Merge remote-tracking branch 'upstream/master' into bypassuac_redo

Conflicts:
	lib/msf/core/post/windows/priv.rb
	modules/exploits/windows/local/bypassuac.rb
bug/bundler_fix
Meatballs 2013-10-23 21:02:32 +01:00
commit e6a2a1006f
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
2378 changed files with 7510 additions and 10143 deletions

2
.rspec
View File

@ -1,2 +1,2 @@
--color
--format documentation
--format Fivemat

View File

@ -40,6 +40,8 @@ group :development, :test do
# Version 4.1.0 or newer is needed to support generate calls without the
# 'FactoryGirl.' in factory definitions syntax.
gem 'factory_girl', '>= 4.1.0'
# Make rspec output shorter and more useful
gem 'fivemat', '1.2.1'
# running documentation generation tasks and rspec tasks
gem 'rake', '>= 10.0.0'
end

View File

@ -18,6 +18,7 @@ GEM
diff-lcs (1.2.4)
factory_girl (4.2.0)
activesupport (>= 3.0.0)
fivemat (1.2.1)
i18n (0.6.5)
json (1.8.0)
metasploit_data_models (0.16.6)
@ -62,6 +63,7 @@ DEPENDENCIES
activesupport (>= 3.0.0)
database_cleaner
factory_girl (>= 4.1.0)
fivemat (= 1.2.1)
json
metasploit_data_models (~> 0.16.6)
msgpack

Binary file not shown.

Binary file not shown.

View File

@ -1,13 +0,0 @@
K 10
ascii_cert
V 1844
MIIFYzCCBEugAwIBAgIHBHTfnZklJzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5NjkyODcwHhcNMTAwMzE2MTIwOTU5WhcNMTMwNDAxMjIwMjI0WjBVMRcwFQYDVQQKEw5tZXRhc3Bsb2l0LmNvbTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRcwFQYDVQQDEw5tZXRhc3Bsb2l0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+V3Vs8M+48CofjzH5KE3MA1CmfXhz2vweW3x27TKhZBxbLLxVOpnbFTxfc6gD1NmcRfBRyRuGNclkwnkfQZ4YbkXIJWCjov0OZNfYTNOQbDtdZPK9q94h9wHUQOkpXl1k+Xe8+gVqLilqcS1ikISUQVsKBYa18FaT/PyFEv00ZsewtehL6C9oXCm81HH2S/HBu+CW1TJ3X5Loivs24aR65dzsKFhG2tnzUxox0Rg2ixPUue8xAoTGquujmy/0aa6yeT1kswFTLncTL/GLxQggtah9ul50pYQWRLuTNOIYsjSS32zPs1ZOTN8RkDrdCmEWPUxrzgmUmNQzKDvHjVp8CAwEAAaOCAcAwggG8MA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtMTUuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u6FX5q653aZaMznMC0GA1UdEQQmMCSCDm1ldGFzcGxvaXQuY29tghJ3d3cubWV0YXNwbG9pdC5jb20wHQYDVR0OBBYEFDkiSjDeC0NDm2ioUVerYRuLWtbyMA0GCSqGSIb3DQEBBQUAA4IBAQAgATMjfkj0zvvpTWSxVLUjtMTsei+lC8v79mTqM/+3DWZZj8Tc6xUyhxNreAW137WKiJxQSEnrdMzVxozp99iL4RYH1tVTukXV4XVkRbFrtAw7dCYV6dYbp4Ru4dy97CUBceUDCXQpC3t6CNU66RIg6UAa6MV7DmJrEUhNSAB5LqsY3oyhFcV5jT0QYGMC0XuUylzNBW4AWCnlMDysJhSJ75RHa9e76S6g8m4TWT3b02LCdunzcl1kq4cmH6xPr5X3U8CkV6YGBTQhltuNQMM5OBxga1lfCFa81hSSa3300f8YBhwMatloUgu5gzQh/o3nFDJL6CDh6/fCqZyI32r+
K 8
failures
V 1
8
K 15
svn:realmstring
V 26
https://metasploit.com:443
END

