeration
    osx/gather/enum_airport                                           normal  OSX Gather Airport Wireless Preferences
    osx/gather/enum_chicken_vnc_profile                               normal  OSX Gather Chicken of the VNC Profile
    osx/gather/enum_colloquy                                          normal  OSX Gather Colloquy Enumeration
    osx/gather/enum_osx                                               normal  OS X Gather Mac OS X System Information Enumeration
    osx/gather/hashdump                                               normal  OS X Gather Mac OS X Password Hash Collector
    solaris/gather/checkvm                                            normal  Solaris Gather Virtual Environment Detection
    solaris/gather/enum_packages                                      normal  Solaris Gather Installed Packages
    solaris/gather/enum_services                                      normal  Solaris Gather Configured Services
    solaris/gather/hashdump                                           normal  Solaris Gather Dump Password Hashes for Solaris Systems
    windows/capture/keylog_recorder                                   normal  Windows Capture Keystroke Recorder
    windows/capture/lockout_keylogger                                 normal  Winlogon Lockout Credential Keylogger
    windows/escalate/bypassuac                       2010-12-31       normal  Windows Escalate UAC Protection Bypass
    windows/escalate/droplnk                                          normal  Windows Escalate SMB Icon LNK dropper
    windows/escalate/getsystem                                        normal  Windows Escalate Get System via Administrator
    windows/escalate/ms10_073_kbdlayout              2010-10-12       normal  Windows Escalate NtUserLoadKeyboardLayoutEx Privilege Escalation
    windows/escalate/ms10_092_schelevator            2010-09-13       normal  Windows Escalate Task Scheduler XML Privilege Escalation
    windows/escalate/net_runtime_modify                               normal  Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
    windows/escalate/screen_unlock                                    normal  Windows Escalate Locked Desktop Unlocker
    windows/escalate/service_permissions                              normal  Windows Escalate Service Permissions Local Privilege Escalation
    windows/gather/arp_scanner                                        normal  Windows Gather ARP Scanner
    windows/gather/bitcoin_jacker                                     normal  Windows Gather Bitcoin wallet.dat
    windows/gather/cachedump                                          normal  Windows Gather Credential Cache Dump
    windows/gather/checkvm                                            normal  Windows Gather Virtual Environment Detection
    windows/gather/credentials/coreftp                                normal  Windows Gather CoreFTP Saved Password Extraction
    windows/gather/credentials/credential_collector                   normal  Windows Gather Credential Collector
    windows/gather/credentials/dyndns                                 normal  Windows Gather Dyn-Dns Client Password Extractor
    windows/gather/credentials/enum_cred_store                        normal  Windows Gather Credential Store Enumeration and Decryption Module
    windows/gather/credentials/enum_picasa_pwds                       normal  Windows Gather Google Picasa Password Extractor
    windows/gather/credentials/epo_sql                                normal  Windows Gather McAfee ePO 4.6 Config SQL Credentials
    windows/gather/credentials/filezilla_server                       normal  Windows Gather FileZilla FTP Server Credential Collection
    windows/gather/credentials/flashfxp                               normal  Windows Gather FlashFXP Saved Password Extraction
    windows/gather/credentials/ftpnavigator                           normal  Windows Gather FTP Navigator Saved Password Extraction
    windows/gather/credentials/idm                                    normal  Windows Gather Internet Download Manager (IDM) Password Extractor
    windows/gather/credentials/imail                                  normal  Windows Gather IPSwitch iMail User Data Enumeration
    windows/gather/credentials/imvu                                   normal  Windows Gather Credentials IMVU Game Client
    windows/gather/credentials/meebo                                  normal  Windows Gather Meebo Password Extractor
    windows/gather/credentials/mremote                                normal  Windows Gather mRemote Saved Password Extraction
    windows/gather/credentials/nimbuzz                                normal  Windows Gather Nimbuzz Instant Messenger Password Extractor
    windows/gather/credentials/outlook                                normal  Windows Gather Microsoft Outlook Saved Password Extraction
    windows/gather/credentials/razorsql                               normal  Windows Gather RazorSQL Credentials
    windows/gather/credentials/smartftp                               normal  Windows Gather SmartFTP Saved Password Extraction
    windows/gather/credentials/total_commander                        normal  Windows Gather Total Commander Saved Password Extraction
    windows/gather/credentials/trillian                               normal  Windows Gather Trillian Password Extractor
    windows/gather/credentials/vnc                                    normal  Windows Gather VNC Password Extraction
    windows/gather/credentials/windows_autologin                      normal  Windows Gather AutoLogin User Credential Extractor
    windows/gather/credentials/winscp                                 normal  Windows Gather WinSCP Saved Password Extraction
    windows/gather/credentials/wsftp_client                           normal  Windows Gather WS_FTP Saved Password Extraction
    windows/gather/dumplinks                                          normal  Windows Gather Dump Recent Files lnk Info
    windows/gather/enum_applications                                  normal  Windows Gather Installed Application Enumeration
    windows/gather/enum_artifacts                                     normal  Windows Gather File and Registry Artifacts Enumeration
    windows/gather/enum_chrome                                        normal  Windows Gather Google Chrome User Data Enumeration
    windows/gather/enum_computers                                     normal  Windows Gather Enumerate Computers
    windows/gather/enum_devices                                       normal  Windows Gather Hardware Enumeration
    windows/gather/enum_dirperms                                      normal  Windows Gather Directory Permissions Enumeration
    windows/gather/enum_domain                                        normal  Windows Gather Enumerate Domain
    windows/gather/enum_domain_group_users                            normal  Windows Gather Enumerate Domain Group
    windows/gather/enum_domain_tokens                                 normal  Windows Gather Enumerate Domain Tokens
    windows/gather/enum_domains                                       normal  Windows Gather Domain Enumeration
    windows/gather/enum_hostfile                                      normal  Windows Gather Windows Host File Enumeration
    windows/gather/enum_ie                                            normal  Windows Gather Internet Explorer User Data Enumeration
    windows/gather/enum_logged_on_users                               normal  Windows Gather Logged On User Enumeration (Registry)
    windows/gather/enum_ms_product_keys                               normal  Windows Gather Product Key
    windows/gather/enum_powershell_env                                normal  Windows Gather Powershell Environment Setting Enumeration
    windows/gather/enum_services                                      normal  Windows Gather Service Info Enumeration
    windows/gather/enum_shares                                        normal  Windows Gather SMB Share Enumeration via Registry
    windows/gather/enum_snmp                                          normal  Windows Gather SNMP Settings Enumeration (Registry)
    windows/gather/enum_termserv                                      normal  Windows Gather Terminal Server Client Connection Information Dumper
    windows/gather/enum_tokens                                        normal  Windows Gather Enumerate Domain Admin Tokens (Token Hunter)
    windows/gather/forensics/duqu_check                               normal  Windows Gather Forensics Duqu Registry Check
    windows/gather/forensics/enum_drives                              normal  Windows Gather Physical Drives and Logical Volumes
    windows/gather/forensics/imager                                   normal  Windows Gather Forensic Imaging
    windows/gather/forensics/nbd_server                               normal  Windows Gather Local NBD Server
    windows/gather/hashdump                                           normal  Windows Gather Local User Account Password Hashes (Registry)
    windows/gather/memory_grep                                        normal  Windows Gather Process Memory Grep
    windows/gather/resolve_sid                                        normal  Windows Gather Local User Account SID Lookup
    windows/gather/reverse_lookup                                     normal  Windows Gather IP Range Reverse Lookup
    windows/gather/screen_spy                                         normal  Windows Gather Screen Spy
    windows/gather/smart_hashdump                                     normal  Windows Gather Local and Domain Controller Account Password Hashes
    windows/gather/usb_history                                        normal  Windows Gather USB Drive History
    windows/gather/win_privs                                          normal  Windows Gather Privileges Enumeration
    windows/gather/wmic_command                                       normal  Windows Gather Run Specified WMIC command
    windows/manage/add_user_domain                                    normal  Windows Manage Add User to the Domain and/or to a Domain Group
    windows/manage/autoroute                                          normal  Windows Manage Network Route via Meterpreter Session
    windows/manage/delete_user                                        normal  Windows Manage Local User Account Deletion
    windows/manage/download_exec                                      normal  Windows Manage Download and/or Execute
    windows/manage/enable_rdp                                         normal  Windows Manage Enable Remote Desktop
    windows/manage/inject_ca                                          normal  Windows Manage Certificate Authority Injection
    windows/manage/inject_host                                        normal  Windows Manage Hosts File Injection
    windows/manage/migrate                                            normal  Windows Manage Process Migration
    windows/manage/multi_meterpreter_inject                           normal  Windows Manage Inject in Memory Multiple Payloads
    windows/manage/nbd_server                                         normal  Windows Manage Local NBD Server for Remote Disks
    windows/manage/payload_inject                                     normal  Windows Manage Memory Payload Injection Module
    windows/manage/persistence                                        normal  Windows Manage Persistent Payload Installer
    windows/manage/powershell/exec_powershell                         normal  Windows Manage PowerShell Download and/or Execute
    windows/manage/pxexploit                                          normal  Windows Manage PXE Exploit Server
    windows/manage/remove_ca                                          normal  Windows Certificate Authority Removal
    windows/manage/remove_host                                        normal  Windows Manage Host File Entry Removal
    windows/manage/run_as                                             normal  Windows Manage Run Command As User
    windows/manage/vss_create                                         normal  Windows Manage Create Shadow Copy
    windows/manage/vss_list                                           normal  Windows Manage List Shadow Copies
    windows/manage/vss_mount                                          normal  Windows Manage Mount Shadow Copy
    windows/manage/vss_set_storage                                    normal  Windows Manage Set Shadow Copy Storage Space
    windows/manage/vss_storage                                        normal  Windows Manage Get Shadow Copy Storage Info
    windows/recon/computer_browser_discovery                          normal  Windows Recon Computer Browser Discovery
    windows/recon/resolve_hostname                                    normal  Windows Recon Resolve Hostname
    windows/wlan/wlan_bss_list                                        normal  Windows Gather Wireless BSS Info
    windows/wlan/wlan_current_connection                              normal  Windows Gather Wireless Current Connection Info
    windows/wlan/wlan_disconnect                                      normal  Windows Disconnect Wireless Connection

