Merge remote-tracking branch 'upstream/master' into bypassuac_redo
Conflicts: lib/msf/core/post/windows/priv.rb modules/exploits/windows/local/bypassuac.rbbug/bundler_fix
commit
e6a2a1006f
2
Gemfile
2
Gemfile
|
@ -40,6 +40,8 @@ group :development, :test do
|
||||||
# Version 4.1.0 or newer is needed to support generate calls without the
|
# Version 4.1.0 or newer is needed to support generate calls without the
|
||||||
# 'FactoryGirl.' in factory definitions syntax.
|
# 'FactoryGirl.' in factory definitions syntax.
|
||||||
gem 'factory_girl', '>= 4.1.0'
|
gem 'factory_girl', '>= 4.1.0'
|
||||||
|
# Make rspec output shorter and more useful
|
||||||
|
gem 'fivemat', '1.2.1'
|
||||||
# running documentation generation tasks and rspec tasks
|
# running documentation generation tasks and rspec tasks
|
||||||
gem 'rake', '>= 10.0.0'
|
gem 'rake', '>= 10.0.0'
|
||||||
end
|
end
|
||||||
|
|
|
@ -18,6 +18,7 @@ GEM
|
||||||
diff-lcs (1.2.4)
|
diff-lcs (1.2.4)
|
||||||
factory_girl (4.2.0)
|
factory_girl (4.2.0)
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
|
fivemat (1.2.1)
|
||||||
i18n (0.6.5)
|
i18n (0.6.5)
|
||||||
json (1.8.0)
|
json (1.8.0)
|
||||||
metasploit_data_models (0.16.6)
|
metasploit_data_models (0.16.6)
|
||||||
|
@ -62,6 +63,7 @@ DEPENDENCIES
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
database_cleaner
|
database_cleaner
|
||||||
factory_girl (>= 4.1.0)
|
factory_girl (>= 4.1.0)
|
||||||
|
fivemat (= 1.2.1)
|
||||||
json
|
json
|
||||||
metasploit_data_models (~> 0.16.6)
|
metasploit_data_models (~> 0.16.6)
|
||||||
msgpack
|
msgpack
|
||||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,13 +0,0 @@
|
||||||
K 10
|
|
||||||
ascii_cert
|
|
||||||
V 1844
|
|
||||||
MIIFYzCCBEugAwIBAgIHBHTfnZklJzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5NjkyODcwHhcNMTAwMzE2MTIwOTU5WhcNMTMwNDAxMjIwMjI0WjBVMRcwFQYDVQQKEw5tZXRhc3Bsb2l0LmNvbTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRcwFQYDVQQDEw5tZXRhc3Bsb2l0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+V3Vs8M+48CofjzH5KE3MA1CmfXhz2vweW3x27TKhZBxbLLxVOpnbFTxfc6gD1NmcRfBRyRuGNclkwnkfQZ4YbkXIJWCjov0OZNfYTNOQbDtdZPK9q94h9wHUQOkpXl1k+Xe8+gVqLilqcS1ikISUQVsKBYa18FaT/PyFEv00ZsewtehL6C9oXCm81HH2S/HBu+CW1TJ3X5Loivs24aR65dzsKFhG2tnzUxox0Rg2ixPUue8xAoTGquujmy/0aa6yeT1kswFTLncTL/GLxQggtah9ul50pYQWRLuTNOIYsjSS32zPs1ZOTN8RkDrdCmEWPUxrzgmUmNQzKDvHjVp8CAwEAAaOCAcAwggG8MA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtMTUuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u6FX5q653aZaMznMC0GA1UdEQQmMCSCDm1ldGFzcGxvaXQuY29tghJ3d3cubWV0YXNwbG9pdC5jb20wHQYDVR0OBBYEFDkiSjDeC0NDm2ioUVerYRuLWtbyMA0GCSqGSIb3DQEBBQUAA4IBAQAgATMjfkj0zvvpTWSxVLUjtMTsei+lC8v79mTqM/+3DWZZj8Tc6xUyhxNreAW137WKiJxQSEnrdMzVxozp99iL4RYH1tVTukXV4XVkRbFrtAw7dCYV6dYbp4Ru4dy97CUBceUDCXQpC3t6CNU66RIg6UAa6MV7DmJrEUhNSAB5LqsY3oyhFcV5jT0QYGMC0XuUylzNBW4AWCnlMDysJhSJ75RHa9e76S6g8m4TWT3b02LCdunzcl1kq4cmH6xPr5X3U8CkV6YGBTQhltuNQMM5OBxga1lfCFa81hSSa3300f8YBhwMatloUgu5gzQh/o3nFDJL6CDh6/fCqZyI32r+
|
|
||||||
K 8
|
|
||||||
failures
|
|
||||||
V 1
|
|
||||||
8
|
|
||||||
K 15
|
|
||||||
svn:realmstring
|
|
||||||
V 26
|
|
||||||
https://metasploit.com:443
|
|
||||||
END
|
|
|
@ -1,13 +0,0 @@
|
||||||
K 10
|
|
||||||
ascii_cert
|
|
||||||
V 1844
|
|
||||||
MIIFYzCCBEugAwIBAgIHBHTfnZklJzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5NjkyODcwHhcNMTAwMzE2MTIwOTU5WhcNMTMwNDAxMjIwMjI0WjBVMRcwFQYDVQQKEw5tZXRhc3Bsb2l0LmNvbTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRcwFQYDVQQDEw5tZXRhc3Bsb2l0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+V3Vs8M+48CofjzH5KE3MA1CmfXhz2vweW3x27TKhZBxbLLxVOpnbFTxfc6gD1NmcRfBRyRuGNclkwnkfQZ4YbkXIJWCjov0OZNfYTNOQbDtdZPK9q94h9wHUQOkpXl1k+Xe8+gVqLilqcS1ikISUQVsKBYa18FaT/PyFEv00ZsewtehL6C9oXCm81HH2S/HBu+CW1TJ3X5Loivs24aR65dzsKFhG2tnzUxox0Rg2ixPUue8xAoTGquujmy/0aa6yeT1kswFTLncTL/GLxQggtah9ul50pYQWRLuTNOIYsjSS32zPs1ZOTN8RkDrdCmEWPUxrzgmUmNQzKDvHjVp8CAwEAAaOCAcAwggG8MA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtMTUuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u6FX5q653aZaMznMC0GA1UdEQQmMCSCDm1ldGFzcGxvaXQuY29tghJ3d3cubWV0YXNwbG9pdC5jb20wHQYDVR0OBBYEFDkiSjDeC0NDm2ioUVerYRuLWtbyMA0GCSqGSIb3DQEBBQUAA4IBAQAgATMjfkj0zvvpTWSxVLUjtMTsei+lC8v79mTqM/+3DWZZj8Tc6xUyhxNreAW137WKiJxQSEnrdMzVxozp99iL4RYH1tVTukXV4XVkRbFrtAw7dCYV6dYbp4Ru4dy97CUBceUDCXQpC3t6CNU66RIg6UAa6MV7DmJrEUhNSAB5LqsY3oyhFcV5jT0QYGMC0XuUylzNBW4AWCnlMDysJhSJ75RHa9e76S6g8m4TWT3b02LCdunzcl1kq4cmH6xPr5X3U8CkV6YGBTQhltuNQMM5OBxga1lfCFa81hSSa3300f8YBhwMatloUgu5gzQh/o3nFDJL6CDh6/fCqZyI32r+
|
|
||||||
K 8
|
|
||||||
failures
|
|
||||||
V 1
|
|
||||||
8
|
|
||||||
K 15
|
|
||||||
svn:realmstring
|
|
||||||
V 30
|
|
||||||
https://www.metasploit.com:443
|
|
||||||
END
|
|
|
@ -92,6 +92,7 @@ root
|
||||||
router
|
router
|
||||||
rw
|
rw
|
||||||
rwa
|
rwa
|
||||||
|
s!a@m#n$p%c
|
||||||
san-fran
|
san-fran
|
||||||
sanfran
|
sanfran
|
||||||
scotty
|
scotty
|
||||||
|
|
|
@ -32,7 +32,7 @@ module Auxiliary::JohnTheRipper
|
||||||
)
|
)
|
||||||
|
|
||||||
@run_path = nil
|
@run_path = nil
|
||||||
@john_path = ::File.join(Msf::Config.install_root, "data", "john")
|
@john_path = ::File.join(Msf::Config.data_directory, "john")
|
||||||
|
|
||||||
autodetect_platform
|
autodetect_platform
|
||||||
end
|
end
|
||||||
|
|
|
@ -23,7 +23,7 @@ module Auxiliary::MimeTypes
|
||||||
end
|
end
|
||||||
|
|
||||||
def mime_load_extension_map
|
def mime_load_extension_map