View File

@ -1,13 +0,0 @@
K 10
ascii_cert
V 1844
MIIFYzCCBEugAwIBAgIHBHTfnZklJzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5NjkyODcwHhcNMTAwMzE2MTIwOTU5WhcNMTMwNDAxMjIwMjI0WjBVMRcwFQYDVQQKEw5tZXRhc3Bsb2l0LmNvbTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRcwFQYDVQQDEw5tZXRhc3Bsb2l0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+V3Vs8M+48CofjzH5KE3MA1CmfXhz2vweW3x27TKhZBxbLLxVOpnbFTxfc6gD1NmcRfBRyRuGNclkwnkfQZ4YbkXIJWCjov0OZNfYTNOQbDtdZPK9q94h9wHUQOkpXl1k+Xe8+gVqLilqcS1ikISUQVsKBYa18FaT/PyFEv00ZsewtehL6C9oXCm81HH2S/HBu+CW1TJ3X5Loivs24aR65dzsKFhG2tnzUxox0Rg2ixPUue8xAoTGquujmy/0aa6yeT1kswFTLncTL/GLxQggtah9ul50pYQWRLuTNOIYsjSS32zPs1ZOTN8RkDrdCmEWPUxrzgmUmNQzKDvHjVp8CAwEAAaOCAcAwggG8MA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtMTUuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u6FX5q653aZaMznMC0GA1UdEQQmMCSCDm1ldGFzcGxvaXQuY29tghJ3d3cubWV0YXNwbG9pdC5jb20wHQYDVR0OBBYEFDkiSjDeC0NDm2ioUVerYRuLWtbyMA0GCSqGSIb3DQEBBQUAA4IBAQAgATMjfkj0zvvpTWSxVLUjtMTsei+lC8v79mTqM/+3DWZZj8Tc6xUyhxNreAW137WKiJxQSEnrdMzVxozp99iL4RYH1tVTukXV4XVkRbFrtAw7dCYV6dYbp4Ru4dy97CUBceUDCXQpC3t6CNU66RIg6UAa6MV7DmJrEUhNSAB5LqsY3oyhFcV5jT0QYGMC0XuUylzNBW4AWCnlMDysJhSJ75RHa9e76S6g8m4TWT3b02LCdunzcl1kq4cmH6xPr5X3U8CkV6YGBTQhltuNQMM5OBxga1lfCFa81hSSa3300f8YBhwMatloUgu5gzQh/o3nFDJL6CDh6/fCqZyI32r+
K 8
failures
V 1
8
K 15
svn:realmstring
V 30
https://www.metasploit.com:443
END

View File

@ -92,6 +92,7 @@ root
router
rw
rwa
s!a@m#n$p%c
san-fran
sanfran
scotty

View File

@ -32,7 +32,7 @@ module Auxiliary::JohnTheRipper
)
@run_path = nil
@john_path = ::File.join(Msf::Config.install_root, "data", "john")
@john_path = ::File.join(Msf::Config.data_directory, "john")
autodetect_platform
end

View File

@ -23,7 +23,7 @@ module Auxiliary::MimeTypes
end
def mime_load_extension_map
path = File.join( Msf::Config.install_root, "data", "mime.yml")
path = File.join( Msf::Config.data_directory, "mime.yml")
@extension_map = YAML.load_file(path)
end

