Merge remote-tracking branch 'upstream/master' into bypassuac_redo
Conflicts: lib/msf/core/post/windows/priv.rb modules/exploits/windows/local/bypassuac.rbbug/bundler_fix
Meatballs
commit
e6a2a1006f
2
Gemfile
2
Gemfile
|
|
@ -40,6 +40,8 @@ group :development, :test do
|
|||
# Version 4.1.0 or newer is needed to support generate calls without the
|
||||
# 'FactoryGirl.' in factory definitions syntax.
|
||||
gem 'factory_girl', '>= 4.1.0'
|
||||
# Make rspec output shorter and more useful
|
||||
gem 'fivemat', '1.2.1'
|
||||
# running documentation generation tasks and rspec tasks
|
||||
gem 'rake', '>= 10.0.0'
|
||||
end
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ GEM
|
|||
diff-lcs (1.2.4)
|
||||
factory_girl (4.2.0)
|
||||
activesupport (>= 3.0.0)
|
||||
fivemat (1.2.1)
|
||||
i18n (0.6.5)
|
||||
json (1.8.0)
|
||||
metasploit_data_models (0.16.6)
|
||||
|
|
@ -62,6 +63,7 @@ DEPENDENCIES
|
|||
activesupport (>= 3.0.0)
|
||||
database_cleaner
|
||||
factory_girl (>= 4.1.0)
|
||||
fivemat (= 1.2.1)
|
||||
json
|
||||
metasploit_data_models (~> 0.16.6)
|
||||
msgpack
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -1,13 +0,0 @@
|
|||
K 10
|
||||
ascii_cert
|
||||
V 1844
|
||||
MIIFYzCCBEugAwIBAgIHBHTfnZklJzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5NjkyODcwHhcNMTAwMzE2MTIwOTU5WhcNMTMwNDAxMjIwMjI0WjBVMRcwFQYDVQQKEw5tZXRhc3Bsb2l0LmNvbTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRcwFQYDVQQDEw5tZXRhc3Bsb2l0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+V3Vs8M+48CofjzH5KE3MA1CmfXhz2vweW3x27TKhZBxbLLxVOpnbFTxfc6gD1NmcRfBRyRuGNclkwnkfQZ4YbkXIJWCjov0OZNfYTNOQbDtdZPK9q94h9wHUQOkpXl1k+Xe8+gVqLilqcS1ikISUQVsKBYa18FaT/PyFEv00ZsewtehL6C9oXCm81HH2S/HBu+CW1TJ3X5Loivs24aR65dzsKFhG2tnzUxox0Rg2ixPUue8xAoTGquujmy/0aa6yeT1kswFTLncTL/GLxQggtah9ul50pYQWRLuTNOIYsjSS32zPs1ZOTN8RkDrdCmEWPUxrzgmUmNQzKDvHjVp8CAwEAAaOCAcAwggG8MA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtMTUuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u6FX5q653aZaMznMC0GA1UdEQQmMCSCDm1ldGFzcGxvaXQuY29tghJ3d3cubWV0YXNwbG9pdC5jb20wHQYDVR0OBBYEFDkiSjDeC0NDm2ioUVerYRuLWtbyMA0GCSqGSIb3DQEBBQUAA4IBAQAgATMjfkj0zvvpTWSxVLUjtMTsei+lC8v79mTqM/+3DWZZj8Tc6xUyhxNreAW137WKiJxQSEnrdMzVxozp99iL4RYH1tVTukXV4XVkRbFrtAw7dCYV6dYbp4Ru4dy97CUBceUDCXQpC3t6CNU66RIg6UAa6MV7DmJrEUhNSAB5LqsY3oyhFcV5jT0QYGMC0XuUylzNBW4AWCnlMDysJhSJ75RHa9e76S6g8m4TWT3b02LCdunzcl1kq4cmH6xPr5X3U8CkV6YGBTQhltuNQMM5OBxga1lfCFa81hSSa3300f8YBhwMatloUgu5gzQh/o3nFDJL6CDh6/fCqZyI32r+
|
||||
K 8
|
||||
failures
|
||||
V 1
|
||||
8
|
||||
K 15
|
||||
svn:realmstring
|
||||
V 26
|
||||
https://metasploit.com:443
|
||||
END
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
K 10
|
||||
ascii_cert