|
||||||
path = File.join( Msf::Config.install_root, "data", "mime.yml")
|
path = File.join( Msf::Config.data_directory, "mime.yml")
|
||||||
@extension_map = YAML.load_file(path)
|
@extension_map = YAML.load_file(path)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -41,6 +41,7 @@ require 'rex/parser/nexpose_simple_nokogiri'
|
||||||
require 'rex/parser/nmap_nokogiri'
|
require 'rex/parser/nmap_nokogiri'
|
||||||
require 'rex/parser/openvas_nokogiri'
|
require 'rex/parser/openvas_nokogiri'
|
||||||
require 'rex/parser/wapiti_nokogiri'
|
require 'rex/parser/wapiti_nokogiri'
|
||||||
|
require 'rex/parser/outpost24_nokogiri'
|
||||||
|
|
||||||
# Legacy XML parsers -- these will be converted some day
|
# Legacy XML parsers -- these will be converted some day
|
||||||
require 'rex/parser/ip360_aspl_xml'
|
require 'rex/parser/ip360_aspl_xml'
|
||||||
|
@ -2926,7 +2927,7 @@ class DBManager
|
||||||
# Returns one of: :nexpose_simplexml :nexpose_rawxml :nmap_xml :openvas_xml
|
# Returns one of: :nexpose_simplexml :nexpose_rawxml :nmap_xml :openvas_xml
|
||||||
# :nessus_xml :nessus_xml_v2 :qualys_scan_xml, :qualys_asset_xml, :msf_xml :nessus_nbe :amap_mlog
|
# :nessus_xml :nessus_xml_v2 :qualys_scan_xml, :qualys_asset_xml, :msf_xml :nessus_nbe :amap_mlog
|
||||||
# :amap_log :ip_list, :msf_zip, :libpcap, :foundstone_xml, :acunetix_xml, :appscan_xml
|
# :amap_log :ip_list, :msf_zip, :libpcap, :foundstone_xml, :acunetix_xml, :appscan_xml
|
||||||
# :burp_session, :ip360_xml_v3, :ip360_aspl_xml, :nikto_xml
|
# :burp_session, :ip360_xml_v3, :ip360_aspl_xml, :nikto_xml, :outpost24_xml
|
||||||
# If there is no match, an error is raised instead.
|
# If there is no match, an error is raised instead.
|
||||||
def import_filetype_detect(data)
|
def import_filetype_detect(data)
|
||||||
|
|
||||||
|
@ -3059,6 +3060,9 @@ class DBManager
|
||||||
@import_filedata[:type] = "CI"
|
@import_filedata[:type] = "CI"
|
||||||
return :ci_xml
|
return :ci_xml
|
||||||
end
|
end
|
||||||
|
when "main"
|
||||||
|
@import_filedata[:type] = "Outpost24 XML"
|
||||||
|
return :outpost24_xml
|
||||||
else
|
else
|
||||||
# Give up if we haven't hit the root tag in the first few lines
|
# Give up if we haven't hit the root tag in the first few lines
|
||||||
break if line_count > 10
|
break if line_count > 10
|
||||||
|
@ -3649,7 +3653,7 @@ class DBManager
|
||||||
data = ::File.open(args[:filename], "rb") {|f| f.read(f.stat.size)}
|
data = ::File.open(args[:filename], "rb") {|f| f.read(f.stat.size)}
|
||||||
wspace = args[:wspace] || args['wspace'] || workspace
|
wspace = args[:wspace] || args['wspace'] || workspace
|
||||||
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||||
basedir = args[:basedir] || args['basedir'] || ::File.join(Msf::Config.install_root, "data", "msf")
|
basedir = args[:basedir] || args['basedir'] || ::File.join(Msf::Config.data_directory, "msf")
|
||||||
|
|
||||||
allow_yaml = false
|
allow_yaml = false
|
||||||
btag = nil
|
btag = nil
|
||||||
|
@ -5923,6 +5927,36 @@ class DBManager
|
||||||
parser.parse(args[:data])
|
parser.parse(args[:data])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def import_outpost24_xml(args={}, &block)
|
||||||
|
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||||
|
wspace = args[:wspace] || workspace
|
||||||
|
if Rex::Parser.nokogiri_loaded
|
||||||
|
parser = "Nokogiri v#{::Nokogiri::VERSION}"
|
||||||
|
noko_args = args.dup
|
||||||
|
noko_args[:blacklist] = bl
|
||||||
|
noko_args[:wspace] = wspace
|
||||||
|
if block
|
||||||
|
yield(:parser, parser)
|
||||||
|
import_outpost24_noko_stream(noko_args) {|type, data| yield type,data}
|
||||||
|
else
|
||||||
|
import_outpost24_noko_stream(noko_args)
|
||||||
|
end
|
||||||
|
return true
|
||||||
|
else # Sorry
|
||||||
|
raise DBImportError.new("Could not import due to missing Nokogiri parser. Try 'gem install nokogiri'.")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def import_outpost24_noko_stream(args={},&block)
|
||||||
|
if block
|
||||||
|
doc = Rex::Parser::Outpost24Document.new(args,framework.db) {|type, data| yield type,data }
|
||||||
|
else
|
||||||
|
doc = Rex::Parser::Outpost24Document.new(args,self)
|
||||||
|
end
|
||||||
|
parser = ::Nokogiri::XML::SAX::Parser.new(doc)
|
||||||
|
parser.parse(args[:data])
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
def unserialize_object(xml_elem, allow_yaml = false)
|
def unserialize_object(xml_elem, allow_yaml = false)
|
||||||
return nil unless xml_elem
|
return nil unless xml_elem
|
||||||
|
|
|
@ -19,7 +19,7 @@ module Exploit::CmdStagerDebugAsm
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptString.new( 'DECODERSTUB', [ true, 'The debug.exe assembly listing decoder stub to use.',
|
OptString.new( 'DECODERSTUB', [ true, 'The debug.exe assembly listing decoder stub to use.',
|
||||||
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")]),
|
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "debug_asm")]),
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@ module Exploit::CmdStagerDebugWrite
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptString.new( 'DECODERSTUB', [ true, 'The debug.exe file-writing decoder stub to use.',
|
OptString.new( 'DECODERSTUB', [ true, 'The debug.exe file-writing decoder stub to use.',
|
||||||
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")]),
|