View File

@ -41,6 +41,7 @@ require 'rex/parser/nexpose_simple_nokogiri'
require 'rex/parser/nmap_nokogiri'
require 'rex/parser/openvas_nokogiri'
require 'rex/parser/wapiti_nokogiri'
require 'rex/parser/outpost24_nokogiri'
# Legacy XML parsers -- these will be converted some day
require 'rex/parser/ip360_aspl_xml'
@ -2926,7 +2927,7 @@ class DBManager
# Returns one of: :nexpose_simplexml :nexpose_rawxml :nmap_xml :openvas_xml
# :nessus_xml :nessus_xml_v2 :qualys_scan_xml, :qualys_asset_xml, :msf_xml :nessus_nbe :amap_mlog
# :amap_log :ip_list, :msf_zip, :libpcap, :foundstone_xml, :acunetix_xml, :appscan_xml
# :burp_session, :ip360_xml_v3, :ip360_aspl_xml, :nikto_xml
# :burp_session, :ip360_xml_v3, :ip360_aspl_xml, :nikto_xml, :outpost24_xml
# If there is no match, an error is raised instead.
def import_filetype_detect(data)
@ -3059,6 +3060,9 @@ class DBManager
@import_filedata[:type] = "CI"
return :ci_xml
end
when "main"
@import_filedata[:type] = "Outpost24 XML"
return :outpost24_xml
else
# Give up if we haven't hit the root tag in the first few lines
break if line_count > 10
@ -3649,7 +3653,7 @@ class DBManager
data = ::File.open(args[:filename], "rb") {|f| f.read(f.stat.size)}
wspace = args[:wspace] || args['wspace'] || workspace
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
basedir = args[:basedir] || args['basedir'] || ::File.join(Msf::Config.install_root, "data", "msf")
basedir = args[:basedir] || args['basedir'] || ::File.join(Msf::Config.data_directory, "msf")
allow_yaml = false
btag = nil
@ -5923,6 +5927,36 @@ class DBManager
parser.parse(args[:data])
end
def import_outpost24_xml(args={}, &block)
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
wspace = args[:wspace] || workspace
if Rex::Parser.nokogiri_loaded
parser = "Nokogiri v#{::Nokogiri::VERSION}"
noko_args = args.dup
noko_args[:blacklist] = bl
noko_args[:wspace] = wspace
if block
yield(:parser, parser)
import_outpost24_noko_stream(noko_args) {|type, data| yield type,data}
else
import_outpost24_noko_stream(noko_args)
end
return true
else # Sorry
raise DBImportError.new("Could not import due to missing Nokogiri parser. Try 'gem install nokogiri'.")
end
end
def import_outpost24_noko_stream(args={},&block)
if block
doc = Rex::Parser::Outpost24Document.new(args,framework.db) {|type, data| yield type,data }
else
doc = Rex::Parser::Outpost24Document.new(args,self)
end
parser = ::Nokogiri::XML::SAX::Parser.new(doc)
parser.parse(args[:data])
end
def unserialize_object(xml_elem, allow_yaml = false)
return nil unless xml_elem

View File

@ -19,7 +19,7 @@ module Exploit::CmdStagerDebugAsm
register_advanced_options(
[
OptString.new( 'DECODERSTUB', [ true, 'The debug.exe assembly listing decoder stub to use.',
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")]),
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "debug_asm")]),
], self.class)
end

View File

@ -19,7 +19,7 @@ module Exploit::CmdStagerDebugWrite
register_advanced_options(
[
OptString.new( 'DECODERSTUB', [ true, 'The debug.exe file-writing decoder stub to use.',
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")]),
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "debug_write")]),
], self.class)
end

View File

@ -19,7 +19,7 @@ module Exploit::CmdStagerVBS
register_advanced_options(
[
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")]),
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64")]),
], self.class)
end

View File

@ -19,7 +19,7 @@ module Exploit::CmdStagerVBS::ADODB
register_advanced_options(
[
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")]),
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_adodb")]),
], self.class)
end

View File

@ -47,19 +47,18 @@ module Exploit::FileDropper
false
end
else
cmds = [
win_cmds = [
%Q|attrib.exe -r "#{win_file}"|,
%Q|del.exe /f /q "#{win_file}"|,
%Q|rm -f "#{file}" >/dev/null|,
]
%Q|del.exe /f /q "#{win_file}"|
]
# We need to be platform-independent here. Since we can't be
# certain that {#target} is accurate because exploits with
# automatic targets frequently change it, we just go ahead and
# run both a windows and a unixy command in the same line. One
# of them will definitely fail and the other will probably
# succeed. Doing it this way saves us an extra round-trip.
session.shell_command_token(cmds.join(" ; "))
# Trick shared by @mihi42
session.shell_command_token("rm -f \"#{file}\" >/dev/null ; echo ' & #{win_cmds.join(" & ")} & echo \" ' >/dev/null")
print_good("Deleted #{file}")
true
end

View File

@ -4,6 +4,7 @@ require 'rex/exploitation/obfuscatejs'
require 'rex/exploitation/encryptjs'
require 'rex/exploitation/heaplib'
require 'rex/exploitation/javascriptosdetect'
require 'rex/exploitation/javascriptaddonsdetect'
module Msf

View File

@ -51,7 +51,7 @@ module Exploit::Java
# Instantiate the JVM with a classpath pointing to the JDK tools.jar
# and our javatoolkit jar.
classpath = File.join(Msf::Config.install_root, "data", "exploits", "msfJavaToolkit.jar")
classpath = File.join(Msf::Config.data_directory, "exploits", "msfJavaToolkit.jar")
classpath += ":" + toolsjar
classpath += ":" + datastore['ADDCLASSPATH'] if datastore['ADDCLASSPATH']