   windows/wlan/wlan_profile                                         normal  Windows Gather Wireless Profile

resource (display/show_post.rc)> info aix/hashdump

       Name: AIX Gather Dump Password Hashes
     Module: post/aix/hashdump
    Version: $Revision$
   Platform: AIX
       Rank: Normal

Provided by:

  Post Module to dump the password hashes for all users on an AIX 

resource (display/show_post.rc)> info cisco/gather/enum_cisco

       Name: Gather Cisco Device General Information
     Module: post/cisco/gather/enum_cisco
    Version: 14822
   Platform: Cisco
       Rank: Normal

Provided by:
  Carlos Perez

  This module collects a Cisco IOS or NXOS device information and 

resource (display/show_post.rc)> info linux/gather/checkvm

       Name: Linux Gather Virtual Environment Detection
     Module: post/linux/gather/checkvm
    Version: 14812
   Platform: Linux
       Rank: Normal

Provided by:
  Carlos Perez

  This module attempts to determine whether the system is running 
  inside of a virtual environment and if so, which one. This module 
  supports detection of Hyper-V, VMWare, VirtualBox, Xen, and 

resource (display/show_post.rc)> info linux/gather/enum_configs

       Name: Linux Gather Configurations
     Module: post/linux/gather/enum_configs
    Version: 0
   Platform: Linux
       Rank: Normal

Provided by:

  This module collects configuration files found on commonly installed 
  applications and services, such as Apache, MySQL, Samba, Sendmail, 
  etc. If a config file is found in its default path, the module will 
  assume that is the file we want.

resource (display/show_post.rc)> info linux/gather/enum_network

       Name: Linux Gather Network Information
     Module: post/linux/gather/enum_network
    Version: $Revision$
   Platform: Linux
       Rank: Normal

Provided by:
  Stephen Haywood

  This module gathers network information from the target system 
  IPTables rules, interfaces, wireless information, open and listening 
  ports, active network connections, DNS information and SSH 

resource (display/show_post.rc)> info linux/gather/enum_protections

       Name: Linux Gather Protection Enumeration
     Module: post/linux/gather/enum_protections
    Version: 0
   Platform: Linux
       Rank: Normal

Provided by:

  This module tries to find certain installed applications that can be 
  used to prevent, or detect our attacks, which is done by locating 
  certain binary locations, and see if they are indeed executables. 
  For example, if we are able to run 'snort' as a command, we assume 
  it's one of the files we are looking for. This module is meant to 
  cover various antivirus, rootkits, IDS/IPS, firewalls, and other 

resource (display/show_post.rc)> info linux/gather/enum_system

       Name: Linux Gather System and User Information
     Module: post/linux/gather/enum_system
    Version: $Revision$
   Platform: Linux
       Rank: Normal

Provided by:
  Carlos Perez
  Stephen Haywood

  This module gathers system information. We collect installed 
  packages, installed services, mount information, user list, user 
  bash history and cron jobs

resource (display/show_post.rc)> info linux/gather/enum_users_history

       Name: Linux Gather User History
     Module: post/linux/gather/enum_users_history
    Version: $Revision$
   Platform: Linux
       Rank: Normal

Provided by:

  This module gathers user specific information. User list, bash 
  history, mysql history, vim history, lastlog and sudoers.

resource (display/show_post.rc)> info linux/gather/enum_xchat

       Name: Linux Gather XChat Enumeration
     Module: post/linux/gather/enum_xchat
    Version: 0
   Platform: Linux
       Rank: Normal

Provided by:

  This module will collect XChat's config files and chat logs from the 
  victim's machine. There are three actions you may choose: CONFIGS, 
  CHATS, and ALL. The CONFIGS option can be used to collect 
  information such as channel settings, channel/server passwords, etc. 
  The CHATS option will simply download all the .log files.

resource (display/show_post.rc)> info linux/gather/hashdump

       Name: Linux Gather Dump Password Hashes for Linux Systems
     Module: post/linux/gather/hashdump
    Version: 14774
   Platform: Linux
       Rank: Normal

Provided by:
  Carlos Perez

  Post Module to dump the password hashes for all users on a Linux 

resource (display/show_post.rc)> info linux/gather/mount_cifs_creds

       Name: Linux Gather Saved mount.cifs/mount.smbfs Credentials
     Module: post/linux/gather/mount_cifs_creds
    Version: 0
   Platform: Linux
       Rank: Normal

Provided by:
  Jon Hart

  Post Module to obtain credentials saved for mount.cifs/mount.smbfs 
  in /etc/fstab on a Linux system.

resource (display/show_post.rc)> info multi/gather/apple_ios_backup

       Name: Windows Gather Apple iOS MobileSync Backup File Collection
     Module: post/multi/gather/apple_ios_backup
    Version: 14834
   Platform: Windows, OSX
       Rank: Normal

Provided by:

  This module will collect sensitive files from any on-disk iOS device 

resource (display/show_post.rc)> info multi/gather/dns_bruteforce

       Name: Multi Gather DNS Forward Lookup Bruteforce
     Module: post/multi/gather/dns_bruteforce
    Version: 14774
   Platform: Windows, Linux, OSX, BSD, Solaris
       Rank: Normal

Provided by:
  Carlos Perez

  Brute force subdomains and hostnames via wordlist.

resource (display/show_post.rc)> info multi/gather/dns_reverse_lookup

       Name: Multi Gather DNS Reverse Lookup Scan
     Module: post/multi/gather/dns_reverse_lookup
    Version: 14774
   Platform: Windows, Linux, OSX, BSD, Solaris
       Rank: Normal

Provided by:
  Carlos Perez

  Performs DNS reverse lookup using the OS included DNS query command.

resource (display/show_post.rc)> info multi/gather/dns_srv_lookup

       Name: Multi Gather DNS Service Record Lookup Scan
     Module: post/multi/gather/dns_srv_lookup
    Version: 14774
   Platform: Windows, Linux, OSX, BSD, Solaris
       Rank: Normal

Provided by:
  Carlos Perez

  Enumerates know SRV Records for a given domaon using target host DNS 
  query tool.

resource (display/show_post.rc)> info multi/gather/enum_vbox

       Name: Multi Gather VirtualBox VM Enumeration
     Module: post/multi/gather/enum_vbox
    Version: $Revision$
   Platform: Unix, BSD, Linux, OSX, Windows
       Rank: Normal

Provided by:

  This module will attempt to enumerate any VirtualBox VMs on the 
  target machine. Due to the nature of VirtualBox, this module can 
  only enumerate VMs registered for the current user, thereforce, this 
  module needs to be invoked from a user context.