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "debug_write")]),
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@ module Exploit::CmdStagerVBS
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
|
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
|
||||||
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")]),
|
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64")]),
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@ module Exploit::CmdStagerVBS::ADODB
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
|
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
|
||||||
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")]),
|
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_adodb")]),
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -47,19 +47,18 @@ module Exploit::FileDropper
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
cmds = [
|
win_cmds = [
|
||||||
%Q|attrib.exe -r "#{win_file}"|,
|
%Q|attrib.exe -r "#{win_file}"|,
|
||||||
%Q|del.exe /f /q "#{win_file}"|,
|
%Q|del.exe /f /q "#{win_file}"|
|
||||||
%Q|rm -f "#{file}" >/dev/null|,
|
]
|
||||||
]
|
|
||||||
|
|
||||||
# We need to be platform-independent here. Since we can't be
|
# We need to be platform-independent here. Since we can't be
|
||||||
# certain that {#target} is accurate because exploits with
|
# certain that {#target} is accurate because exploits with
|
||||||
# automatic targets frequently change it, we just go ahead and
|
# automatic targets frequently change it, we just go ahead and
|
||||||
# run both a windows and a unixy command in the same line. One
|
# run both a windows and a unixy command in the same line. One
|
||||||
# of them will definitely fail and the other will probably
|
# of them will definitely fail and the other will probably
|
||||||
# succeed. Doing it this way saves us an extra round-trip.
|
# succeed. Doing it this way saves us an extra round-trip.
|
||||||
session.shell_command_token(cmds.join(" ; "))
|
# Trick shared by @mihi42
|
||||||
|
session.shell_command_token("rm -f \"#{file}\" >/dev/null ; echo ' & #{win_cmds.join(" & ")} & echo \" ' >/dev/null")
|
||||||
print_good("Deleted #{file}")
|
print_good("Deleted #{file}")
|
||||||
true
|
true
|
||||||
end
|
end
|
||||||
|
|
|
@ -4,6 +4,7 @@ require 'rex/exploitation/obfuscatejs'
|
||||||
require 'rex/exploitation/encryptjs'
|
require 'rex/exploitation/encryptjs'
|
||||||
require 'rex/exploitation/heaplib'
|
require 'rex/exploitation/heaplib'
|
||||||
require 'rex/exploitation/javascriptosdetect'
|
require 'rex/exploitation/javascriptosdetect'
|
||||||
|
require 'rex/exploitation/javascriptaddonsdetect'
|
||||||
|
|
||||||
module Msf
|
module Msf
|
||||||
|
|
||||||
|
|
|
@ -51,7 +51,7 @@ module Exploit::Java
|
||||||
|
|
||||||
# Instantiate the JVM with a classpath pointing to the JDK tools.jar
|
# Instantiate the JVM with a classpath pointing to the JDK tools.jar
|
||||||
# and our javatoolkit jar.
|
# and our javatoolkit jar.
|
||||||
classpath = File.join(Msf::Config.install_root, "data", "exploits", "msfJavaToolkit.jar")
|
classpath = File.join(Msf::Config.data_directory, "exploits", "msfJavaToolkit.jar")
|
||||||
classpath += ":" + toolsjar
|
classpath += ":" + toolsjar
|
||||||
classpath += ":" + datastore['ADDCLASSPATH'] if datastore['ADDCLASSPATH']
|
classpath += ":" + datastore['ADDCLASSPATH'] if datastore['ADDCLASSPATH']
|
||||||
|
|
||||||
|
|
|
@ -75,7 +75,7 @@ module Exploit::Remote::MSSQL
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptPath.new('HEX2BINARY', [ false, "The path to the hex2binary script on the disk",
|
OptPath.new('HEX2BINARY', [ false, "The path to the hex2binary script on the disk",
|
||||||
File.join(Msf::Config.install_root, "data", "exploits", "mssql", "h2b")
|
File.join(Msf::Config.data_directory, "exploits", "mssql", "h2b")
|
||||||
]),
|
]),
|
||||||
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentication', 'WORKSTATION'])
|
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentication', 'WORKSTATION'])
|
||||||
], Msf::Exploit::Remote::MSSQL)
|
], Msf::Exploit::Remote::MSSQL)
|
||||||
|
|
|
@ -34,7 +34,7 @@ module Exploit::Remote::MSSQL_SQLI
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptPath.new('HEX2BINARY', [ false, "The path to the hex2binary script on the disk",
|
OptPath.new('HEX2BINARY', [ false, "The path to the hex2binary script on the disk",
|
||||||
File.join(Msf::Config.install_root, "data", "exploits", "mssql", "h2b")
|
File.join(Msf::Config.data_directory, "exploits", "mssql", "h2b")
|
||||||
])
|
])
|
||||||
], Msf::Exploit::Remote::MSSQL_SQLI)
|
], Msf::Exploit::Remote::MSSQL_SQLI)
|
||||||
|
|
||||||
|
|
|
@ -150,7 +150,7 @@ module Exploit::Remote::MYSQL
|
||||||
|
|
||||||
def mysql_upload_sys_udf(arch=:win32,target_path=nil)
|
def mysql_upload_sys_udf(arch=:win32,target_path=nil)
|
||||||
fname = (arch == :win32 ? "lib_mysqludf_sys_32.dll" : "lib_mysqludf_sys_64.dll")
|
fname = (arch == :win32 ? "lib_mysqludf_sys_32.dll" : "lib_mysqludf_sys_64.dll")
|
||||||
sys_dll = File.join( Msf::Config.install_root, "data", "exploits", "mysql", fname )
|
sys_dll = File.join( Msf::Config.data_directory, "exploits", "mysql", fname )
|
||||||
data = File.open(sys_dll, "rb") {|f| f.read f.stat.size}
|
data = File.open(sys_dll, "rb") {|f| f.read f.stat.size}
|
||||||
blob = "0x"
|
blob = "0x"
|
||||||
blob << data.unpack("C*").map {|x| "%02x" % [x]}.join