|
||||
V 1844
|
||||
MIIFYzCCBEugAwIBAgIHBHTfnZklJzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5NjkyODcwHhcNMTAwMzE2MTIwOTU5WhcNMTMwNDAxMjIwMjI0WjBVMRcwFQYDVQQKEw5tZXRhc3Bsb2l0LmNvbTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRcwFQYDVQQDEw5tZXRhc3Bsb2l0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+V3Vs8M+48CofjzH5KE3MA1CmfXhz2vweW3x27TKhZBxbLLxVOpnbFTxfc6gD1NmcRfBRyRuGNclkwnkfQZ4YbkXIJWCjov0OZNfYTNOQbDtdZPK9q94h9wHUQOkpXl1k+Xe8+gVqLilqcS1ikISUQVsKBYa18FaT/PyFEv00ZsewtehL6C9oXCm81HH2S/HBu+CW1TJ3X5Loivs24aR65dzsKFhG2tnzUxox0Rg2ixPUue8xAoTGquujmy/0aa6yeT1kswFTLncTL/GLxQggtah9ul50pYQWRLuTNOIYsjSS32zPs1ZOTN8RkDrdCmEWPUxrzgmUmNQzKDvHjVp8CAwEAAaOCAcAwggG8MA8GA1UdEwEB/wQFMAMBAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkczEtMTUuY3JsMFMGA1UdIARMMEowSAYLYIZIAYb9bQEHFwEwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZF9pbnRlcm1lZGlhdGUuY3J0MB8GA1UdIwQYMBaAFP2sYTKTbEXW4u6FX5q653aZaMznMC0GA1UdEQQmMCSCDm1ldGFzcGxvaXQuY29tghJ3d3cubWV0YXNwbG9pdC5jb20wHQYDVR0OBBYEFDkiSjDeC0NDm2ioUVerYRuLWtbyMA0GCSqGSIb3DQEBBQUAA4IBAQAgATMjfkj0zvvpTWSxVLUjtMTsei+lC8v79mTqM/+3DWZZj8Tc6xUyhxNreAW137WKiJxQSEnrdMzVxozp99iL4RYH1tVTukXV4XVkRbFrtAw7dCYV6dYbp4Ru4dy97CUBceUDCXQpC3t6CNU66RIg6UAa6MV7DmJrEUhNSAB5LqsY3oyhFcV5jT0QYGMC0XuUylzNBW4AWCnlMDysJhSJ75RHa9e76S6g8m4TWT3b02LCdunzcl1kq4cmH6xPr5X3U8CkV6YGBTQhltuNQMM5OBxga1lfCFa81hSSa3300f8YBhwMatloUgu5gzQh/o3nFDJL6CDh6/fCqZyI32r+
|
||||
K 8
|
||||
failures
|
||||
V 1
|
||||
8
|
||||
K 15
|
||||
svn:realmstring
|
||||
V 30
|
||||
https://www.metasploit.com:443
|
||||
END
|
||||
|
|
@ -92,6 +92,7 @@ root
|
|||
router
|
||||
rw
|
||||
rwa
|
||||
s!a@m#n$p%c
|
||||
san-fran
|
||||
sanfran
|
||||
scotty
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ module Auxiliary::JohnTheRipper
|
|||
)
|
||||
|
||||
@run_path = nil
|
||||
@john_path = ::File.join(Msf::Config.install_root, "data", "john")
|
||||
@john_path = ::File.join(Msf::Config.data_directory, "john")
|
||||
|
||||
autodetect_platform
|
||||
end
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ module Auxiliary::MimeTypes
|
|||
end
|
||||
|
||||
def mime_load_extension_map
|
||||
path = File.join( Msf::Config.install_root, "data", "mime.yml")
|
||||
path = File.join( Msf::Config.data_directory, "mime.yml")
|
||||
@extension_map = YAML.load_file(path)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ require 'rex/parser/nexpose_simple_nokogiri'
|
|||
require 'rex/parser/nmap_nokogiri'
|
||||
require 'rex/parser/openvas_nokogiri'
|
||||
require 'rex/parser/wapiti_nokogiri'
|
||||
require 'rex/parser/outpost24_nokogiri'
|
||||
|
||||
# Legacy XML parsers -- these will be converted some day
|
||||
require 'rex/parser/ip360_aspl_xml'