resource (display/show_post.rc)> info multi/gather/env

       Name: Multi Gather Generic Operating System Environment Settings
     Module: post/multi/gather/env
    Version: 14976
   Platform: Linux, Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module prints out the operating system environment variables

resource (display/show_post.rc)> info multi/gather/fetchmailrc_creds

       Name: UNIX Gather .fetchmailrc Credentials
     Module: post/multi/gather/fetchmailrc_creds
    Version: 0
   Platform: BSD, Linux, OSX, Unix
       Rank: Normal

Provided by:
  Jon Hart

  Post Module to obtain credentials saved for IMAP, POP and other mail 
  retrieval protocols in fetchmail's .fetchmailrc

resource (display/show_post.rc)> info multi/gather/filezilla_client_cred

       Name: Multi Gather FileZilla FTP Client Credential Collection
     Module: post/multi/gather/filezilla_client_cred
    Version: 14935
   Platform: Unix, BSD, Linux, OSX, Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will collect credentials from the FileZilla FTP client 
  if it is installed.

resource (display/show_post.rc)> info multi/gather/find_vmx

       Name: Multi Gather VMWare VM Identification
     Module: post/multi/gather/find_vmx
    Version: $Revision$
   Platform: Unix, BSD, Linux, OSX, Windows
       Rank: Normal

Provided by:

  This module will attempt to find any VMWare virtual machines stored 
  on the target.

resource (display/show_post.rc)> info multi/gather/firefox_creds

       Name: Multi Gather Firefox Signon Credential Collection
     Module: post/multi/gather/firefox_creds
    Version: 14852
   Platform: Windows, Linux, BSD, Unix, OSX
       Rank: Normal

Provided by:

  This module will collect credentials from the Firefox web browser if 
  it is installed on the targeted machine. Additionally, cookies are 
  downloaded. Which could potentially yield valid web sessions. 
  Firefox stores passwords within the signons.sqlite database file. 
  There is also a keys3.db file which contains the key for decrypting 
  these passwords. In cases where a Master Password has not been set, 
  the passwords can easily be decrypted using third party tools. If a 
  Master Password was used the only option would be to bruteforce.

resource (display/show_post.rc)> info multi/gather/multi_command

       Name: Multi Gather Run Shell Command Resource File
     Module: post/multi/gather/multi_command
    Version: 14774
   Platform: Windows, Linux, BSD, Unix, OSX
       Rank: Normal

Provided by:
  Carlos Perez

  This module will read shell commands from a resource file and 
  execute the commands in the specified Meterpreter or shell session.

resource (display/show_post.rc)> info multi/gather/netrc_creds

       Name: UNIX Gather .netrc Credentials
     Module: post/multi/gather/netrc_creds
    Version: 0
   Platform: BSD, Linux, OSX, Unix
       Rank: Normal

Provided by:
  Jon Hart

  Post Module to obtain credentials saved for FTP and other services 
  in .netrc

resource (display/show_post.rc)> info multi/gather/pidgin_cred

       Name: Multi Gather Pidgin Instant Messenger Credential Collection
     Module: post/multi/gather/pidgin_cred
    Version: 14774
   Platform: Unix, BSD, Linux, OSX, Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will collect credentials from the Pidgin IM client if it 
  is installed.

resource (display/show_post.rc)> info multi/gather/ping_sweep

       Name: Multi Gather Ping Sweep
     Module: post/multi/gather/ping_sweep
    Version: 14774
   Platform: Windows, Linux, OSX, BSD, Solaris
       Rank: Normal

Provided by:
  Carlos Perez

  Performs IPv4 ping sweep using the OS included ping command.

resource (display/show_post.rc)> info multi/gather/run_console_rc_file

       Name: Multi Gather Run Console Resource File
     Module: post/multi/gather/run_console_rc_file
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will read console commands from a resource file and 
  execute the commands in the specified Meterpreter session.

resource (display/show_post.rc)> info multi/gather/skype_enum

       Name: Multi Gather Skype User Data Enumeration
     Module: post/multi/gather/skype_enum
    Version: $Revision$
   Platform: Windows, OSX
       Rank: Normal

Provided by:
  Carlos Perez

  This module will enumerate Skype account settings, contact list, 
  call history, chat logs, file transfer history, and voicemail logs, 
  saving all the data to CSV files for analysis.

resource (display/show_post.rc)> info multi/gather/ssh_creds

       Name: Multi Gather OpenSSH PKI Credentials Collection
     Module: post/multi/gather/ssh_creds
    Version: 14795
   Platform: Linux, BSD, Unix, OSX
       Rank: Normal

Provided by:
  Jim Halfpenny

  This module will collect the contents of user's .ssh directory on 
  the targeted machine. Additionally, known_hosts and authorized_keys 
  and any other files are also downloaded. This module is largely 
  based on firefox_creds.rb.

resource (display/show_post.rc)> info multi/gather/thunderbird_creds

       Name: Multi Gather Mozilla Thunderbird Signon Credential Collection
     Module: post/multi/gather/thunderbird_creds
    Version: 0
   Platform: Windows, Linux, OSX
       Rank: Normal

Provided by:

  This module will collect credentials from Mozilla Thunderbird by 
  downloading the necessary files such as 'signons.sqlite', 'key3.db', 
  and 'cert8.db' for offline decryption with third party tools. If 
  necessary, you may also set the PARSE optioin to true to parse the 
  sqlite file, which contains sensitive information such as the 
  encrypted username/password. However, this feature is not enabled by 
  default, because it requires SQLITE3 gem to be installed on your 

resource (display/show_post.rc)> info multi/general/close

       Name: Multi Generic Operating System Session Close
     Module: post/multi/general/close
    Version: 14976
   Platform: Linux, Windows, Unix, OSX
       Rank: Normal

Provided by:

  This module closes the specified session. This can be useful as a 
  finisher for automation tasks

resource (display/show_post.rc)> info multi/general/execute

       Name: Multi Generic Operating System Session Command Execution
     Module: post/multi/general/execute
    Version: $Revision$
   Platform: Linux, Windows, Unix, OSX
       Rank: Normal

Provided by:

  This module executes an arbitrary command line

resource (display/show_post.rc)> info multi/manage/multi_post

       Name: Multi Manage Post Module Macro Execution
     Module: post/multi/manage/multi_post
    Version: 14774
   Platform: Windows, Unix, OSX, Linux, Solaris
       Rank: Normal

Provided by:

  This module will execute a list of modules given in a macro file in 
  the format of against the select session 
  checking for compatibility of the module against the sessions and 
  validation of the options provided.

resource (display/show_post.rc)> info multi/manage/sudo

       Name: Multiple Linux / Unix Post Sudo Upgrade Shell
     Module: post/multi/manage/sudo
    Version: $
   Platform: Linux, Unix, OSX, Solaris, AIX
       Rank: Normal

Provided by:

  This module attempts to upgrade a shell account to UID 0 by reusing 
  the given password and passing it to sudo. This technique relies on 
  sudo versions from 2008 and later which support -A.


resource (display/show_post.rc)> info multi/manage/system_session

       Name: Multi Manage System Remote TCP Shell Session
     Module: post/multi/manage/system_session
    Version: 14976
   Platform: Unix, OSX, Linux
       Rank: Normal

Provided by:
  Carlos Perez

  This module will create a Reverse TCP Shell on the target system 
  using the system own scripting enviroments installed on the target.

resource (display/show_post.rc)> info osx/admin/say

       Name: OSX Text to Speech Utility
     Module: post/osx/admin/say
    Version: 0
   Platform: OSX
       Rank: Normal

Provided by:

  This module will speak whatever is in the 'TEXT' option on the 
  victim machine.


resource (display/show_post.rc)> info osx/gather/enum_adium

       Name: OSX Gather Adium Enumeration
     Module: post/osx/gather/enum_adium
    Version: 0
   Platform: OSX
       Rank: Normal

Provided by:

  This module will collect Adium's account plist files and chat logs 
  from the victim's machine. There are three different actions you may 
  choose: ACCOUNTS, CHATS, and ALL. Note that to use the 'CHATS' 
  action, make sure you set the regex 'PATTERN' option in order to 
  look for certain log names (which consists of a contact's name, and 
  a timestamp). The current 'PATTERN' option is configured to look for 
  any log created on February 2012 as an example. To loot both account 
  plists and chat logs, simply set the action to 'ALL'.

resource (display/show_post.rc)> info osx/gather/enum_airport

       Name: OSX Gather Airport Wireless Preferences
     Module: post/osx/gather/enum_airport
    Version: 0
   Platform: OSX
       Rank: Normal