|
blob << data.unpack("C*").map {|x| "%02x" % [x]}.join
|
||||||
|
|
|
@ -116,7 +116,7 @@ module Exploit::Powershell
|
||||||
|
|
||||||
ps_wrapper = <<EOS
|
ps_wrapper = <<EOS
|
||||||
$si = New-Object System.Diagnostics.ProcessStartInfo
|
$si = New-Object System.Diagnostics.ProcessStartInfo
|
||||||
$si.FileName = "#{ps_bin}"
|
$si.FileName = #{ps_bin}
|
||||||
$si.Arguments = '#{ps_args}'
|
$si.Arguments = '#{ps_args}'
|
||||||
$si.UseShellExecute = $false
|
$si.UseShellExecute = $false
|
||||||
$si.RedirectStandardOutput = $true
|
$si.RedirectStandardOutput = $true
|
||||||
|
@ -146,11 +146,11 @@ EOS
|
||||||
psh_payload << "while(1){Start-Sleep -s #{sleep_time};#{fun_name};1};"
|
psh_payload << "while(1){Start-Sleep -s #{sleep_time};#{fun_name};1};"
|
||||||
end
|
end
|
||||||
# Determine appropriate architecture
|
# Determine appropriate architecture
|
||||||
ps_bin = wow64 ? '$env:windir\syswow64\WindowsPowerShell\v1.0\powershell.exe' : 'powershell.exe'
|
ps_bin = wow64 ? '$env:windir+\'\syswow64\WindowsPowerShell\v1.0\powershell.exe\'' : '\'powershell.exe\''
|
||||||
# Wrap in hidden runtime
|
# Wrap in hidden runtime
|
||||||
psh_payload = run_hidden_psh(psh_payload,ps_bin)
|
psh_payload = run_hidden_psh(psh_payload,ps_bin)
|
||||||
# Convert to base64 for -encodedcommand execution
|
# Convert to base64 for -encodedcommand execution
|
||||||
command = "%COMSPEC% /B /C start powershell.exe -Command \"#{psh_payload.gsub("\n",';').gsub('"','\"')}\"\r\n"
|
command = "%COMSPEC% /B /C start powershell.exe -Command #{psh_payload.gsub("\n",';').gsub('"','\"')}\r\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
@ -150,7 +150,7 @@ module Exploit::Remote::SunRPC
|
||||||
end
|
end
|
||||||
|
|
||||||
def progresolv(number)
|
def progresolv(number)
|
||||||
names = File.join(Msf::Config.install_root, "data", "wordlists", "rpc_names.txt")
|
names = File.join(Msf::Config.data_directory, "wordlists", "rpc_names.txt")
|
||||||
File.open(names, "rb").each_line do |line|
|
File.open(names, "rb").each_line do |line|
|
||||||
next if line.empty? || line =~ /^\s*#/
|
next if line.empty? || line =~ /^\s*#/
|
||||||
|
|
||||||
|
|
|
@ -112,6 +112,8 @@ class Msf::Module::SiteReference < Msf::Module::Reference
|
||||||
self.site = 'http://www.kb.cert.org/vuls/id/' + in_ctx_val.to_s
|
self.site = 'http://www.kb.cert.org/vuls/id/' + in_ctx_val.to_s
|
||||||
elsif (in_ctx_id == 'BPS')
|
elsif (in_ctx_id == 'BPS')
|
||||||
self.site = 'https://strikecenter.bpointsys.com/bps/advisory/BPS-' + in_ctx_val.to_s
|
self.site = 'https://strikecenter.bpointsys.com/bps/advisory/BPS-' + in_ctx_val.to_s
|
||||||
|
elsif (in_ctx_id == 'ZDI')
|
||||||
|
self.site = 'http://www.zerodayinitiative.com/advisories/ZDI-' + in_ctx_val.to_s
|
||||||
elsif (in_ctx_id == 'URL')
|
elsif (in_ctx_id == 'URL')
|
||||||
self.site = in_ctx_val.to_s
|
self.site = in_ctx_val.to_s
|
||||||
else
|
else
|
||||||
|
|
|
@ -1,25 +1,30 @@
|
||||||
# -*- coding: binary -*-
|
# -*- coding: binary -*-
|
||||||
|
|
||||||
require 'msf/core/post/windows/accounts'
|
require 'msf/core/post/windows/accounts'
|
||||||
|
require 'msf/core/post/windows/registry'
|
||||||
|
|
||||||
module Msf::Post::Windows::Priv
|
module Msf::Post::Windows::Priv
|
||||||
include ::Msf::Post::Windows::Accounts
|
include ::Msf::Post::Windows::Accounts
|
||||||
|
include Msf::Post::Windows::Registry
|
||||||
|
|
||||||
LowIntegrityLevel = 'S-1-16-4096'
|
INTEGRITY_LEVEL_SID = {
|
||||||
MediumIntegrityLevel = 'S-1-16-8192'
|
:low => 'S-1-16-4096',
|
||||||
HighIntegrityLevel = 'S-1-16-12288'
|
:medium => 'S-1-16-8192',
|
||||||
SystemIntegrityLevel = 'S-1-16-16384'
|
:high => 'S-1-16-12288',
|
||||||
|
:system => 'S-1-16-16384'
|
||||||
|
}
|
||||||
|
|
||||||
Administrators = 'S-1-5-32-544'
|
SYSTEM_SID = 'S-1-5-18'
|
||||||
|
ADMINISTRATORS_SID = 'S-1-5-32-544'
|
||||||
|
|
||||||
# http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx
|
# http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx
|
||||||
# ConsentPromptBehaviorAdmin
|
# ConsentPromptBehaviorAdmin
|
||||||
UACNoPrompt = 0
|
UAC_NO_PROMPT = 0
|
||||||
UACPromptCredsIfSecureDesktop = 1
|
UAC_PROMPT_CREDS_IF_SECURE_DESKTOP = 1
|
||||||
UACPromptConsentIfSecureDesktop = 2
|
UAC_PROMPT_CONSENT_IF_SECURE_DESKTOP = 2
|
||||||
UACPromptCreds = 3
|
UAC_PROMPT_CREDS = 3
|
||||||
UACPromptConsent = 4
|
UAC_PROMPT_CONSENT = 4
|
||||||
UACDefault = 5
|
UAC_DEFAULT = 5
|
||||||
|
|
||||||
#
|
#
|
||||||
# Returns true if user is admin and false if not.
|
# Returns true if user is admin and false if not.
|
||||||
|
@ -29,12 +34,11 @@ module Msf::Post::Windows::Priv
|
||||||
# Assume true if the OS doesn't expose this (Windows 2000)
|
# Assume true if the OS doesn't expose this (Windows 2000)
|
||||||
session.railgun.shell32.IsUserAnAdmin()["return"] rescue true
|
session.railgun.shell32.IsUserAnAdmin()["return"] rescue true
|
||||||
else
|
else
|
||||||
cmd = "cmd.exe /c reg query HKU\\S-1-5-19"
|
local_service_key = registry_enumkeys('HKU\S-1-5-19')
|
||||||
results = session.shell_command_token_win32(cmd)
|
if local_service_key
|
||||||
if results =~ /Error/
|
|
||||||
return false
|
|
||||||
else
|
|
||||||
return true
|
return true
|
||||||
|
else
|
||||||
|
return false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -48,7 +52,7 @@ module Msf::Post::Windows::Priv
|
||||||
if whoami.nil?
|
if whoami.nil?