|
||||
|
|
@ -2926,7 +2927,7 @@ class DBManager
|
|||
# Returns one of: :nexpose_simplexml :nexpose_rawxml :nmap_xml :openvas_xml
|
||||
# :nessus_xml :nessus_xml_v2 :qualys_scan_xml, :qualys_asset_xml, :msf_xml :nessus_nbe :amap_mlog
|
||||
# :amap_log :ip_list, :msf_zip, :libpcap, :foundstone_xml, :acunetix_xml, :appscan_xml
|
||||
# :burp_session, :ip360_xml_v3, :ip360_aspl_xml, :nikto_xml
|
||||
# :burp_session, :ip360_xml_v3, :ip360_aspl_xml, :nikto_xml, :outpost24_xml
|
||||
# If there is no match, an error is raised instead.
|
||||
def import_filetype_detect(data)
|
||||
|
||||
|
|
@ -3059,6 +3060,9 @@ class DBManager
|
|||
@import_filedata[:type] = "CI"
|
||||
return :ci_xml
|
||||
end
|
||||
when "main"
|
||||
@import_filedata[:type] = "Outpost24 XML"
|
||||
return :outpost24_xml
|
||||
else
|
||||
# Give up if we haven't hit the root tag in the first few lines
|
||||
break if line_count > 10
|
||||
|
|
@ -3649,7 +3653,7 @@ class DBManager
|
|||
data = ::File.open(args[:filename], "rb") {|f| f.read(f.stat.size)}
|
||||
wspace = args[:wspace] || args['wspace'] || workspace
|
||||
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||
basedir = args[:basedir] || args['basedir'] || ::File.join(Msf::Config.install_root, "data", "msf")
|
||||
basedir = args[:basedir] || args['basedir'] || ::File.join(Msf::Config.data_directory, "msf")
|
||||
|
||||
allow_yaml = false
|
||||
btag = nil
|
||||
|
|
@ -5923,6 +5927,36 @@ class DBManager
|
|||
parser.parse(args[:data])
|
||||
end
|
||||
|
||||
def import_outpost24_xml(args={}, &block)
|
||||
bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
|
||||
wspace = args[:wspace] || workspace
|
||||
if Rex::Parser.nokogiri_loaded
|
||||
parser = "Nokogiri v#{::Nokogiri::VERSION}"
|
||||
noko_args = args.dup
|
||||
noko_args[:blacklist] = bl
|
||||
noko_args[:wspace] = wspace
|
||||
if block
|
||||
yield(:parser, parser)
|
||||
import_outpost24_noko_stream(noko_args) {|type, data| yield type,data}
|
||||
else
|
||||
import_outpost24_noko_stream(noko_args)
|
||||
end
|
||||
return true
|
||||
else # Sorry
|
||||
raise DBImportError.new("Could not import due to missing Nokogiri parser. Try 'gem install nokogiri'.")