View File

@ -75,7 +75,7 @@ module Exploit::Remote::MSSQL
register_advanced_options(
[
OptPath.new('HEX2BINARY', [ false, "The path to the hex2binary script on the disk",
File.join(Msf::Config.install_root, "data", "exploits", "mssql", "h2b")
File.join(Msf::Config.data_directory, "exploits", "mssql", "h2b")
]),
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentication', 'WORKSTATION'])
], Msf::Exploit::Remote::MSSQL)

View File

@ -34,7 +34,7 @@ module Exploit::Remote::MSSQL_SQLI
register_advanced_options(
[
OptPath.new('HEX2BINARY', [ false, "The path to the hex2binary script on the disk",
File.join(Msf::Config.install_root, "data", "exploits", "mssql", "h2b")
File.join(Msf::Config.data_directory, "exploits", "mssql", "h2b")
])
], Msf::Exploit::Remote::MSSQL_SQLI)

View File

@ -150,7 +150,7 @@ module Exploit::Remote::MYSQL
def mysql_upload_sys_udf(arch=:win32,target_path=nil)
fname = (arch == :win32 ? "lib_mysqludf_sys_32.dll" : "lib_mysqludf_sys_64.dll")
sys_dll = File.join( Msf::Config.install_root, "data", "exploits", "mysql", fname )
sys_dll = File.join( Msf::Config.data_directory, "exploits", "mysql", fname )
data = File.open(sys_dll, "rb") {|f| f.read f.stat.size}
blob = "0x"
blob << data.unpack("C*").map {|x| "%02x" % [x]}.join

View File

@ -116,7 +116,7 @@ module Exploit::Powershell
ps_wrapper = <<EOS
$si = New-Object System.Diagnostics.ProcessStartInfo
$si.FileName = "#{ps_bin}"
$si.FileName = #{ps_bin}
$si.Arguments = '#{ps_args}'
$si.UseShellExecute = $false
$si.RedirectStandardOutput = $true
@ -146,11 +146,11 @@ EOS
psh_payload << "while(1){Start-Sleep -s #{sleep_time};#{fun_name};1};"
end
# Determine appropriate architecture
ps_bin = wow64 ? '$env:windir\syswow64\WindowsPowerShell\v1.0\powershell.exe' : 'powershell.exe'
ps_bin = wow64 ? '$env:windir+\'\syswow64\WindowsPowerShell\v1.0\powershell.exe\'' : '\'powershell.exe\''
# Wrap in hidden runtime
psh_payload = run_hidden_psh(psh_payload,ps_bin)
# Convert to base64 for -encodedcommand execution
command = "%COMSPEC% /B /C start powershell.exe -Command \"#{psh_payload.gsub("\n",';').gsub('"','\"')}\"\r\n"
command = "%COMSPEC% /B /C start powershell.exe -Command #{psh_payload.gsub("\n",';').gsub('"','\"')}\r\n"
end
#

View File

@ -150,7 +150,7 @@ module Exploit::Remote::SunRPC
end
def progresolv(number)
names = File.join(Msf::Config.install_root, "data", "wordlists", "rpc_names.txt")
names = File.join(Msf::Config.data_directory, "wordlists", "rpc_names.txt")
File.open(names, "rb").each_line do |line|
next if line.empty? || line =~ /^\s*#/

View File

@ -112,6 +112,8 @@ class Msf::Module::SiteReference < Msf::Module::Reference
self.site = 'http://www.kb.cert.org/vuls/id/' + in_ctx_val.to_s
elsif (in_ctx_id == 'BPS')
self.site = 'https://strikecenter.bpointsys.com/bps/advisory/BPS-' + in_ctx_val.to_s
elsif (in_ctx_id == 'ZDI')
self.site = 'http://www.zerodayinitiative.com/advisories/ZDI-' + in_ctx_val.to_s
elsif (in_ctx_id == 'URL')
self.site = in_ctx_val.to_s
else