|
||||||
print_error("Unable to identify admin group membership")
|
print_error("Unable to identify admin group membership")
|
||||||
return nil
|
return nil
|
||||||
elsif whoami.include? Administrators
|
elsif whoami.include? ADMINISTRATORS_SID
|
||||||
return true
|
return true
|
||||||
else
|
else
|
||||||
return false
|
return false
|
||||||
|
@ -60,19 +64,18 @@ module Msf::Post::Windows::Priv
|
||||||
#
|
#
|
||||||
def is_system?
|
def is_system?
|
||||||
if session_has_ext
|
if session_has_ext
|
||||||
local_sys = resolve_sid("S-1-5-18")
|
local_sys = resolve_sid(SYSTEM_SID)
|
||||||
if session.sys.config.getuid == "#{local_sys[:domain]}\\#{local_sys[:name]}"
|
if session.sys.config.getuid == "#{local_sys[:domain]}\\#{local_sys[:name]}"
|
||||||
return true
|
return true
|
||||||
else
|
else
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
cmd = "cmd.exe /c reg query HKLM\\SAM\\SAM"
|
results = registry_enumkeys('HKLM\SAM\SAM')
|
||||||
results = session.shell_command_token_win32(cmd)
|
if results
|
||||||
if results =~ /Error/
|
|
||||||
return false
|
|
||||||
else
|
|
||||||
return true
|
return true
|
||||||
|
else
|
||||||
|
return false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -90,15 +93,13 @@ module Msf::Post::Windows::Priv
|
||||||
if winversion =~ /Windows (Vista|7|8|2008)/
|
if winversion =~ /Windows (Vista|7|8|2008)/
|
||||||
unless is_system?
|
unless is_system?
|
||||||
begin
|
begin
|
||||||
key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',KEY_READ)
|
enable_lua = registry_getvaldata(
|
||||||
|
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
|
||||||
if key.query_value('EnableLUA').data == 1
|
'EnableLUA'
|
||||||
uac = true
|
)
|
||||||
end
|
uac = (enable_lua == 1)
|
||||||
|
rescue Rex::Post::Meterpreter::RequestError => e
|
||||||
key.close
|
print_error("Error Checking if UAC is Enabled: #{e.class} #{e}")
|
||||||
rescue::Exception => e
|
|
||||||
print_error("Error Checking UAC: #{e.class} #{e}")
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -108,19 +109,24 @@ module Msf::Post::Windows::Priv
|
||||||
#
|
#
|
||||||
# Returns the UAC Level
|
# Returns the UAC Level
|
||||||
#
|
#
|
||||||
|
# @see http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx
|
||||||
# 2 - Always Notify, 5 - Default, 0 - Disabled
|
# 2 - Always Notify, 5 - Default, 0 - Disabled
|
||||||
#
|
#
|
||||||
def get_uac_level
|
def get_uac_level
|
||||||
begin
|
begin
|
||||||
open_key = session.sys.registry.open_key(
|
uac_level = registry_getvaldata(
|
||||||
HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
|
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
|
||||||
KEY_READ
|
'ConsentPromptBehaviorAdmin'
|
||||||
)
|
)
|
||||||
uac_level = open_key.query_value('ConsentPromptBehaviorAdmin')
|
rescue Rex::Post::Meterpreter::RequestError => e
|
||||||
rescue Exception => e
|
print_error("Error Checking UAC Level: #{e.class} #{e}")
|
||||||
print_error("Error Checking UAC: #{e.class} #{e}")
|
end
|
||||||
|
|
||||||
|
if uac_level
|
||||||
|
return uac_level
|
||||||
|
else
|
||||||
|
return nil
|
||||||
end
|
end
|
||||||
return uac_level.data
|
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -132,14 +138,12 @@ module Msf::Post::Windows::Priv
|
||||||
if whoami.nil?
|
if whoami.nil?
|
||||||
print_error("Unable to identify integrity level")
|
print_error("Unable to identify integrity level")
|
||||||
return nil
|
return nil
|
||||||
elsif whoami.include? LowIntegrityLevel
|
else
|
||||||
return LowIntegrityLevel
|
INTEGRITY_LEVEL_SID.each_pair do |k,sid|
|
||||||
elsif whoami.include? MediumIntegrityLevel
|
if whoami.include? sid
|
||||||
return MediumIntegrityLevel
|
return sid
|
||||||
elsif whoami.include? HighIntegrityLevel
|
end
|
||||||
return HighIntegrityLevel
|
end
|
||||||
elsif whoami.include? SystemIntegrityLevel
|
|
||||||
return SystemIntegrityLevel
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -149,7 +153,7 @@ module Msf::Post::Windows::Priv
|
||||||
# Returns nil if Windows whoami is not available
|
# Returns nil if Windows whoami is not available
|
||||||
#
|
#
|
||||||
def get_whoami
|
def get_whoami
|
||||||
whoami = cmd_exec('cmd /c whoami /groups')
|
whoami = cmd_exec('cmd.exe /c whoami /groups')
|
||||||
|
|
||||||
if whoami.nil? or whoami.empty?
|
if whoami.nil? or whoami.empty?
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
window.addons_detect = { };
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the version of Microsoft Office. If not found, returns null.
|
||||||
|
**/
|
||||||
|
window.addons_detect.getMsOfficeVersion = function () {
|
||||||
|
var version;
|
||||||
|
var types = new Array();
|
||||||
|
for (var i=1; i <= 5; i++) {
|
||||||
|
try {
|
||||||
|
types[i-1] = typeof(new ActiveXObject("SharePoint.OpenDocuments." + i.toString()));
|
||||||
|
}
|
||||||
|
catch (e) {
|
||||||
|
types[i-1] = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
|
||||||
|
types[3] == 'object' && types[4] == 'object')
|
||||||
|
{
|
||||||
|
version = "2012";
|
||||||
|
}
|
||||||
|
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
|
||||||
|
types[3] == 'object' && types[4] == null)
|
||||||
|
{
|
||||||
|
version = "2010";
|
||||||
|
}
|
||||||
|
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
|
||||||
|
types[3] == null && types[4] == null)
|
||||||
|
{
|
||||||
|
version = "2007";
|
||||||
|
}
|
||||||
|
else if (types[0] == 'object' && types[1] == 'object' && types[2] == null &&
|
||||||
|
types[3] == null && types[4] == null)
|
||||||
|
{
|
||||||
|
version = "2003";
|
||||||
|
}
|
||||||
|
else if (types[0] == 'object' && types[1] == null && types[2] == null &&
|
||||||
|
types[3] == null && types[4] == null)
|
||||||
|
{
|
||||||
|
// If run for the first time, you must manullay allow the "Microsoft Office XP"
|
||||||
|
// add-on to run. However, this prompt won't show because the ActiveXObject statement
|
||||||
|
// is wrapped in an exception handler.