|
||||
end
|
||||
end
|
||||
|
||||
def import_outpost24_noko_stream(args={},&block)
|
||||
if block
|
||||
doc = Rex::Parser::Outpost24Document.new(args,framework.db) {|type, data| yield type,data }
|
||||
else
|
||||
doc = Rex::Parser::Outpost24Document.new(args,self)
|
||||
end
|
||||
parser = ::Nokogiri::XML::SAX::Parser.new(doc)
|
||||
parser.parse(args[:data])
|
||||
end
|
||||
|
||||
|
||||
def unserialize_object(xml_elem, allow_yaml = false)
|
||||
return nil unless xml_elem
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ module Exploit::CmdStagerDebugAsm
|
|||
register_advanced_options(
|
||||
[
|
||||
OptString.new( 'DECODERSTUB', [ true, 'The debug.exe assembly listing decoder stub to use.',
|
||||
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_asm")]),
|
||||
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "debug_asm")]),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ module Exploit::CmdStagerDebugWrite
|
|||
register_advanced_options(
|
||||
[
|
||||
OptString.new( 'DECODERSTUB', [ true, 'The debug.exe file-writing decoder stub to use.',
|
||||
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "debug_write")]),
|
||||
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "debug_write")]),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ module Exploit::CmdStagerVBS
|
|||
register_advanced_options(
|
||||
[
|
||||
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
|
||||
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64")]),
|
||||
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64")]),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ module Exploit::CmdStagerVBS::ADODB
|
|||
register_advanced_options(
|
||||
[
|
||||
OptString.new( 'DECODERSTUB', [ true, 'The VBS base64 file decoder stub to use.',
|
||||
File.join(Msf::Config.install_root, "data", "exploits", "cmdstager", "vbs_b64_adodb")]),
|
||||
File.join(Msf::Config.data_directory, "exploits", "cmdstager", "vbs_b64_adodb")]),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -47,19 +47,18 @@ module Exploit::FileDropper
|
|||
false
|
||||
end
|
||||
else
|
||||
cmds = [
|
||||
win_cmds = [
|
||||
%Q|attrib.exe -r "#{win_file}"|,
|
||||
%Q|del.exe /f /q "#{win_file}"|,
|
||||
%Q|rm -f "#{file}" >/dev/null|,
|
||||
%Q|del.exe /f /q "#{win_file}"|
|
||||
]
|
||||
|
||||
# We need to be platform-independent here. Since we can't be
|
||||
# certain that {#target} is accurate because exploits with
|
||||
# automatic targets frequently change it, we just go ahead and
|
||||
# run both a windows and a unixy command in the same line. One
|
||||
# of them will definitely fail and the other will probably
|
||||
# succeed. Doing it this way saves us an extra round-trip.
|
||||
session.shell_command_token(cmds.join(" ; "))
|
||||
# Trick shared by @mihi42
|
||||
session.shell_command_token("rm -f \"#{file}\" >/dev/null ; echo ' & #{win_cmds.join(" & ")} & echo \" ' >/dev/null")
|
||||
print_good("Deleted #{file}")
|
||||
true
|
||||
end
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ require 'rex/exploitation/obfuscatejs'
|
|||
require 'rex/exploitation/encryptjs'
|
||||
require 'rex/exploitation/heaplib'
|
||||
require 'rex/exploitation/javascriptosdetect'
|
||||
require 'rex/exploitation/javascriptaddonsdetect'
|
||||
|
||||
module Msf
|
||||
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ module Exploit::Java
|
|||
|
||||
# Instantiate the JVM with a classpath pointing to the JDK tools.jar
|
||||
# and our javatoolkit jar.
|
||||
classpath = File.join(Msf::Config.install_root, "data", "exploits", "msfJavaToolkit.jar")
|
||||
classpath = File.join(Msf::Config.data_directory, "exploits", "msfJavaToolkit.jar")
|
||||
classpath += ":" + toolsjar
|
||||
classpath += ":" + datastore['ADDCLASSPATH'] if datastore['ADDCLASSPATH']
|
||||
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ module Exploit::Remote::MSSQL
|
|||
register_advanced_options(
|
||||
[
|
||||
OptPath.new('HEX2BINARY', [ false, "The path to the hex2binary script on the disk",
|
||||