View File

@ -1,25 +1,30 @@
# -*- coding: binary -*-
require 'msf/core/post/windows/accounts'
require 'msf/core/post/windows/registry'
module Msf::Post::Windows::Priv
include ::Msf::Post::Windows::Accounts
include Msf::Post::Windows::Registry
LowIntegrityLevel = 'S-1-16-4096'
MediumIntegrityLevel = 'S-1-16-8192'
HighIntegrityLevel = 'S-1-16-12288'
SystemIntegrityLevel = 'S-1-16-16384'
INTEGRITY_LEVEL_SID = {
:low => 'S-1-16-4096',
:medium => 'S-1-16-8192',
:high => 'S-1-16-12288',
:system => 'S-1-16-16384'
}
Administrators = 'S-1-5-32-544'
SYSTEM_SID = 'S-1-5-18'
ADMINISTRATORS_SID = 'S-1-5-32-544'
# http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx
# ConsentPromptBehaviorAdmin
UACNoPrompt = 0
UACPromptCredsIfSecureDesktop = 1
UACPromptConsentIfSecureDesktop = 2
UACPromptCreds = 3
UACPromptConsent = 4
UACDefault = 5
UAC_NO_PROMPT = 0
UAC_PROMPT_CREDS_IF_SECURE_DESKTOP = 1
UAC_PROMPT_CONSENT_IF_SECURE_DESKTOP = 2
UAC_PROMPT_CREDS = 3
UAC_PROMPT_CONSENT = 4
UAC_DEFAULT = 5
#
# Returns true if user is admin and false if not.
@ -29,12 +34,11 @@ module Msf::Post::Windows::Priv
# Assume true if the OS doesn't expose this (Windows 2000)
session.railgun.shell32.IsUserAnAdmin()["return"] rescue true
else
cmd = "cmd.exe /c reg query HKU\\S-1-5-19"
results = session.shell_command_token_win32(cmd)
if results =~ /Error/
return false
else
local_service_key = registry_enumkeys('HKU\S-1-5-19')
if local_service_key
return true
else
return false
end
end
end
@ -48,7 +52,7 @@ module Msf::Post::Windows::Priv
if whoami.nil?
print_error("Unable to identify admin group membership")
return nil
elsif whoami.include? Administrators
elsif whoami.include? ADMINISTRATORS_SID
return true
else
return false
@ -60,19 +64,18 @@ module Msf::Post::Windows::Priv
#
def is_system?
if session_has_ext
local_sys = resolve_sid("S-1-5-18")
local_sys = resolve_sid(SYSTEM_SID)
if session.sys.config.getuid == "#{local_sys[:domain]}\\#{local_sys[:name]}"
return true
else
return false
end
else
cmd = "cmd.exe /c reg query HKLM\\SAM\\SAM"
results = session.shell_command_token_win32(cmd)
if results =~ /Error/
return false
else
results = registry_enumkeys('HKLM\SAM\SAM')
if results
return true
else
return false
end
end
end
@ -90,15 +93,13 @@ module Msf::Post::Windows::Priv
if winversion =~ /Windows (Vista|7|8|2008)/
unless is_system?
begin
key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',KEY_READ)
if key.query_value('EnableLUA').data == 1
uac = true
end
key.close
rescue::Exception => e
print_error("Error Checking UAC: #{e.class} #{e}")
enable_lua = registry_getvaldata(
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
'EnableLUA'
)
uac = (enable_lua == 1)
rescue Rex::Post::Meterpreter::RequestError => e
print_error("Error Checking if UAC is Enabled: #{e.class} #{e}")
end
end
end
@ -108,19 +109,24 @@ module Msf::Post::Windows::Priv
#
# Returns the UAC Level
#
# @see http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx
# 2 - Always Notify, 5 - Default, 0 - Disabled
#
def get_uac_level
begin
open_key = session.sys.registry.open_key(
HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
KEY_READ
uac_level = registry_getvaldata(
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
'ConsentPromptBehaviorAdmin'
)
uac_level = open_key.query_value('ConsentPromptBehaviorAdmin')
rescue Exception => e
print_error("Error Checking UAC: #{e.class} #{e}")
rescue Rex::Post::Meterpreter::RequestError => e
print_error("Error Checking UAC Level: #{e.class} #{e}")
end
if uac_level
return uac_level
else
return nil
end
return uac_level.data
end
#
@ -132,14 +138,12 @@ module Msf::Post::Windows::Priv
if whoami.nil?
print_error("Unable to identify integrity level")
return nil
elsif whoami.include? LowIntegrityLevel
return LowIntegrityLevel
elsif whoami.include? MediumIntegrityLevel
return MediumIntegrityLevel
elsif whoami.include? HighIntegrityLevel
return HighIntegrityLevel
elsif whoami.include? SystemIntegrityLevel
return SystemIntegrityLevel
else
INTEGRITY_LEVEL_SID.each_pair do |k,sid|
if whoami.include? sid
return sid
end
end
end
end
@ -149,7 +153,7 @@ module Msf::Post::Windows::Priv
# Returns nil if Windows whoami is not available
#
def get_whoami
whoami = cmd_exec('cmd /c whoami /groups')
whoami = cmd_exec('cmd.exe /c whoami /groups')
if whoami.nil? or whoami.empty?
return nil