|
||||||
|
version = "xp";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
version = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return version;
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
# -*- coding: binary -*-
|
||||||
|
|
||||||
|
require 'msf/core'
|
||||||
|
require 'rex/text'
|
||||||
|
require 'rex/exploitation/jsobfu'
|
||||||
|
|
||||||
|
module Rex
|
||||||
|
module Exploitation
|
||||||
|
|
||||||
|
#
|
||||||
|
# Provides javascript functions to determine addon information.
|
||||||
|
#
|
||||||
|
# getMsOfficeVersion(): Returns the version for Microsoft Office
|
||||||
|
#
|
||||||
|
class JavascriptAddonsDetect < JSObfu
|
||||||
|
|
||||||
|
def initialize(custom_js = '', opts = {})
|
||||||
|
@js = custom_js
|
||||||
|
@js += ::File.read(::File.join(::File.dirname(__FILE__), "javascriptaddonsdetect.js"))
|
||||||
|
|
||||||
|
super @js
|
||||||
|
|
||||||
|
return @js
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -52,6 +52,13 @@ window.os_detect.getVersion = function(){
|
||||||
return d.style[propCamelCase] === css;
|
return d.style[propCamelCase] === css;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var input_type_is_valid = function(input_type) {
|
||||||
|
if (!document.createElement) return false;
|
||||||
|
var input = document.createElement('input');
|
||||||
|
input.setAttribute('type', input_type);
|
||||||
|
return input.type == input_type;
|
||||||
|
}
|
||||||
|
|
||||||
//--
|
//--
|
||||||
// Client
|
// Client
|
||||||
//--
|
//--
|
||||||
|
@ -203,7 +210,13 @@ window.os_detect.getVersion = function(){
|
||||||
// Thanks to developer.mozilla.org "Firefox for developers" series for most
|
// Thanks to developer.mozilla.org "Firefox for developers" series for most
|
||||||
// of these.
|
// of these.
|
||||||
// Release changelogs: http://www.mozilla.org/en-US/firefox/releases/
|
// Release changelogs: http://www.mozilla.org/en-US/firefox/releases/
|
||||||
if ('HTMLTimeElement' in window) {
|
if ('DeviceStorage' in window && window.DeviceStorage &&
|
||||||
|
'default' in window.DeviceStorage.prototype) {
|
||||||
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=874213
|
||||||
|
ua_version = '24.0'
|
||||||
|
} else if (input_type_is_valid('range')) {
|
||||||
|
ua_version = '23.0'
|
||||||
|
} else if ('HTMLTimeElement' in window) {
|
||||||
ua_version = '22.0'
|
ua_version = '22.0'
|
||||||
} else if ('createElement' in document &&
|
} else if ('createElement' in document &&
|
||||||
document.createElement('main') &&
|
document.createElement('main') &&
|
||||||
|
|
|
@ -0,0 +1,239 @@
|
||||||
|
require "rex/parser/nokogiri_doc_mixin"
|
||||||
|
|
||||||
|
module Rex
|
||||||
|
module Parser
|
||||||
|
|
||||||
|
load_nokogiri && class Outpost24Document < Nokogiri::XML::SAX::Document
|
||||||
|
|
||||||
|
include NokogiriDocMixin
|
||||||
|
|
||||||
|
def start_element(name, attrs)
|
||||||
|
@state[:current_tag][name] = true
|
||||||
|
case name
|
||||||
|
when "description", "information"
|
||||||
|
return unless in_tag("detaillist")
|
||||||
|
return unless in_tag("detail")
|
||||||
|
record_text
|
||||||
|
when "detail"
|
||||||
|
return unless in_tag("detaillist")
|
||||||
|
record_vuln
|
||||||
|
when "detaillist"
|
||||||
|
record_vulns
|
||||||
|
when "host"
|
||||||
|
return unless in_tag("hostlist")
|
||||||
|
record_host
|
||||||
|
when "hostlist"
|
||||||
|
record_hosts
|
||||||
|
when "id"
|
||||||
|
return unless in_tag("detaillist")
|
||||||
|
return unless in_tag("detail")
|
||||||
|
return unless in_tag("cve")
|
||||||
|
record_text
|
||||||
|
when "name"
|
||||||
|
return unless in_tag("hostlist") || in_tag("detaillist")
|
||||||
|
return unless in_tag("host") || in_tag("detail")
|
||||||
|
record_text
|
||||||
|
when "platform"
|
||||||
|
return unless in_tag("hostlist")
|
||||||
|
return unless in_tag("host")
|
||||||
|
record_text
|
||||||
|
when "portinfo"
|
||||||
|
return unless in_tag("portlist")
|
||||||
|
return unless in_tag("portlist-host")
|
||||||
|
record_service
|
||||||
|
when "portlist"
|
||||||
|
record_services
|
||||||
|
when "portnumber", "protocol", "service"
|
||||||
|
return unless in_tag("portlist")
|
||||||
|
return unless in_tag("portlist-host")
|
||||||
|
return unless in_tag("portinfo")
|
||||||
|
record_text
|
||||||
|
when "report", "ip"
|
||||||
|
record_text
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def end_element(name)
|
||||||
|
case name
|
||||||
|
when "description", "information"
|
||||||
|
return unless in_tag("detaillist")
|
||||||
|
return unless in_tag("detail")
|
||||||
|
collect_vuln_data(name)
|
||||||
|
when "detail"
|
||||||
|
return unless in_tag("detaillist")
|
||||||
|
collect_vuln
|
||||||
|
when "detaillist"
|
||||||
|
report_vulns
|
||||||
|
when "host"
|
||||||
|
return unless in_tag("hostlist")
|
||||||
|
collect_host
|
||||||
|
when "hostlist"
|
||||||
|
report_hosts
|
||||||
|
when "id"
|
||||||
|
return unless in_tag("detaillist")
|
||||||
|
return unless in_tag("detail")
|
||||||
|
return unless in_tag("cve")
|
||||||
|
collect_vuln_data(name)
|
||||||
|
when "ip"
|
||||||
|
collect_ip
|
||||||
|
when "name"
|
||||||
|
if in_tag("hostlist") && in_tag("host")
|
||||||
|
collect_host_data(name)
|
||||||
|
elsif in_tag("detaillist") && in_tag("detail")
|
||||||
|
collect_vuln_data(name)
|
||||||
|
end
|
||||||
|
when "platform"
|
||||||
|
return unless in_tag("hostlist")
|
||||||
|
return unless in_tag("host")
|
||||||
|
collect_host_data(name)
|
||||||
|
when "portinfo"
|
||||||
|
return unless in_tag("portlist")
|
||||||
|
return unless in_tag("portlist-host")
|
||||||
|
collect_service
|
||||||
|
when "portlist"
|
||||||
|
report_services
|
||||||
|
when "portnumber", "protocol", "service"
|
||||||
|
return unless in_tag("portlist")
|
||||||
|
return unless in_tag("portlist-host")
|
||||||
|
return unless in_tag("portinfo")
|
||||||
|
collect_service_data(name)
|
||||||
|
when "report"
|
||||||
|
collect_product
|
||||||
|
end
|
||||||
|
@state[:current_tag].delete(name)
|
||||||
|
end
|
||||||
|
|
||||||
|
def record_hosts
|
||||||
|
@report_data[:hosts] = []
|
||||||
|
end
|
||||||
|
|
||||||
|
def record_services
|
||||||
|
@report_data[:services] = []
|
||||||
|
end
|
||||||
|
|
||||||
|
def record_vulns
|
||||||
|
@report_data[:vulns] = []
|
||||||
|
end
|
||||||
|
|
||||||
|
def record_host
|
||||||
|
@host = {}
|
||||||
|
end
|
||||||
|
|
||||||
|
def record_service
|
||||||