File.join(Msf::Config.install_root, "data", "exploits", "mssql", "h2b")
|
||||
File.join(Msf::Config.data_directory, "exploits", "mssql", "h2b")
|
||||
]),
|
||||
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentication', 'WORKSTATION'])
|
||||
], Msf::Exploit::Remote::MSSQL)
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ module Exploit::Remote::MSSQL_SQLI
|
|||
register_advanced_options(
|
||||
[
|
||||
OptPath.new('HEX2BINARY', [ false, "The path to the hex2binary script on the disk",
|
||||
File.join(Msf::Config.install_root, "data", "exploits", "mssql", "h2b")
|
||||
File.join(Msf::Config.data_directory, "exploits", "mssql", "h2b")
|
||||
])
|
||||
], Msf::Exploit::Remote::MSSQL_SQLI)
|
||||
|
||||
|
|
|
|||
|
|
@ -150,7 +150,7 @@ module Exploit::Remote::MYSQL
|
|||
|
||||
def mysql_upload_sys_udf(arch=:win32,target_path=nil)
|
||||
fname = (arch == :win32 ? "lib_mysqludf_sys_32.dll" : "lib_mysqludf_sys_64.dll")
|
||||
sys_dll = File.join( Msf::Config.install_root, "data", "exploits", "mysql", fname )
|
||||
sys_dll = File.join( Msf::Config.data_directory, "exploits", "mysql", fname )
|
||||
data = File.open(sys_dll, "rb") {|f| f.read f.stat.size}
|
||||
blob = "0x"
|
||||
blob << data.unpack("C*").map {|x| "%02x" % [x]}.join
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ module Exploit::Powershell
|
|||
|
||||
ps_wrapper = <<EOS
|
||||
$si = New-Object System.Diagnostics.ProcessStartInfo
|
||||
$si.FileName = "#{ps_bin}"
|
||||
$si.FileName = #{ps_bin}
|
||||
$si.Arguments = '#{ps_args}'
|
||||
$si.UseShellExecute = $false
|
||||
$si.RedirectStandardOutput = $true
|
||||
|
|
@ -146,11 +146,11 @@ EOS
|
|||
psh_payload << "while(1){Start-Sleep -s #{sleep_time};#{fun_name};1};"
|
||||
end
|
||||
# Determine appropriate architecture
|
||||
ps_bin = wow64 ? '$env:windir\syswow64\WindowsPowerShell\v1.0\powershell.exe' : 'powershell.exe'
|
||||
ps_bin = wow64 ? '$env:windir+\'\syswow64\WindowsPowerShell\v1.0\powershell.exe\'' : '\'powershell.exe\''
|
||||
# Wrap in hidden runtime
|
||||
psh_payload = run_hidden_psh(psh_payload,ps_bin)
|
||||
# Convert to base64 for -encodedcommand execution
|
||||
command = "%COMSPEC% /B /C start powershell.exe -Command \"#{psh_payload.gsub("\n",';').gsub('"','\"')}\"\r\n"
|
||||
command = "%COMSPEC% /B /C start powershell.exe -Command #{psh_payload.gsub("\n",';').gsub('"','\"')}\r\n"
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -150,7 +150,7 @@ module Exploit::Remote::SunRPC
|
|||
end
|
||||
|
||||
def progresolv(number)
|
||||
names = File.join(Msf::Config.install_root, "data", "wordlists", "rpc_names.txt")
|
||||
names = File.join(Msf::Config.data_directory, "wordlists", "rpc_names.txt")
|
||||
File.open(names, "rb").each_line do |line|
|
||||
next if line.empty? || line =~ /^\s*#/
|
||||
|
||||
|
|
|
|||
|
|
@ -112,6 +112,8 @@ class Msf::Module::SiteReference < Msf::Module::Reference
|
|||
self.site = 'http://www.kb.cert.org/vuls/id/' + in_ctx_val.to_s
|
||||
elsif (in_ctx_id == 'BPS')
|
||||
self.site = 'https://strikecenter.bpointsys.com/bps/advisory/BPS-' + in_ctx_val.to_s
|
||||
elsif (in_ctx_id == 'ZDI')
|
||||
self.site = 'http://www.zerodayinitiative.com/advisories/ZDI-' + in_ctx_val.to_s
|
||||
elsif (in_ctx_id == 'URL')
|
||||
self.site = in_ctx_val.to_s
|
||||
else
|
||||
|
|
|
|||
|
|
@ -1,25 +1,30 @@
|
|||
# -*- coding: binary -*-
|
||||
|
||||
require 'msf/core/post/windows/accounts'
|
||||
require 'msf/core/post/windows/registry'
|
||||
|
||||
module Msf::Post::Windows::Priv
|
||||
include ::Msf::Post::Windows::Accounts
|
||||
include Msf::Post::Windows::Registry
|
||||
|
||||
LowIntegrityLevel = 'S-1-16-4096'
|
||||
MediumIntegrityLevel = 'S-1-16-8192'
|
||||
HighIntegrityLevel = 'S-1-16-12288'
|
||||
SystemIntegrityLevel = 'S-1-16-16384'
|
||||
INTEGRITY_LEVEL_SID = {
|
||||
:low => 'S-1-16-4096',
|
||||
:medium => 'S-1-16-8192',
|
||||
:high => 'S-1-16-12288',
|
||||
:system => 'S-1-16-16384'
|
||||
}
|
||||
|
||||
Administrators = 'S-1-5-32-544'
|
||||
SYSTEM_SID = 'S-1-5-18'
|
||||
ADMINISTRATORS_SID = 'S-1-5-32-544'