View File

@ -0,0 +1,51 @@
window.addons_detect = { };
/**
* Returns the version of Microsoft Office. If not found, returns null.
**/
window.addons_detect.getMsOfficeVersion = function () {
var version;
var types = new Array();
for (var i=1; i <= 5; i++) {
try {
types[i-1] = typeof(new ActiveXObject("SharePoint.OpenDocuments." + i.toString()));
}
catch (e) {
types[i-1] = null;
}
}
if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == 'object' && types[4] == 'object')
{
version = "2012";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == 'object' && types[4] == null)
{
version = "2010";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == null && types[4] == null)
{
version = "2007";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == null &&
types[3] == null && types[4] == null)
{
version = "2003";
}
else if (types[0] == 'object' && types[1] == null && types[2] == null &&
types[3] == null && types[4] == null)
{
// If run for the first time, you must manullay allow the "Microsoft Office XP"
// add-on to run. However, this prompt won't show because the ActiveXObject statement
// is wrapped in an exception handler.
version = "xp";
}
else {
version = null;
}
return version;
}

View File

@ -0,0 +1,29 @@
# -*- coding: binary -*-
require 'msf/core'
require 'rex/text'
require 'rex/exploitation/jsobfu'
module Rex
module Exploitation
#
# Provides javascript functions to determine addon information.
#
# getMsOfficeVersion(): Returns the version for Microsoft Office
#
class JavascriptAddonsDetect < JSObfu
def initialize(custom_js = '', opts = {})
@js = custom_js
@js += ::File.read(::File.join(::File.dirname(__FILE__), "javascriptaddonsdetect.js"))
super @js
return @js
end
end
end
end

View File

@ -52,6 +52,13 @@ window.os_detect.getVersion = function(){
return d.style[propCamelCase] === css;
}
var input_type_is_valid = function(input_type) {
if (!document.createElement) return false;
var input = document.createElement('input');
input.setAttribute('type', input_type);
return input.type == input_type;
}
//--
// Client
//--
@ -203,7 +210,13 @@ window.os_detect.getVersion = function(){
// Thanks to developer.mozilla.org "Firefox for developers" series for most
// of these.
// Release changelogs: http://www.mozilla.org/en-US/firefox/releases/
if ('HTMLTimeElement' in window) {
if ('DeviceStorage' in window && window.DeviceStorage &&
'default' in window.DeviceStorage.prototype) {
// https://bugzilla.mozilla.org/show_bug.cgi?id=874213
ua_version = '24.0'
} else if (input_type_is_valid('range')) {
ua_version = '23.0'
} else if ('HTMLTimeElement' in window) {
ua_version = '22.0'
} else if ('createElement' in document &&
document.createElement('main') &&