|
@service = {}
|
||||||
|
end
|
||||||
|
|
||||||
|
def record_vuln
|
||||||
|
@vuln = {}
|
||||||
|
@refs = []
|
||||||
|
end
|
||||||
|
|
||||||
|
def record_text
|
||||||
|
@state[:has_text] = true
|
||||||
|
end
|
||||||
|
|
||||||
|
def collect_host
|
||||||
|
@host[:host] = @state[:host]
|
||||||
|
@host[:name] = @state[:hname]
|
||||||
|
@host[:os_name] = @state[:os_name]
|
||||||
|
@host[:info] = @state[:pinfo]
|
||||||
|
@report_data[:hosts] << @host
|
||||||
|
end
|
||||||
|
|
||||||
|
def collect_service
|
||||||
|
@service[:host] = @state[:host]
|
||||||
|
@service[:port] = @state[:port]
|
||||||
|
@service[:proto] = @state[:proto]
|
||||||
|
@service[:name] = @state[:sname]
|
||||||
|
@service[:info] = @state[:pinfo]
|
||||||
|
@report_data[:services] << @service
|
||||||
|
end
|
||||||
|
|
||||||
|
def collect_vuln
|
||||||
|
@vuln[:host] = @state[:host]
|
||||||
|
@vuln[:name] = @state[:vname]
|
||||||
|
@vuln[:info] = @state[:vinfo]
|
||||||
|
@vuln[:refs] = @refs
|
||||||
|
@report_data[:vulns] << @vuln
|
||||||
|
end
|
||||||
|
|
||||||
|
def collect_product
|
||||||
|
@state[:has_text] = false
|
||||||
|
@state[:pinfo] = @text.strip if @text
|
||||||
|
@text = nil
|
||||||
|
end
|
||||||
|
|
||||||
|
def collect_ip
|
||||||
|
@state[:has_text] = false
|
||||||
|
@state[:host] = @text.strip if @text
|
||||||
|
@text = nil
|
||||||
|
end
|
||||||
|
|
||||||
|
def collect_host_data(name)
|
||||||
|
@state[:has_text] = false
|
||||||
|
if name == "name"
|
||||||
|
@state[:hname] = @text.strip if @text
|
||||||
|
elsif name == "platform"
|
||||||
|
if @text
|
||||||
|
@state[:os_name] = @text.strip
|
||||||
|
else
|
||||||
|
@state[:os_name] = Msf::OperatingSystems::UNKNOWN
|
||||||
|
end
|
||||||
|
end
|
||||||
|
@text = nil
|
||||||
|
end
|
||||||
|
|
||||||
|
def collect_service_data(name)
|
||||||
|
@state[:has_text] = false
|
||||||
|
if name == "portnumber"
|
||||||
|
@state[:port] = @text.strip if @text
|
||||||
|
elsif name == "protocol"
|
||||||
|
@state[:proto] = @text.strip.downcase if @text
|
||||||
|
elsif name == "service"
|
||||||
|
@state[:sname] = @text.strip if @text
|
||||||
|
end
|
||||||
|
@text = nil
|
||||||
|
end
|
||||||
|
|
||||||
|
def collect_vuln_data(name)
|
||||||
|
@state[:has_text] = false
|
||||||
|
if name == "name"
|
||||||
|
@state[:vname] = @text.strip if @text
|
||||||
|
elsif name == "description"
|
||||||
|
@state[:vinfo] = @text.strip if @text
|
||||||
|
elsif name == "information"
|
||||||
|
@state[:vinfo] << " #{@text.strip if @text}"
|
||||||
|
elsif name == "id"
|
||||||
|
@state[:ref] = @text.strip if @text
|
||||||
|
@refs << normalize_ref("CVE", @state[:ref])
|
||||||
|
end
|
||||||
|
@text = nil
|
||||||
|
end
|
||||||
|
|
||||||
|
def report_hosts
|
||||||
|
block = @block
|
||||||
|
@report_data[:hosts].each do |h|
|
||||||
|
db.emit(:address, h[:host], &block) if block
|
||||||
|
db_report(:host, h)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def report_services
|
||||||
|
block = @block
|
||||||
|
@report_data[:services].each do |s|
|
||||||
|
db.emit(:service, "#{s[:host]}:#{s[:port]}/#{s[:proto]}", &block) if block
|
||||||
|
db_report(:service, s)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def report_vulns
|
||||||
|
block = @block
|
||||||
|
@report_data[:vulns].each do |v|
|
||||||
|
db.emit(:vuln, ["#{v[:name]} (#{v[:host]})", 1], &block) if block
|
||||||
|
db_report(:vuln, v)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -34,14 +34,18 @@ class Mimikatz < Extension
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
||||||
def send_custom_command(function, args=[])
|
def send_custom_command_raw(function, args=[])
|
||||||
request = Packet.create_request('mimikatz_custom_command')
|
request = Packet.create_request('mimikatz_custom_command')
|
||||||
request.add_tlv(TLV_TYPE_MIMIKATZ_FUNCTION, function)
|
request.add_tlv(TLV_TYPE_MIMIKATZ_FUNCTION, function)
|
||||||
args.each do |a|
|
args.each do |a|
|
||||||
request.add_tlv(TLV_TYPE_MIMIKATZ_ARGUMENT, a)
|
request.add_tlv(TLV_TYPE_MIMIKATZ_ARGUMENT, a)
|
||||||
end
|
end
|
||||||
response = client.send_request(request)
|
response = client.send_request(request)
|
||||||
return Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
|
return response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT)
|
||||||
|
end
|
||||||
|
|
||||||
|
def send_custom_command(function, args=[])
|
||||||
|
return Rex::Text.to_ascii(send_custom_command_raw(function, args))
|
||||||
end
|
end
|
||||||
|
|
||||||
def parse_creds_result(result)
|
def parse_creds_result(result)
|
||||||
|
@ -63,11 +67,18 @@ class Mimikatz < Extension
|
||||||
def parse_ssp_result(result)
|
def parse_ssp_result(result)
|
||||||
details = CSV.parse(result)
|
details = CSV.parse(result)
|
||||||
accounts = []
|
accounts = []
|
||||||
|
|
||||||
|
return accounts unless details
|
||||||
details.each do |acc|
|
details.each do |acc|
|
||||||
|
next unless acc.length == 5
|
||||||
ssps = acc[4].split(' }')
|
ssps = acc[4].split(' }')
|
||||||
|
next unless ssps
|
||||||
ssps.each do |ssp|
|
ssps.each do |ssp|
|
||||||
|
next unless ssp
|
||||||
s_acc = ssp.split(' ; ')
|
s_acc = ssp.split(' ; ')
|
||||||
|
next unless s_acc
|
||||||
user = s_acc[0].split('{ ')[1]
|
user = s_acc[0].split('{ ')[1]
|
||||||
|
next unless user
|
||||||
account = {
|
account = {
|
||||||
:authid => acc[0],
|
:authid => acc[0],
|
||||||
:package => acc[1],
|
:package => acc[1],
|
||||||
|
|
|
@ -106,7 +106,7 @@ class Console::CommandDispatcher::Mimikatz
|
||||||
)
|
)
|
||||||
|
|
||||||
accounts.each do |acc|
|
accounts.each do |acc|
|
||||||
table << [acc[:authid], acc[:package], acc[:domain], acc[:user], acc[:password]]
|
table << [acc[:authid], acc[:package], acc[:domain], acc[:user], acc[:password].gsub("\n","")]
|
||||||
end
|
end
|
||||||
|
|
||||||
print_line table.to_s
|
print_line table.to_s
|
||||||
|
|
|
@ -236,7 +236,15 @@ class Console::CommandDispatcher::Stdapi::Sys
|
||||||
when /win/
|
when /win/
|
||||||
path = client.fs.file.expand_path("%COMSPEC%")
|
path = client.fs.file.expand_path("%COMSPEC%")
|
||||||
path = (path and not path.empty?) ? path : "cmd.exe"
|
path = (path and not path.empty?) ? path : "cmd.exe"
|
||||||
cmd_execute("-f", path, "-c", "-H", "-i", "-t")
|
|
||||||
|
# attempt the shell with thread impersonation
|
||||||
|
begin
|
||||||
|
cmd_execute("-f", path, "-c", "-H", "-i", "-t")
|
||||||
|
rescue
|
||||||
|