Provided by:

  This module will download OSX Airport Wireless preferences from the 
  victim machine. The preferences file (which is a plist) contains 
  information such as: SSID, Channels, Security Type, Password ID, 

resource (display/show_post.rc)> info osx/gather/enum_chicken_vnc_profile

       Name: OSX Gather Chicken of the VNC Profile
     Module: post/osx/gather/enum_chicken_vnc_profile
    Version: 0
   Platform: OSX
       Rank: Normal

Provided by:

  This module will download the "Chicken of the VNC" client 
  application's profile file, which is used to store other VNC 
  servers' information such as as the IP and password.

resource (display/show_post.rc)> info osx/gather/enum_colloquy

       Name: OSX Gather Colloquy Enumeration
     Module: post/osx/gather/enum_colloquy
    Version: 0
   Platform: OSX
       Rank: Normal

Provided by:

  This module will collect Colloquy's info plist file and chat logs 
  from the victim's machine. There are three actions you may choose: 
  INFO, CHATS, and ALL. Please note that the CHAT action may take a 
  long time depending on the victim machine, therefore we suggest to 
  set the regex 'PATTERN' option in order to search for certain log 
  names (which consists of the contact's name, and a timestamp). The 
  default 'PATTERN' is configured as "^alien" as an example to search 
  for any chat logs associated with the name "alien".

resource (display/show_post.rc)> info osx/gather/enum_osx

       Name: OS X Gather Mac OS X System Information Enumeration
     Module: post/osx/gather/enum_osx
    Version: 15406
   Platform: OSX
       Rank: Normal

Provided by:
  Carlos Perez

  This module gathers basic system information from Mac OS X Tiger, 
  Leopard, Snow Leopard and Lion systems.

resource (display/show_post.rc)> info osx/gather/hashdump

       Name: OS X Gather Mac OS X Password Hash Collector
     Module: post/osx/gather/hashdump
    Version: 15406
   Platform: OSX
       Rank: Normal

Provided by:
  Carlos Perez

  This module dumps SHA-1, LM and NT Hashes of Mac OS X Tiger, 
  Leopard, Snow Leopard and Lion Systems.

resource (display/show_post.rc)> info solaris/gather/checkvm

       Name: Solaris Gather Virtual Environment Detection
     Module: post/solaris/gather/checkvm
    Version: 14976
   Platform: Solaris
       Rank: Normal

Provided by:
  Carlos Perez

  This module attempts to determine whether the system is running 
  inside of a virtual environment and if so, which one. This module 
  supports detectoin of Solaris Zone, VMWare, VirtualBox, Xen, and 

resource (display/show_post.rc)> info solaris/gather/enum_packages

       Name: Solaris Gather Installed Packages
     Module: post/solaris/gather/enum_packages
    Version: 14774
   Platform: Solaris
       Rank: Normal

Provided by:
  Carlos Perez

  Post Module to enumerate installed packages on a Solaris System

resource (display/show_post.rc)> info solaris/gather/enum_services

       Name: Solaris Gather Configured Services
     Module: post/solaris/gather/enum_services
    Version: 14774
   Platform: Solaris
       Rank: Normal

Provided by:
  Carlos Perez

  Post Module to enumerate services on a Solaris System

resource (display/show_post.rc)> info solaris/gather/hashdump

       Name: Solaris Gather Dump Password Hashes for Solaris Systems
     Module: post/solaris/gather/hashdump
    Version: 14774
   Platform: Solaris
       Rank: Normal

Provided by:
  Carlos Perez

  Post Module to dump the password hashes for all users on a Solaris 

resource (display/show_post.rc)> info windows/capture/keylog_recorder

       Name: Windows Capture Keystroke Recorder
     Module: post/windows/capture/keylog_recorder
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module can be used to capture keystrokes. To capture keystrokes 
  when the session is running as SYSTEM, the MIGRATE option must be 
  enabled and the CAPTURE_TYPE option should be set to one of 
  Explorer, Winlogon, or a specific PID. To capture the keystrokes of 
  the interactive user, the Explorer option should be used with 
  MIGRATE enabled. Keep in mind that this will demote this session to 
  the user's privileges, so it makes sense to create a separate 
  session for this task. The Winlogon option will capture the username 
  and password entered into the logon and unlock dialog. The 
  LOCKSCREEN option can be combined with the Winlogon CAPTURE_TYPE to 
  for the user to enter their clear-text password.

resource (display/show_post.rc)> info windows/capture/lockout_keylogger

       Name: Winlogon Lockout Credential Keylogger
     Module: post/windows/capture/lockout_keylogger
    Version: 14822
   Platform: Windows
       Rank: Normal

Provided by:
  Rob Fuller

  This module migrates and logs Microsoft Windows user's passwords via 
  Winlogon.exe. Using idle time and natural system changes to give a 
  false sense of security to the user.


resource (display/show_post.rc)> info windows/escalate/bypassuac

       Name: Windows Escalate UAC Protection Bypass
     Module: post/windows/escalate/bypassuac
    Version: 14976
   Platform: Windows
       Rank: Normal

Provided by:
  David Kennedy "ReL1K"

  This module will bypass Windows UAC by utilizing the trusted 
  publisher certificate through process injection. It will spawn a 
  second shell that has the UAC flag turned off.


resource (display/show_post.rc)> info windows/escalate/droplnk

       Name: Windows Escalate SMB Icon LNK dropper
     Module: post/windows/escalate/droplnk
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:
  Rob Fuller

  This module drops a shortcut (LNK file) that has a ICON reference 
  existing on the specified remote host, causing SMB and WebDAV 
  connections to be initiated from any user that views the shortcut.

resource (display/show_post.rc)> info windows/escalate/getsystem

       Name: Windows Escalate Get System via Administrator
     Module: post/windows/escalate/getsystem
    Version: $Revision$
   Platform: Windows
       Rank: Normal

Provided by:

  This module uses the builtin 'getsystem' command to escalate the 
  current session to the SYSTEM account from an administrator user 

resource (display/show_post.rc)> info windows/escalate/ms10_073_kbdlayout

       Name: Windows Escalate NtUserLoadKeyboardLayoutEx Privilege Escalation
     Module: post/windows/escalate/ms10_073_kbdlayout
    Version: 15014
   Platform: Windows
       Rank: Normal

Provided by:
  Ruben Santamarta

  This module exploits the keyboard layout vulnerability exploited by 
  Stuxnet. When processing specially crafted keyboard layout files 
  (DLLs), the Windows kernel fails to validate that an array index is 
  within the bounds of the array. By loading a specially crafted 
  keyboard layout, an attacker can execute code in Ring 0.


resource (display/show_post.rc)> info windows/escalate/ms10_092_schelevator

       Name: Windows Escalate Task Scheduler XML Privilege Escalation
     Module: post/windows/escalate/ms10_092_schelevator
    Version: 15014
   Platform: Windows
       Rank: Normal

Provided by:

  This module exploits the Task Scheduler 2.0 XML 0day exploited by 
  Stuxnet. When processing task files, the Windows Task Scheduler only 
  uses a CRC32 checksum to validate that the file has not been 
  tampered with. Also, In a default configuration, normal users can 
  read and write the task files that they have created. By modifying 
  the task file and creating a CRC32 collision, an attacker can 
  execute arbitrary commands with SYSTEM privileges. NOTE: Thanks to 
  webDEViL for the information about disable/enable.


resource (display/show_post.rc)> info windows/escalate/net_runtime_modify

       Name: Windows Escalate Microsoft .NET Runtime Optimization Service Privilege Escalation
     Module: post/windows/escalate/net_runtime_modify
    Version: 15014
   Platform: Windows
       Rank: Normal

Provided by:

  This module attempts to exploit the security permissions set on the 
  .NET Runtime Optimization service. Vulnerable versions of the .NET 
  Framework include 4.0 and 2.0. The permissions on this service allow 
  domain users and local power users to modify the mscorsvw.exe 


resource (display/show_post.rc)> info windows/escalate/screen_unlock

       Name: Windows Escalate Locked Desktop Unlocker
     Module: post/windows/escalate/screen_unlock
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module unlocks a locked Windows desktop by patching the 
  respective code inside the LSASS.exe process. This patching process 
  can result in the target system hanging or even rebooting, so be 
  careful when using this module on production systems.


resource (display/show_post.rc)> info windows/escalate/service_permissions

       Name: Windows Escalate Service Permissions Local Privilege Escalation
     Module: post/windows/escalate/service_permissions
    Version: 15394
   Platform: Windows
       Rank: Normal