View File

@ -0,0 +1,239 @@
require "rex/parser/nokogiri_doc_mixin"
module Rex
module Parser
load_nokogiri && class Outpost24Document < Nokogiri::XML::SAX::Document
include NokogiriDocMixin
def start_element(name, attrs)
@state[:current_tag][name] = true
case name
when "description", "information"
return unless in_tag("detaillist")
return unless in_tag("detail")
record_text
when "detail"
return unless in_tag("detaillist")
record_vuln
when "detaillist"
record_vulns
when "host"
return unless in_tag("hostlist")
record_host
when "hostlist"
record_hosts
when "id"
return unless in_tag("detaillist")
return unless in_tag("detail")
return unless in_tag("cve")
record_text
when "name"
return unless in_tag("hostlist") || in_tag("detaillist")
return unless in_tag("host") || in_tag("detail")
record_text
when "platform"
return unless in_tag("hostlist")
return unless in_tag("host")
record_text
when "portinfo"
return unless in_tag("portlist")
return unless in_tag("portlist-host")
record_service
when "portlist"
record_services
when "portnumber", "protocol", "service"
return unless in_tag("portlist")
return unless in_tag("portlist-host")
return unless in_tag("portinfo")
record_text
when "report", "ip"
record_text
end
end
def end_element(name)
case name
when "description", "information"
return unless in_tag("detaillist")
return unless in_tag("detail")
collect_vuln_data(name)
when "detail"
return unless in_tag("detaillist")
collect_vuln
when "detaillist"
report_vulns
when "host"
return unless in_tag("hostlist")
collect_host
when "hostlist"
report_hosts
when "id"
return unless in_tag("detaillist")
return unless in_tag("detail")
return unless in_tag("cve")
collect_vuln_data(name)
when "ip"
collect_ip
when "name"
if in_tag("hostlist") && in_tag("host")
collect_host_data(name)
elsif in_tag("detaillist") && in_tag("detail")
collect_vuln_data(name)
end
when "platform"
return unless in_tag("hostlist")
return unless in_tag("host")
collect_host_data(name)
when "portinfo"
return unless in_tag("portlist")
return unless in_tag("portlist-host")
collect_service
when "portlist"
report_services
when "portnumber", "protocol", "service"
return unless in_tag("portlist")
return unless in_tag("portlist-host")
return unless in_tag("portinfo")
collect_service_data(name)
when "report"
collect_product
end
@state[:current_tag].delete(name)
end
def record_hosts
@report_data[:hosts] = []
end
def record_services
@report_data[:services] = []
end
def record_vulns
@report_data[:vulns] = []
end
def record_host
@host = {}
end
def record_service
@service = {}
end
def record_vuln
@vuln = {}
@refs = []
end
def record_text
@state[:has_text] = true
end
def collect_host
@host[:host] = @state[:host]
@host[:name] = @state[:hname]
@host[:os_name] = @state[:os_name]
@host[:info] = @state[:pinfo]
@report_data[:hosts] << @host
end
def collect_service
@service[:host] = @state[:host]
@service[:port] = @state[:port]
@service[:proto] = @state[:proto]
@service[:name] = @state[:sname]
@service[:info] = @state[:pinfo]
@report_data[:services] << @service
end
def collect_vuln
@vuln[:host] = @state[:host]
@vuln[:name] = @state[:vname]
@vuln[:info] = @state[:vinfo]
@vuln[:refs] = @refs
@report_data[:vulns] << @vuln
end
def collect_product
@state[:has_text] = false
@state[:pinfo] = @text.strip if @text
@text = nil
end
def collect_ip
@state[:has_text] = false
@state[:host] = @text.strip if @text
@text = nil
end
def collect_host_data(name)
@state[:has_text] = false
if name == "name"
@state[:hname] = @text.strip if @text
elsif name == "platform"
if @text
@state[:os_name] = @text.strip
else
@state[:os_name] = Msf::OperatingSystems::UNKNOWN
end
end
@text = nil
end
def collect_service_data(name)
@state[:has_text] = false
if name == "portnumber"
@state[:port] = @text.strip if @text
elsif name == "protocol"
@state[:proto] = @text.strip.downcase if @text
elsif name == "service"
@state[:sname] = @text.strip if @text
end
@text = nil
end
def collect_vuln_data(name)
@state[:has_text] = false
if name == "name"
@state[:vname] = @text.strip if @text
elsif name == "description"
@state[:vinfo] = @text.strip if @text
elsif name == "information"
@state[:vinfo] << " #{@text.strip if @text}"
elsif name == "id"
@state[:ref] = @text.strip if @text
@refs << normalize_ref("CVE", @state[:ref])
end
@text = nil
end
def report_hosts
block = @block
@report_data[:hosts].each do |h|
db.emit(:address, h[:host], &block) if block
db_report(:host, h)
end
end
def report_services
block = @block
@report_data[:services].each do |s|
db.emit(:service, "#{s[:host]}:#{s[:port]}/#{s[:proto]}", &block) if block
db_report(:service, s)
end
end
def report_vulns
block = @block
@report_data[:vulns].each do |v|
db.emit(:vuln, ["#{v[:name]} (#{v[:host]})", 1], &block) if block
db_report(:vuln, v)
end
end
end
end
end

View File

@ -34,14 +34,18 @@ class Mimikatz < Extension
])
end
def send_custom_command(function, args=[])
def send_custom_command_raw(function, args=[])
request = Packet.create_request('mimikatz_custom_command')
request.add_tlv(TLV_TYPE_MIMIKATZ_FUNCTION, function)
args.each do |a|
request.add_tlv(TLV_TYPE_MIMIKATZ_ARGUMENT, a)
end
response = client.send_request(request)
return Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
return response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT)
end
def send_custom_command(function, args=[])
return Rex::Text.to_ascii(send_custom_command_raw(function, args))
end
def parse_creds_result(result)
@ -63,11 +67,18 @@ class Mimikatz < Extension
def parse_ssp_result(result)
details = CSV.parse(result)
accounts = []
return accounts unless details
details.each do |acc|
next unless acc.length == 5
ssps = acc[4].split(' }')
next unless ssps
ssps.each do |ssp|
next unless ssp
s_acc = ssp.split(' ; ')
next unless s_acc
user = s_acc[0].split('{ ')[1]
next unless user
account = {
:authid => acc[0],
:package => acc[1],