|
||||
|
||||
# http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx
|
||||
# ConsentPromptBehaviorAdmin
|
||||
UACNoPrompt = 0
|
||||
UACPromptCredsIfSecureDesktop = 1
|
||||
UACPromptConsentIfSecureDesktop = 2
|
||||
UACPromptCreds = 3
|
||||
UACPromptConsent = 4
|
||||
UACDefault = 5
|
||||
UAC_NO_PROMPT = 0
|
||||
UAC_PROMPT_CREDS_IF_SECURE_DESKTOP = 1
|
||||
UAC_PROMPT_CONSENT_IF_SECURE_DESKTOP = 2
|
||||
UAC_PROMPT_CREDS = 3
|
||||
UAC_PROMPT_CONSENT = 4
|
||||
UAC_DEFAULT = 5
|
||||
|
||||
#
|
||||
# Returns true if user is admin and false if not.
|
||||
|
|
@ -29,12 +34,11 @@ module Msf::Post::Windows::Priv
|
|||
# Assume true if the OS doesn't expose this (Windows 2000)
|
||||
session.railgun.shell32.IsUserAnAdmin()["return"] rescue true
|
||||
else
|
||||
cmd = "cmd.exe /c reg query HKU\\S-1-5-19"
|
||||
results = session.shell_command_token_win32(cmd)
|
||||
if results =~ /Error/
|
||||
return false
|
||||
else
|
||||
local_service_key = registry_enumkeys('HKU\S-1-5-19')
|
||||
if local_service_key
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -48,7 +52,7 @@ module Msf::Post::Windows::Priv
|
|||
if whoami.nil?
|
||||
print_error("Unable to identify admin group membership")
|
||||
return nil
|
||||
elsif whoami.include? Administrators
|
||||
elsif whoami.include? ADMINISTRATORS_SID
|
||||
return true
|
||||
else
|
||||
return false
|
||||
|
|
@ -60,19 +64,18 @@ module Msf::Post::Windows::Priv
|
|||
#
|
||||
def is_system?
|
||||
if session_has_ext
|
||||
local_sys = resolve_sid("S-1-5-18")
|
||||
local_sys = resolve_sid(SYSTEM_SID)
|
||||
if session.sys.config.getuid == "#{local_sys[:domain]}\\#{local_sys[:name]}"
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
else
|
||||
cmd = "cmd.exe /c reg query HKLM\\SAM\\SAM"
|
||||
results = session.shell_command_token_win32(cmd)
|
||||
if results =~ /Error/
|
||||
return false
|
||||
else
|
||||
results = registry_enumkeys('HKLM\SAM\SAM')
|
||||
if results
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -90,15 +93,13 @@ module Msf::Post::Windows::Priv
|
|||
if winversion =~ /Windows (Vista|7|8|2008)/
|
||||
unless is_system?
|
||||
begin
|
||||
key = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',KEY_READ)
|
||||
|
||||
if key.query_value('EnableLUA').data == 1
|
||||
uac = true
|
||||
end
|
||||
|
||||
key.close
|
||||
rescue::Exception => e
|
||||
print_error("Error Checking UAC: #{e.class} #{e}")
|
||||
enable_lua = registry_getvaldata(
|
||||
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
|
||||
'EnableLUA'
|
||||
)
|
||||
uac = (enable_lua == 1)
|
||||
rescue Rex::Post::Meterpreter::RequestError => e
|
||||
print_error("Error Checking if UAC is Enabled: #{e.class} #{e}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -108,19 +109,24 @@ module Msf::Post::Windows::Priv
|
|||
#
|
||||
# Returns the UAC Level
|
||||
#
|
||||
# @see http://technet.microsoft.com/en-us/library/dd835564(v=ws.10).aspx
|
||||
# 2 - Always Notify, 5 - Default, 0 - Disabled
|
||||
#
|
||||
def get_uac_level
|
||||
begin
|
||||
open_key = session.sys.registry.open_key(
|
||||
HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
|
||||
KEY_READ
|
||||
uac_level = registry_getvaldata(
|
||||
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',
|
||||
'ConsentPromptBehaviorAdmin'
|
||||
)
|
||||
uac_level = open_key.query_value('ConsentPromptBehaviorAdmin')
|
||||
rescue Exception => e
|
||||
print_error("Error Checking UAC: #{e.class} #{e}")
|
||||
rescue Rex::Post::Meterpreter::RequestError => e
|
||||
print_error("Error Checking UAC Level: #{e.class} #{e}")
|
||||
end
|
||||
|
||||
if uac_level
|
||||
return uac_level
|
||||
else
|
||||
return nil
|
||||
end
|
||||
return uac_level.data
|
||||
end
|
||||
|
||||
#
|
||||
|
|
@ -132,14 +138,12 @@ module Msf::Post::Windows::Priv
|
|||
if whoami.nil?