Provided by:

  This module attempts to exploit existing administrative privileges 
  to obtain a SYSTEM session. If directly creating a service fails, 
  this module will inspect existing services to look for insecure file 
  or configuration permissions that may be hijacked. It will then 
  attempt to restart the replaced service to run the payload. This 
  will result in a new session when this succeeds. If the module is 
  able to modify the service but does not have permission to start and 
  stop the affected service, the attacker must wait for the system to 
  restart before a session will be created.

resource (display/show_post.rc)> info windows/gather/arp_scanner

       Name: Windows Gather ARP Scanner
     Module: post/windows/gather/arp_scanner
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This Module will perform an ARP scan for a given IP range through a 
  Meterpreter Session.

resource (display/show_post.rc)> info windows/gather/bitcoin_jacker

       Name: Windows Gather Bitcoin wallet.dat
     Module: post/windows/gather/bitcoin_jacker
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module downloads any Bitcoin wallet.dat files from the target 

resource (display/show_post.rc)> info windows/gather/cachedump

       Name: Windows Gather Credential Cache Dump
     Module: post/windows/gather/cachedump
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Maurizio Agazzini
  Rob Fuller

  This module uses the registry to extract the stored domain hashes 
  that have been cached as a result of a GPO setting. The default 
  setting on Windows is to store the last ten successful logins.


resource (display/show_post.rc)> info windows/gather/checkvm

       Name: Windows Gather Virtual Environment Detection
     Module: post/windows/gather/checkvm
    Version: 15394
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module attempts to determine whether the system is running 
  inside of a virtual environment and if so, which one. This module 
  supports detectoin of Hyper-V, VMWare, Virtual PC, VirtualBox, Xen, 
  and QEMU.

resource (display/show_post.rc)> info windows/gather/credentials/coreftp

       Name: Windows Gather CoreFTP Saved Password Extraction
     Module: post/windows/gather/credentials/coreftp
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module extracts saved passwords from the CoreFTP FTP client. 
  These passwords are stored in the registry. They are encrypted with 
  AES-128-ECB. This module extracts and decrypts these passwords.

resource (display/show_post.rc)> info windows/gather/credentials/credential_collector

       Name: Windows Gather Credential Collector
     Module: post/windows/gather/credentials/credential_collector
    Version: 14800
   Platform: Windows
       Rank: Normal

Provided by:

  This module harvests credentials found on the host and stores them 
  in the database.

resource (display/show_post.rc)> info windows/gather/credentials/dyndns

       Name: Windows Gather Dyn-Dns Client Password Extractor
     Module: post/windows/gather/credentials/dyndns
    Version: 14822
   Platform: Windows
       Rank: Normal

Provided by:
  Shubham Dawra

  This module extracts the username, password, and hosts for Dyn-Dns 
  version 4.1.8. This is done by downloading the config.dyndns file 
  from the victim machine, and then automatically decode the password 
  field. The original copy of the config file is also saved to disk.

resource (display/show_post.rc)> info windows/gather/credentials/enum_cred_store

       Name: Windows Gather Credential Store Enumeration and Decryption Module
     Module: post/windows/gather/credentials/enum_cred_store
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module will enumerate the Microsoft Credential Store and 
  decrypt the credentials. This module can only access credentials 
  created by the user the process is running as. It cannot decrypt 
  Domain Network Passwords, but will display the username and 

resource (display/show_post.rc)> info windows/gather/credentials/enum_picasa_pwds

       Name: Windows Gather Google Picasa Password Extractor
     Module: post/windows/gather/credentials/enum_picasa_pwds
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  SecurityXploded Team

  This module extracts and decrypts the login passwords stored by 
  Google Picasa.

resource (display/show_post.rc)> info windows/gather/credentials/epo_sql

       Name: Windows Gather McAfee ePO 4.6 Config SQL Credentials
     Module: post/windows/gather/credentials/epo_sql
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Nathan Einwechter

  This module extracts connection details and decrypts the saved 
  password for the SQL database in use by a McAfee ePO 4.6 server. The 
  passwords are stored in a config file. They are encrypted with 
  AES-128-ECB and a static key.

resource (display/show_post.rc)> info windows/gather/credentials/filezilla_server

       Name: Windows Gather FileZilla FTP Server Credential Collection
     Module: post/windows/gather/credentials/filezilla_server
    Version: 14871
   Platform: Windows
       Rank: Normal

Provided by:

  This module will collect credentials from the FileZilla FTP server 
  if installed.

resource (display/show_post.rc)> info windows/gather/credentials/flashfxp

       Name: Windows Gather FlashFXP Saved Password Extraction
     Module: post/windows/gather/credentials/flashfxp
    Version: 14789
   Platform: Windows
       Rank: Normal

Provided by:

  This module extracts weakly encrypted saved FTP Passwords from 
  FlashFXP. It finds saved FTP connections in the Sites.dat file.

resource (display/show_post.rc)> info windows/gather/credentials/ftpnavigator

       Name: Windows Gather FTP Navigator Saved Password Extraction
     Module: post/windows/gather/credentials/ftpnavigator
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module extracts saved passwords from the FTP Navigator FTP 
  client. It will decode the saved passwords and store them in the 

resource (display/show_post.rc)> info windows/gather/credentials/idm

       Name: Windows Gather Internet Download Manager (IDM) Password Extractor
     Module: post/windows/gather/credentials/idm
    Version: 14976
   Platform: Windows
       Rank: Normal

Provided by:
  SecurityXploded Team

  This module recovers the saved premium download account passwords 
  from Internet Download Manager (IDM). These passwords are stored in 
  an encoded format in the registry. This module traverses through 
  these registry entries and decodes them. Thanks to the template code 
  of thelightcosine's CoreFTP password module.

resource (display/show_post.rc)> info windows/gather/credentials/imail

       Name: Windows Gather IPSwitch iMail User Data Enumeration
     Module: post/windows/gather/credentials/imail
    Version: 15014
   Platform: Windows
       Rank: Normal

Provided by:

  This module will collect iMail user data such as the username, 
  domain, full name, e-mail, and the decoded password. Please note if 
  IMAILUSER is specified, the module extracts user data from all the 
  domains found. If IMAILDOMAIN is specified, then it will extract all 
  user data under that particular category.


resource (display/show_post.rc)> info windows/gather/credentials/imvu

       Name: Windows Gather Credentials IMVU Game Client
     Module: post/windows/gather/credentials/imvu
    Version: 14100
   Platform: Windows
       Rank: Normal

Provided by:
  Shubham Dawra

  This module extracts account username & password from the IMVU game 
  client and stores it as loot.

resource (display/show_post.rc)> info windows/gather/credentials/meebo

       Name: Windows Gather Meebo Password Extractor
     Module: post/windows/gather/credentials/meebo
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  SecurityXploded Team

  This module extracts login account password stored by Meebo 
  Notifier, a desktop version of Meebo's Online Messenger.

resource (display/show_post.rc)> info windows/gather/credentials/mremote

       Name: Windows Gather mRemote Saved Password Extraction
     Module: post/windows/gather/credentials/mremote
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Rob Fuller

  This module extracts saved passwords from mRemote. mRemote stores 
  connections for RDP, VNC, SSH, Telnet, rlogin and other protocols. 
  It saves the passwords in an encrypted format. The module will 
  extract the connection info and decrypt the saved passwords.

resource (display/show_post.rc)> info windows/gather/credentials/nimbuzz

       Name: Windows Gather Nimbuzz Instant Messenger Password Extractor
     Module: post/windows/gather/credentials/nimbuzz
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  SecurityXploded Team

  This module extracts the account passwords saved by Nimbuzz Instant 
  Messenger in hex format.

resource (display/show_post.rc)> info windows/gather/credentials/outlook

       Name: Windows Gather Microsoft Outlook Saved Password Extraction
     Module: post/windows/gather/credentials/outlook
    Version: 14835
   Platform: Windows
       Rank: Normal

Provided by:
  Justin Cacak

  This module extracts and attempts to decrypt saved Microsoft Outlook 
  (versions 2002-2010) passwords from the Windows Registry for 
  POP3/IMAP/SMTP/HTTP accounts. In order for decryption to be 
  successful, this module must be executed with the same privileges as 
  the user which originally encrypted the password.

resource (display/show_post.rc)> info windows/gather/credentials/razorsql

       Name: Windows Gather RazorSQL Credentials
     Module: post/windows/gather/credentials/razorsql
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:
  Paul Rascagneres