# if this fails, then we attempt without impersonation
|
||||||
|
print_error( "Failed to spawn shell with thread impersonation. Retrying without it." )
|
||||||
|
cmd_execute("-f", path, "-c", "-H", "-i")
|
||||||
|
end
|
||||||
when /linux/
|
when /linux/
|
||||||
# Don't expand_path() this because it's literal anyway
|
# Don't expand_path() this because it's literal anyway
|
||||||
path = "/bin/sh"
|
path = "/bin/sh"
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# Framework web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/framework/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
@ -34,7 +32,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
[
|
[
|
||||||
[ 'CVE', '2011-0923' ],
|
[ 'CVE', '2011-0923' ],
|
||||||
[ 'OSVDB', '72526' ],
|
[ 'OSVDB', '72526' ],
|
||||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-11-055/' ],
|
[ 'ZDI', '11-055' ],
|
||||||
[ 'URL', 'http://c4an-dl.blogspot.com/hp-data-protector-vuln.html' ],
|
[ 'URL', 'http://c4an-dl.blogspot.com/hp-data-protector-vuln.html' ],
|
||||||
[ 'URL', 'http://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux' ]
|
[ 'URL', 'http://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux' ]
|
||||||
],
|
],
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# Framework web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/framework/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# Framework web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/framework/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'uri'
|
require 'uri'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
@ -42,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
[
|
[
|
||||||
Opt::RPORT(8080),
|
Opt::RPORT(8080),
|
||||||
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
|
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
|
||||||
File.join(Msf::Config.install_root, "data", "wordlists", "sensitive_files.txt") ]),
|
File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
|
||||||
OptInt.new('MAXDIRS', [ true, 'The maximum directory depth to search', 7]),
|
OptInt.new('MAXDIRS', [ true, 'The maximum directory depth to search', 7]),
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
@ -43,7 +41,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
Opt::RPORT(8443),
|
Opt::RPORT(8443),
|
||||||
OptBool.new('SSL', [true, 'Use SSL', true]),
|
OptBool.new('SSL', [true, 'Use SSL', true]),
|
||||||
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
|
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
|
||||||
File.join(Msf::Config.install_root, "data", "wordlists", "sensitive_files.txt") ]),
|
File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
|
||||||
], self.class)
|
], self.class)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
@ -28,7 +26,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
'License' => MSF_LICENSE,
|
'License' => MSF_LICENSE,
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
[ 'URL', 'http://www.net-security.org/secworld.php?id=15743' ],
|
[ 'URL', 'http://blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html'],
|
||||||
|
[ 'OSVDB', '98370' ],
|
||||||
[ 'URL', 'http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5']
|
[ 'URL', 'http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5']
|
||||||
],
|
],
|
||||||
'DisclosureDate' => 'Oct 09 2013'))
|
'DisclosureDate' => 'Oct 09 2013'))
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# Framework web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/framework/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -8,10 +8,8 @@
|
||||||
##
|
##
|
||||||
|
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
@ -657,7 +655,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
FROM sys.user$
|
FROM sys.user$
|
||||||
where password != 'null' and type# = 1
|
where password != 'null' and type# = 1
|
||||||
|
|
|
|
||||||
ordfltpss = "#{File.join(Msf::Config.install_root, "data", "wordlists", "oracle_default_hashes.txt")}"
|
ordfltpss = "#{File.join(Msf::Config.data_directory, "wordlists", "oracle_default_hashes.txt")}"
|
||||||
returnedstring = prepare_exec(query)
|
returnedstring = prepare_exec(query)
|
||||||
accts = {}
|
accts = {}
|
||||||
returnedstring.each do |record|
|
returnedstring.each do |record|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
@ -24,7 +22,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
[ 'CVE', '2008-5448' ],
|
[ 'CVE', '2008-5448' ],
|
||||||
[ 'OSVDB', '51342' ],
|
[ 'OSVDB', '51342' ],
|
||||||
[ 'URL', 'http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html' ],
|
[ 'URL', 'http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html' ],
|
||||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-003' ],
|
[ 'ZDI', '09-003' ],
|
||||||
],
|
],
|
||||||
'DisclosureDate' => 'Jan 14 2009'))
|
'DisclosureDate' => 'Jan 14 2009'))
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
@ -28,8 +26,8 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
[ 'OSVDB', '55903' ],
|
[ 'OSVDB', '55903' ],
|
||||||
[ 'CVE', '2009-1978' ],
|
[ 'CVE', '2009-1978' ],
|
||||||
[ 'OSVDB', '55904' ],
|
[ 'OSVDB', '55904' ],
|
||||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-058' ],
|
[ 'ZDI', '09-058' ],
|
||||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-059' ],
|
[ 'ZDI', '09-059' ],
|
||||||
],
|
],
|
||||||
'DisclosureDate' => 'Aug 18 2009'))
|
'DisclosureDate' => 'Aug 18 2009'))
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
@ -26,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
[
|
[
|
||||||
[ 'CVE', '2010-0904' ],
|
[ 'CVE', '2010-0904' ],
|
||||||
[ 'OSVDB', '66338'],
|
[ 'OSVDB', '66338'],
|
||||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-118' ],
|
[ 'ZDI', '10-118' ],
|
||||||
],
|
],
|
||||||
'DisclosureDate' => 'Jul 13 2010'))
|
'DisclosureDate' => 'Jul 13 2010'))
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
require 'msf/core'
|
require 'msf/core'
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
##
|
##
|
||||||
# This file is part of the Metasploit Framework and may be subject to
|
# This module requires Metasploit: http//metasploit.com/download
|
||||||
# redistribution and commercial restrictions. Please see the Metasploit
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
# web site for more information on licensing and terms of use.
|
|
||||||
# http://metasploit.com/
|
|
||||||
##
|
##
|
||||||
|
|
||||||
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue