infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'rapid7' into bug/rm7037-hash-iteration

bug/bundler_fix
James Lee 2012-11-07 19:27:11 -06:00
parent 26a145e527 8a4fb07a0c
commit 2ebe2fa08e
5 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/msf/core/exploit/realport.rb
View File

@ -133,7 +133,7 @@ module Exploit::Remote::RealPort
banner banner
end end
def realport_send(port=0, data) def realport_send(port=0, data="")
sock.put( [port].pack("C") + data ) sock.put( [port].pack("C") + data )
end end

8
lib/msf/core/exploit/winrm.rb
View File

@ -323,6 +323,12 @@ module Exploit::Remote::WinRM
end end
end end
def wmi_namespace
return datastore['NAMESPACE'] if datastore['NAMESPACE']
return @namespace_override if @namespace_override
return "/root/cimv2/"
end
private private
@ -433,7 +439,7 @@ module Exploit::Remote::WinRM
def winrm_uri_action(type) def winrm_uri_action(type)
case type case type
when "wql" when "wql"
return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/*</w:ResourceURI> return %Q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi#{wmi_namespace}*</w:ResourceURI>
<a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action>} <a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action>}
when "create_shell" when "create_shell"
return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI> return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>

3
modules/auxiliary/scanner/winrm/winrm_wql.rb
View File

@ -40,7 +40,8 @@ class Metasploit3 < Msf::Auxiliary
[ [
OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]), OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]),
OptString.new('USERNAME', [ true, "The username to authenticate as"]), OptString.new('USERNAME', [ true, "The username to authenticate as"]),
OptString.new('PASSWORD', [ true, "The password to authenticate with"]) OptString.new('PASSWORD', [ true, "The password to authenticate with"]),
OptString.new('NAMESPACE', [true, 'The WMI namespace to use for queries', '/root/cimv2/'])
], self.class) ], self.class)
end end

2
modules/exploits/windows/winrm/winrm_script_exec.rb
View File

@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'WinRM VBS Remote Code Execution', 'Name' => 'WinRM Script Exec Remote Code Execution',
'Description' => %q{ 'Description' => %q{
This module uses valid credentials to login to the WinRM service This module uses valid credentials to login to the WinRM service
and execute a payload. It has two available methods for payload and execute a payload. It has two available methods for payload

2
modules/post/windows/manage/smart_migrate.rb
View File

@ -16,7 +16,7 @@ class Metasploit3 < Msf::Post
def initialize(info={}) def initialize(info={})
super( update_info( info, super( update_info( info,
'Name' => 'Windows Manage Process Migration', 'Name' => 'Windows Manage Smart Process Migration',
'Description' => %q{ This module will migrate a Meterpreter session. 'Description' => %q{ This module will migrate a Meterpreter session.
It will first attempt to migrate to winlogon.exe . If that fails it will It will first attempt to migrate to winlogon.exe . If that fails it will
then look at all of the explorer.exe processes. If there is one that exists then look at all of the explorer.exe processes. If there is one that exists