  This module stores username, password, type, host, port, database 
  (and name) collected from profiles.txt of RazorSQL.

resource (display/show_post.rc)> info windows/gather/credentials/smartftp

       Name: Windows Gather SmartFTP Saved Password Extraction
     Module: post/windows/gather/credentials/smartftp
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module finds saved login credentials for the SmartFTP FTP 
  client for windows. It finds the saved passwords and decrypts them.

resource (display/show_post.rc)> info windows/gather/credentials/total_commander

       Name: Windows Gather Total Commander Saved Password Extraction
     Module: post/windows/gather/credentials/total_commander
    Version: 14789
   Platform: Windows
       Rank: Normal

Provided by:

  This module extracts weakly encrypted saved FTP Passwords from Total 
  Commander. It finds saved FTP connections in the wcx_ftp.ini file.

resource (display/show_post.rc)> info windows/gather/credentials/trillian

       Name: Windows Gather Trillian Password Extractor
     Module: post/windows/gather/credentials/trillian
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  SecurityXploded Team

  This module extracts account password from Trillian & Trillian Astra 
  v4.x-5.x instant messenger.

resource (display/show_post.rc)> info windows/gather/credentials/vnc

       Name: Windows Gather VNC Password Extraction
     Module: post/windows/gather/credentials/vnc
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Kurt Grutzmacher
  Rob Fuller

  This module extract DES encrypted passwords in known VNC locations

resource (display/show_post.rc)> info windows/gather/credentials/windows_autologin

       Name: Windows Gather AutoLogin User Credential Extractor
     Module: post/windows/gather/credentials/windows_autologin
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Myo Soe

  This module extracts the plain-text Windows user login password in 
  Registry. It exploits a Windows feature that Windows (2000 to 2008 
  R2) allows a user or third-party Windows Utility tools to configure 
  User AutoLogin via plain-text password insertion in 
  (Alt)DefaultPassword field in the registry location - 
  HKLM\Software\Microsoft\Windows NT\WinLogon. This is readable by all 


resource (display/show_post.rc)> info windows/gather/credentials/winscp

       Name: Windows Gather WinSCP Saved Password Extraction
     Module: post/windows/gather/credentials/winscp
    Version: 15349
   Platform: Windows
       Rank: Normal

Provided by:

  This module extracts weakly encrypted saved passwords from WinSCP. 
  It searches for saved sessions in the Windows Registry and the 
  WinSCP.ini file. It cannot decrypt passwords if a master password is 

resource (display/show_post.rc)> info windows/gather/credentials/wsftp_client

       Name: Windows Gather WS_FTP Saved Password Extraction
     Module: post/windows/gather/credentials/wsftp_client
    Version: 14789
   Platform: Windows
       Rank: Normal

Provided by:

  This module extracts weakly encrypted saved FTP Passwords from 
  WS_FTP. It finds saved FTP connections in the ws_ftp.ini file.

resource (display/show_post.rc)> info windows/gather/dumplinks

       Name: Windows Gather Dump Recent Files lnk Info
     Module: post/windows/gather/dumplinks
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  The dumplinks module is a modified port of Harlan Carvey's 
  Perl script. This module will parse .lnk files from a user's Recent 
  Documents folder and Microsoft Office's Recent Documents folder, if 
  present. Windows creates these link files automatically for many 
  common file types. The .lnk files contain time stamps, file 
  locations, including share names, volume serial numbers, and more.

resource (display/show_post.rc)> info windows/gather/enum_applications

       Name: Windows Gather Installed Application Enumeration
     Module: post/windows/gather/enum_applications
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will enumerate all installed applications

resource (display/show_post.rc)> info windows/gather/enum_artifacts

       Name: Windows Gather File and Registry Artifacts Enumeration
     Module: post/windows/gather/enum_artifacts
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:

  This module will check the file system and registry for particular 
  artifacts. The list of artifacts is read from 
  data/post/enum_artifacts_list.txt or a user specified file. Any 
  matches are written to the loot.

resource (display/show_post.rc)> info windows/gather/enum_chrome

       Name: Windows Gather Google Chrome User Data Enumeration
     Module: post/windows/gather/enum_chrome
    Version: 14837
   Platform: Windows
       Rank: Normal

Provided by:
  Sven Taute

  This module will collect user data from Google Chrome and attempt to 
  decrypt sensitive information.

resource (display/show_post.rc)> info windows/gather/enum_computers

       Name: Windows Gather Enumerate Computers
     Module: post/windows/gather/enum_computers
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:
  Joshua Abraham

  This module will enumerate computers included in the primary Domain.

resource (display/show_post.rc)> info windows/gather/enum_devices

       Name: Windows Gather Hardware Enumeration
     Module: post/windows/gather/enum_devices
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Brandon Perry

  Enumerate PCI hardware information from the registry. Please note 
  this script will run through registry subkeys such as: 'PCI', 
  'ACPI', 'ACPI_HAL', 'FDC', 'HID', 'HTREE', 'IDE', 'ISAPNP', 
  it will take time to finish. It is recommended to run this module as 
  a background job.

resource (display/show_post.rc)> info windows/gather/enum_dirperms

       Name: Windows Gather Directory Permissions Enumeration
     Module: post/windows/gather/enum_dirperms
    Version: 15228
   Platform: Windows
       Rank: Normal

Provided by:

  This module enumerates directories and lists the permissions set on 
  found directories.

resource (display/show_post.rc)> info windows/gather/enum_domain

       Name: Windows Gather Enumerate Domain
     Module: post/windows/gather/enum_domain
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Joshua Abraham

  This module identifies the primary domain via the registry. The 
  registry value used is: 

resource (display/show_post.rc)> info windows/gather/enum_domain_group_users

       Name: Windows Gather Enumerate Domain Group
     Module: post/windows/gather/enum_domain_group_users
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez
  Stephen Haywood

  This module extracts user accounts from specified group and stores 
  the results in the loot. It will also verify if session account is 
  in the group. Data is stored in loot in a format that is compatible 
  with the token_hunter plugin. This module should be run over as 
  session with domain credentials.

resource (display/show_post.rc)> info windows/gather/enum_domain_tokens

       Name: Windows Gather Enumerate Domain Tokens
     Module: post/windows/gather/enum_domain_tokens
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will enumerate tokens present on a system that are part 
  of the domain the target host is part of, will also enumerate users 
  in the local Administrators, Users and Backup Operator groups to 
  identify Domain members. Processes will be also enumerated and 
  checked if they are running under a Domain account, on all checks 
  the accounts, processes and tokens will be checked if they are part 
  of the Domain Admin group of the domain the machine is a member of.

resource (display/show_post.rc)> info windows/gather/enum_domains

       Name: Windows Gather Domain Enumeration
     Module: post/windows/gather/enum_domains
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:
  Rob Fuller

  This module enumerates currently the domains a host can see and the 
  domain controllers for that domain.

resource (display/show_post.rc)> info windows/gather/enum_hostfile

       Name: Windows Gather Windows Host File Enumeration
     Module: post/windows/gather/enum_hostfile
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module returns a list of entries in the target system's hosts 

resource (display/show_post.rc)> info windows/gather/enum_ie

       Name: Windows Gather Internet Explorer User Data Enumeration
     Module: post/windows/gather/enum_ie
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:

  This module will collect history, cookies, and credentials (from 
  either HTTP auth passwords, or saved form passwords found in 
  auto-complete) in Internet Explorer. The ability to gather 
  credentials is only supported for versions of IE >=7, while history 
  and cookies can be extracted for all versions.

resource (display/show_post.rc)> info windows/gather/enum_logged_on_users

       Name: Windows Gather Logged On User Enumeration (Registry)
     Module: post/windows/gather/enum_logged_on_users
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will enumerate current and recently logged on Windows 

resource (display/show_post.rc)> info windows/gather/enum_ms_product_keys

       Name: Windows Gather Product Key
     Module: post/windows/gather/enum_ms_product_keys
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Brandon Perry

  This module will enumerate the OS license key

resource (display/show_post.rc)> info windows/gather/enum_powershell_env

       Name: Windows Gather Powershell Environment Setting Enumeration
     Module: post/windows/gather/enum_powershell_env
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will enumerate Microsoft Powershell settings

resource (display/show_post.rc)> info windows/gather/enum_services

       Name: Windows Gather Service Info Enumeration
     Module: post/windows/gather/enum_services
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Keith Faber

  This module will query the system for services and display name and 
  configuration info for each returned service. It allows you to 
  optionally search the credentials, path, or start type for a string 
  and only return the results that match. These query operations are 
  cumulative and if no query strings are specified, it just returns 
  all services. NOTE: If the script hangs, windows firewall is most 
  likely on and you did not migrate to a safe process (explorer.exe 
  for example).

resource (display/show_post.rc)> info windows/gather/enum_shares

       Name: Windows Gather SMB Share Enumeration via Registry
     Module: post/windows/gather/enum_shares
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will enumerate configured and recently used file shares

resource (display/show_post.rc)> info windows/gather/enum_snmp

       Name: Windows Gather SNMP Settings Enumeration (Registry)
     Module: post/windows/gather/enum_snmp
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will enumerate the SNMP service configuration

resource (display/show_post.rc)> info windows/gather/enum_termserv

       Name: Windows Gather Terminal Server Client Connection Information Dumper
     Module: post/windows/gather/enum_termserv
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Rob Fuller

  This module dumps MRU and connection data for RDP sessions

resource (display/show_post.rc)> info windows/gather/enum_tokens

       Name: Windows Gather Enumerate Domain Admin Tokens (Token Hunter)
     Module: post/windows/gather/enum_tokens
    Version: 14822
   Platform: Windows
       Rank: Normal

Provided by:
  Joshua Abraham

  This module will identify systems that have a Domain Admin 
  (delegation) token on them. The module will first check if 
  sufficient privileges are present for certain actions, and run 
  getprivs for system. If you elevated privs to system, the 
  SeAssignPrimaryTokenPrivilege will not be assigned, in that case try 
  migrating to another process that is running as system. If no 
  sufficient privileges are available, the script will not continue.

resource (display/show_post.rc)> info windows/gather/forensics/duqu_check

       Name: Windows Gather Forensics Duqu Registry Check
     Module: post/windows/gather/forensics/duqu_check
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:
  Marcus J. Carey

  This module searches for CVE-2011-3402 (Duqu) related registry 


resource (display/show_post.rc)> info windows/gather/forensics/enum_drives

       Name: Windows Gather Physical Drives and Logical Volumes
     Module: post/windows/gather/forensics/enum_drives
    Version: 14287
   Platform: Windows
       Rank: Normal

Provided by:
  Wesley McGrew

  This module will list physical drives and logical volumes

resource (display/show_post.rc)> info windows/gather/forensics/imager

       Name: Windows Gather Forensic Imaging
     Module: post/windows/gather/forensics/imager
    Version: 14287
   Platform: Windows
       Rank: Normal

Provided by:
  Wesley McGrew

  This module will perform byte-for-byte imaging of remote disks and 

resource (display/show_post.rc)> info windows/gather/forensics/nbd_server

       Name: Windows Gather Local NBD Server
     Module: post/windows/gather/forensics/nbd_server
    Version: 14287
   Platform: Windows
       Rank: Normal

Provided by:
  Wesley McGrew

  Maps remote disks and logical volumes to a local Network Block 
  Device server. Allows for forensic tools to be executed on the 
  remote disk directly.

resource (display/show_post.rc)> info windows/gather/hashdump

       Name: Windows Gather Local User Account Password Hashes (Registry)
     Module: post/windows/gather/hashdump
    Version: 15268
   Platform: Windows
       Rank: Normal

Provided by:

  This module will dump the local user accounts from the SAM database 
  using the registry

resource (display/show_post.rc)> info windows/gather/memory_grep

       Name: Windows Gather Process Memory Grep
     Module: post/windows/gather/memory_grep
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module allows for searching the memory space of a proccess for 
  potentially sensitive data.

resource (display/show_post.rc)> info windows/gather/resolve_sid

       Name: Windows Gather Local User Account SID Lookup
     Module: post/windows/gather/resolve_sid
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module prints information about a given SID from the 
  perspective of this session

resource (display/show_post.rc)> info windows/gather/reverse_lookup

       Name: Windows Gather IP Range Reverse Lookup
     Module: post/windows/gather/reverse_lookup
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module uses Railgun, calling the gethostbyaddr function to 
  resolve a hostname to an IP.

resource (display/show_post.rc)> info windows/gather/screen_spy

       Name: Windows Gather Screen Spy
     Module: post/windows/gather/screen_spy
    Version: 14822
   Platform: Windows
       Rank: Normal

Provided by:
  Roni Bachar
  Adrian Kubok

  This module will incrementally take screenshots of the meterpreter 
  host. This allows for screen spying which can be useful to determine 
  if there is an active user on a machine, or to record the screen for 
  later data extraction.

resource (display/show_post.rc)> info windows/gather/smart_hashdump

       Name: Windows Gather Local and Domain Controller Account Password Hashes
     Module: post/windows/gather/smart_hashdump
    Version: 14822
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This will dump local accounts from the SAM Database. If the target 
  host is a Domain Controller, it will dump the Domain Account 
  Database using the proper technique depending on privilege level, OS 
  and role of the host.

resource (display/show_post.rc)> info windows/gather/usb_history

       Name: Windows Gather USB Drive History
     Module: post/windows/gather/usb_history
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module will enumerate USB Drive history on a target host.

resource (display/show_post.rc)> info windows/gather/win_privs

       Name: Windows Gather Privileges Enumeration
     Module: post/windows/gather/win_privs
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:
  Merlyn Cousins

  This module will print if UAC is enabled, and if the current account 
  is ADMIN enabled. It will also print UID, foreground SESSION ID, is 
  SYSTEM status and current process PRIVILEGES.

resource (display/show_post.rc)> info windows/gather/wmic_command

       Name: Windows Gather Run Specified WMIC command
     Module: post/windows/gather/wmic_command
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will execute a given WMIC command options or read WMIC 
  commands options from a resource file and execute the commands in 
  the specified Meterpreter session.

resource (display/show_post.rc)> info windows/manage/add_user_domain

       Name: Windows Manage Add User to the Domain and/or to a Domain Group
     Module: post/windows/manage/add_user_domain
    Version: 14822
   Platform: Windows
       Rank: Normal

Provided by:
  Joshua Abraham

  This module adds a user to the Domain and/or to a Domain group. It 
  will check if sufficient privileges are present for certain actions 
  and run getprivs for system. If you elevated privs to system,the 
  SeAssignPrimaryTokenPrivilege will not be assigned. You need to 
  migrate to a process that is running as system. If you don't have 
  privs, this script exits.

resource (display/show_post.rc)> info windows/manage/autoroute

       Name: Windows Manage Network Route via Meterpreter Session
     Module: post/windows/manage/autoroute
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module manages session routing via an existing Meterpreter 
  session. It enables other modules to 'pivot' through a compromised 
  host when connecting to the named NETWORK and SUBMASK.

resource (display/show_post.rc)> info windows/manage/delete_user

       Name: Windows Manage Local User Account Deletion
     Module: post/windows/manage/delete_user
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module deletes a local user account from the specified server, 
  or the local machine if no server is given.

resource (display/show_post.rc)> info windows/manage/download_exec

       Name: Windows Manage Download and/or Execute
     Module: post/windows/manage/download_exec
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:

  This module will download a file by importing urlmon via railgun. 
  The user may also choose to execute the file with arguments via 

resource (display/show_post.rc)> info windows/manage/enable_rdp

       Name: Windows Manage Enable Remote Desktop
     Module: post/windows/manage/enable_rdp
    Version: 15406
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module enables the Remote Desktop Service (RDP). It provides 
  the options to create an account and configure it to be a member of 
  the Local Administrators and Remote Desktop Users group. It can also 
  forward the target's port 3389/tcp.

resource (display/show_post.rc)> info windows/manage/inject_ca

       Name: Windows Manage Certificate Authority Injection
     Module: post/windows/manage/inject_ca
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module allows the attacker to insert an arbitrary CA 
  certificate into the victim's Trusted Root store.

resource (display/show_post.rc)> info windows/manage/inject_host

       Name: Windows Manage Hosts File Injection
     Module: post/windows/manage/inject_host
    Version: 15175
   Platform: Windows
       Rank: Normal

Provided by:

  This module allows the attacker to insert a new entry into the 
  target system's hosts file.

resource (display/show_post.rc)> info windows/manage/migrate

       Name: Windows Manage Process Migration
     Module: post/windows/manage/migrate
    Version: 15191
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will migrate a Meterpreter session from one process to 
  another. A given process PID to migrate to or the module can spawn 
  one and migrate to that newly spawned process.