View File

@ -106,7 +106,7 @@ class Console::CommandDispatcher::Mimikatz
)
accounts.each do |acc|
table << [acc[:authid], acc[:package], acc[:domain], acc[:user], acc[:password]]
table << [acc[:authid], acc[:package], acc[:domain], acc[:user], acc[:password].gsub("\n","")]
end
print_line table.to_s

View File

@ -236,7 +236,15 @@ class Console::CommandDispatcher::Stdapi::Sys
when /win/
path = client.fs.file.expand_path("%COMSPEC%")
path = (path and not path.empty?) ? path : "cmd.exe"
cmd_execute("-f", path, "-c", "-H", "-i", "-t")
# attempt the shell with thread impersonation
begin
cmd_execute("-f", path, "-c", "-H", "-i", "-t")
rescue
# if this fails, then we attempt without impersonation
print_error( "Failed to spawn shell with thread impersonation. Retrying without it." )
cmd_execute("-f", path, "-c", "-H", "-i")
end
when /linux/
# Don't expand_path() this because it's literal anyway
path = "/bin/sh"

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -34,7 +32,7 @@ class Metasploit3 < Msf::Auxiliary
[
[ 'CVE', '2011-0923' ],
[ 'OSVDB', '72526' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-11-055/' ],
[ 'ZDI', '11-055' ],
[ 'URL', 'http://c4an-dl.blogspot.com/hp-data-protector-vuln.html' ],
[ 'URL', 'http://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux' ]
],

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'uri'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -42,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
[
Opt::RPORT(8080),
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
File.join(Msf::Config.install_root, "data", "wordlists", "sensitive_files.txt") ]),
File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
OptInt.new('MAXDIRS', [ true, 'The maximum directory depth to search', 7]),
], self.class)
end

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -43,7 +41,7 @@ class Metasploit3 < Msf::Auxiliary
Opt::RPORT(8443),
OptBool.new('SSL', [true, 'Use SSL', true]),
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
File.join(Msf::Config.install_root, "data", "wordlists", "sensitive_files.txt") ]),
File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
], self.class)
end

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -28,7 +26,8 @@ class Metasploit3 < Msf::Auxiliary
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'http://www.net-security.org/secworld.php?id=15743' ],
[ 'URL', 'http://blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html'],
[ 'OSVDB', '98370' ],
[ 'URL', 'http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5']
],
'DisclosureDate' => 'Oct 09 2013'))

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -8,10 +8,8 @@
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -657,7 +655,7 @@ class Metasploit3 < Msf::Auxiliary
FROM sys.user$
where password != 'null' and type# = 1
|
ordfltpss = "#{File.join(Msf::Config.install_root, "data", "wordlists", "oracle_default_hashes.txt")}"
ordfltpss = "#{File.join(Msf::Config.data_directory, "wordlists", "oracle_default_hashes.txt")}"
returnedstring = prepare_exec(query)
accts = {}
returnedstring.each do |record|

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -24,7 +22,7 @@ class Metasploit3 < Msf::Auxiliary
[ 'CVE', '2008-5448' ],
[ 'OSVDB', '51342' ],
[ 'URL', 'http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-003' ],
[ 'ZDI', '09-003' ],
],
'DisclosureDate' => 'Jan 14 2009'))

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -28,8 +26,8 @@ class Metasploit3 < Msf::Auxiliary
[ 'OSVDB', '55903' ],
[ 'CVE', '2009-1978' ],
[ 'OSVDB', '55904' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-058' ],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-059' ],
[ 'ZDI', '09-058' ],
[ 'ZDI', '09-059' ],
],
'DisclosureDate' => 'Aug 18 2009'))

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
@ -26,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary
[
[ 'CVE', '2010-0904' ],
[ 'OSVDB', '66338'],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-118' ],
[ 'ZDI', '10-118' ],
],
'DisclosureDate' => 'Jul 13 2010'))

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'

View File

@ -1,8 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

Some files were not shown because too many files have changed in this diff Show More