resource (display/show_post.rc)> info windows/manage/multi_meterpreter_inject

       Name: Windows Manage Inject in Memory Multiple Payloads
     Module: post/windows/manage/multi_meterpreter_inject
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will inject in to several process a given payload and 
  connecting to a given list of IP Addresses. The module works with a 
  given lists of IP Addresses and process PIDs if no PID is given it 
  will start a the given process in the advanced options and inject 
  the selected payload in to the memory of the created module.

resource (display/show_post.rc)> info windows/manage/nbd_server

       Name: Windows Manage Local NBD Server for Remote Disks
     Module: post/windows/manage/nbd_server
    Version: 14976
   Platform: Windows
       Rank: Normal

Provided by:
  Wesley McGrew

  Maps remote disks and logical volumes to a local Network Block 
  Device server. Allows for forensic tools to be executed on the 
  remote disk directly.

resource (display/show_post.rc)> info windows/manage/payload_inject

       Name: Windows Manage Memory Payload Injection Module
     Module: post/windows/manage/payload_inject
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez

  This module will inject into the memory of a process a specified 
  windows payload. If a payload or process is not provided one will be 
  created by default using a reverse x86 TCP Meterpreter Payload.

resource (display/show_post.rc)> info windows/manage/persistence

       Name: Windows Manage Persistent Payload Installer
     Module: post/windows/manage/persistence
    Version: 15394
   Platform: Windows
       Rank: Normal

Provided by:
  Carlos Perez
  Merlyn drforbin Cousins

  This Module will create a boot persistent reverse Meterpreter 
  session by installing on the target host the payload as a script 
  that will be executed at user logon or system startup depending on 
  privilege and selected startup method. REXE mode will transfer a 
  binary of your choosing to remote host to be used as a payload.

resource (display/show_post.rc)> info windows/manage/powershell/exec_powershell

       Name: Windows Manage PowerShell Download and/or Execute
     Module: post/windows/manage/powershell/exec_powershell
    Version: $Revision$
   Platform: Windows
       Rank: Normal

Provided by:
  Nicholas Nam (nick

  This module will download and execute a PowerShell script over a 
  meterpreter session. The user may also enter text substitutions to 
  be made in memory before execution. Setting VERBOSE to true will 
  output both the script prior to execution and the results.

resource (display/show_post.rc)> info windows/manage/pxexploit

       Name: Windows Manage PXE Exploit Server
     Module: post/windows/manage/pxexploit
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module provides a PXE server, running a DHCP and TFTP server. 
  The default configuration loads a linux kernel and initrd into 
  memory that reads the hard drive; placing a payload to install 
  metsvc, disable the firewall, and add a new user metasploit on any 
  Windows partition seen, and add a uid 0 user with username and 
  password metasploit to any linux partition seen. The windows user 
  will have the password p@SSw0rd!123456 (in case of complexity 
  requirements) and will be added to the administrators group. See 
  exploit/windows/misc/pxesploit for a version to deliver a specific 
  payload. Note: the displayed IP address of a target is the address 
  this DHCP server handed out, not the "normal" IP address the host 

resource (display/show_post.rc)> info windows/manage/remove_ca

       Name: Windows Certificate Authority Removal
     Module: post/windows/manage/remove_ca
    Version: 15175
   Platform: Windows
       Rank: Normal

Provided by:

  This module allows the attacker to remove an arbitrary CA 
  certificate from the victim's Trusted Root store.

resource (display/show_post.rc)> info windows/manage/remove_host

       Name: Windows Manage Host File Entry Removal
     Module: post/windows/manage/remove_host
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module allows the attacker to remove an entry from the Windows 
  hosts file.

resource (display/show_post.rc)> info windows/manage/run_as

       Name: Windows Manage Run Command As User
     Module: post/windows/manage/run_as
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:

  This module will login with the specified username/password and 
  execute the supplied command as a hidden process. Output is not 
  returned by default, by setting CMDOUT to false output will be 
  redirected to a temp file and read back in to display.By setting 
  advanced option SETPASS to true, it will reset the users password 
  and then execute the command.

resource (display/show_post.rc)> info windows/manage/vss_create

       Name: Windows Manage Create Shadow Copy
     Module: post/windows/manage/vss_create
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:

  This module will attempt to create a new volume shadow copy. This is 
  based on the VSSOwn Script originally posted by Tim Tomes and Mark 
  Baggett. Works on win2k3 and later.


resource (display/show_post.rc)> info windows/manage/vss_list

       Name: Windows Manage List Shadow Copies
     Module: post/windows/manage/vss_list
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:

  This module will attempt to list any Volume Shadow Copies on the 
  system. This is based on the VSSOwn Script originally posted by Tim 
  Tomes and Mark Baggett. Works on win2k3 and later.


resource (display/show_post.rc)> info windows/manage/vss_mount

       Name: Windows Manage Mount Shadow Copy
     Module: post/windows/manage/vss_mount
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:

  This module will attempt to mount a Volume Shadow Copy on the 
  system. This is based on the VSSOwn Script originally posted by Tim 
  Tomes and Mark Baggett. Works on win2k3 and later.


resource (display/show_post.rc)> info windows/manage/vss_set_storage

       Name: Windows Manage Set Shadow Copy Storage Space
     Module: post/windows/manage/vss_set_storage
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:

  This module will attempt to change the ammount of space for volume 
  shadow copy storage. This is based on the VSSOwn Script originally 
  posted by Tim Tomes and Mark Baggett. Works on win2k3 and later.


resource (display/show_post.rc)> info windows/manage/vss_storage

       Name: Windows Manage Get Shadow Copy Storage Info
     Module: post/windows/manage/vss_storage
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:

  This module will attempt to get volume shadow copy storage info. 
  This is based on the VSSOwn Script originally posted by Tim Tomes 
  and Mark Baggett. Works on win2k3 and later.


resource (display/show_post.rc)> info windows/recon/computer_browser_discovery

       Name: Windows Recon Computer Browser Discovery
     Module: post/windows/recon/computer_browser_discovery
    Version: 14774
   Platform: Windows
       Rank: Normal

Provided by:
  Rob Fuller

  This module uses railgun to discover hostnames and IPs on the 
  network. LTYPE should be set to one of the following values: WK (all 
  workstations), SVR (all servers), SQL (all SQL servers), DC (all 
  Domain Controllers), DCBKUP (all Domain Backup Servers), NOVELL (all 
  Novell servers), PRINTSVR (all Print Que servers), MASTERBROWSER 
  (all Master Browswers), WINDOWS (all Windows hosts), or UNIX (all 
  Unix hosts).

resource (display/show_post.rc)> info windows/recon/resolve_hostname

       Name: Windows Recon Resolve Hostname
     Module: post/windows/recon/resolve_hostname
    Version: 0
   Platform: Windows
       Rank: Normal

Provided by:
  Rob Fuller

  This module resolves a hostname to IP address via the victim, 
  similiar to the Unix dig command

resource (display/show_post.rc)> info windows/wlan/wlan_bss_list

       Name: Windows Gather Wireless BSS Info
     Module: post/windows/wlan/wlan_bss_list
    Version: $Revision$
   Platform: Windows
       Rank: Normal

Provided by:

  This module gathers information about the wireless Basic Service 
  Sets available to the victim machine.

resource (display/show_post.rc)> info windows/wlan/wlan_current_connection

       Name: Windows Gather Wireless Current Connection Info
     Module: post/windows/wlan/wlan_current_connection
    Version: $Revision$
   Platform: Windows
       Rank: Normal

Provided by:

  This module gathers information about the current connection on each 
  wireless lan interface on the target machine.

resource (display/show_post.rc)> info windows/wlan/wlan_disconnect

       Name: Windows Disconnect Wireless Connection
     Module: post/windows/wlan/wlan_disconnect
    Version: $Revision$
   Platform: Windows
       Rank: Normal

Provided by:

  This module disconnects the current wireless network connection on 
  the specified interface.

resource (display/show_post.rc)> info windows/wlan/wlan_profile

       Name: Windows Gather Wireless Profile
     Module: post/windows/wlan/wlan_profile
    Version: $Revision$
   Platform: Windows
       Rank: Normal

Provided by:

  This module extracts saved Wireless LAN profiles. It will also try 
  to decrypt the network key material. Behaviour is slightly different 
  bewteen OS versions when it comes to WPA. In Windows Vista/7 we will 
  get the passphrase. In Windows XP we will get the PBKDF2 derived 

resource (display/show_post.rc)> exit