|
||||
print_error("Unable to identify integrity level")
|
||||
return nil
|
||||
elsif whoami.include? LowIntegrityLevel
|
||||
return LowIntegrityLevel
|
||||
elsif whoami.include? MediumIntegrityLevel
|
||||
return MediumIntegrityLevel
|
||||
elsif whoami.include? HighIntegrityLevel
|
||||
return HighIntegrityLevel
|
||||
elsif whoami.include? SystemIntegrityLevel
|
||||
return SystemIntegrityLevel
|
||||
else
|
||||
INTEGRITY_LEVEL_SID.each_pair do |k,sid|
|
||||
if whoami.include? sid
|
||||
return sid
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -149,7 +153,7 @@ module Msf::Post::Windows::Priv
|
|||
# Returns nil if Windows whoami is not available
|
||||
#
|
||||
def get_whoami
|
||||
whoami = cmd_exec('cmd /c whoami /groups')
|
||||
whoami = cmd_exec('cmd.exe /c whoami /groups')
|
||||
|
||||
if whoami.nil? or whoami.empty?
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -0,0 +1,51 @@
|
|||
window.addons_detect = { };
|
||||
|
||||
/**
|
||||
* Returns the version of Microsoft Office. If not found, returns null.
|
||||
**/
|
||||
window.addons_detect.getMsOfficeVersion = function () {
|
||||
var version;
|
||||
var types = new Array();
|
||||
for (var i=1; i <= 5; i++) {
|
||||
try {
|
||||
types[i-1] = typeof(new ActiveXObject("SharePoint.OpenDocuments." + i.toString()));
|
||||
}
|
||||
catch (e) {
|
||||
types[i-1] = null;
|
||||
}
|
||||
}
|
||||
|
||||
if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
|
||||
types[3] == 'object' && types[4] == 'object')
|
||||
{
|
||||
version = "2012";
|
||||
}
|
||||
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
|
||||
types[3] == 'object' && types[4] == null)
|
||||
{
|
||||
version = "2010";
|
||||
}
|
||||
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
|
||||
types[3] == null && types[4] == null)
|
||||
{
|
||||
version = "2007";
|
||||
}
|
||||
else if (types[0] == 'object' && types[1] == 'object' && types[2] == null &&
|
||||
types[3] == null && types[4] == null)
|
||||
{
|
||||
version = "2003";
|
||||
}
|
||||
else if (types[0] == 'object' && types[1] == null && types[2] == null &&
|
||||
types[3] == null && types[4] == null)
|
||||
{
|
||||
// If run for the first time, you must manullay allow the "Microsoft Office XP"
|
||||
// add-on to run. However, this prompt won't show because the ActiveXObject statement
|
||||
// is wrapped in an exception handler.
|
||||
version = "xp";
|
||||
}
|
||||
else {
|
||||
version = null;
|
||||
}
|
||||
|
||||
return version;
|
||||
}
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
# -*- coding: binary -*-
|
||||
|
||||
require 'msf/core'
|
||||
require 'rex/text'
|
||||
require 'rex/exploitation/jsobfu'
|
||||
|
||||
module Rex
|
||||
module Exploitation
|
||||
|
||||
#
|
||||
# Provides javascript functions to determine addon information.
|
||||
#
|
||||
# getMsOfficeVersion(): Returns the version for Microsoft Office
|
||||
#
|
||||
class JavascriptAddonsDetect < JSObfu
|
||||
|
||||
def initialize(custom_js = '', opts = {})
|
||||
@js = custom_js
|
||||
@js += ::File.read(::File.join(::File.dirname(__FILE__), "javascriptaddonsdetect.js"))
|
||||
|
||||
super @js
|
||||
|
||||
return @js
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -52,6 +52,13 @@ window.os_detect.getVersion = function(){
|
|||
return d.style[propCamelCase] === css;
|
||||
}
|
||||
|
||||
var input_type_is_valid = function(input_type) {
|
||||
if (!document.createElement) return false;
|
||||
var input = document.createElement('input');
|
||||
input.setAttribute('type', input_type);
|
||||
return input.type == input_type;
|
||||
}
|
||||
|
||||
//--
|
||||
// Client
|
||||
//--
|
||||
|
|
@ -203,7 +210,13 @@ window.os_detect.getVersion = function(){
|
|||
// Thanks to developer.mozilla.org "Firefox for developers" series for most
|
||||
// of these.
|
||||
// Release changelogs: http://www.mozilla.org/en-US/firefox/releases/
|
||||
if ('HTMLTimeElement' in window) {
|
||||
if ('DeviceStorage' in window && window.DeviceStorage &&
|
||||
'default' in window.DeviceStorage.prototype) {
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=874213
|
||||
ua_version = '24.0'
|
||||
} else if (input_type_is_valid('range')) {
|
||||
ua_version = '23.0'
|
||||
} else if ('HTMLTimeElement' in window) {
|
||||
ua_version = '22.0'
|
||||
} else if ('createElement' in document &&
|
||||
document.createElement('main') &&
|
||||
|
|
|
|||
|
|
@ -0,0 +1,239 @@
|
|||
require "rex/parser/nokogiri_doc_mixin"
|
||||
|
||||
module Rex
|
||||
module Parser
|
||||
|
||||
load_nokogiri && class Outpost24Document < Nokogiri::XML::SAX::Document
|
||||
|
||||
include NokogiriDocMixin
|
||||
|
||||
def start_element(name, attrs)
|
||||
@state[:current_tag][name] = true
|
||||
case name
|
||||
when "description", "information"
|
||||
return unless in_tag("detaillist")
|
||||
return unless in_tag("detail")
|
||||
record_text
|
||||
when "detail"
|
||||
return unless in_tag("detaillist")
|
||||
record_vuln
|
||||
when "detaillist"
|
||||
record_vulns
|
||||
when "host"
|
||||
return unless in_tag("hostlist")
|
||||
record_host
|
||||
when "hostlist"
|
||||
record_hosts
|
||||
when "id"
|
||||
return unless in_tag("detaillist")
|
||||
return unless in_tag("detail")
|
||||
return unless in_tag("cve")
|
||||
record_text
|
||||
when "name"
|
||||
return unless in_tag("hostlist") || in_tag("detaillist")
|
||||
return unless in_tag("host") || in_tag("detail")
|
||||
record_text
|
||||
when "platform"
|
||||
return unless in_tag("hostlist")
|
||||
return unless in_tag("host")
|
||||
record_text
|
||||
when "portinfo"
|
||||
return unless in_tag("portlist")
|
||||
return unless in_tag("portlist-host")
|
||||
record_service
|
||||
when "portlist"
|
||||
record_services
|
||||
when "portnumber", "protocol", "service"
|
||||
return unless in_tag("portlist")
|
||||
return unless in_tag("portlist-host")
|
||||
return unless in_tag("portinfo")
|
||||
record_text
|
||||
when "report", "ip"
|
||||
record_text
|
||||
end
|
||||
end
|
||||
|
||||
def end_element(name)
|
||||
case name
|
||||
when "description", "information"
|
||||
return unless in_tag("detaillist")
|
||||
return unless in_tag("detail")
|
||||
collect_vuln_data(name)
|
||||
when "detail"
|
||||
return unless in_tag("detaillist")
|
||||
collect_vuln
|
||||
when "detaillist"
|
||||
report_vulns
|
||||
when "host"
|
||||
return unless in_tag("hostlist")
|
||||
collect_host
|
||||
when "hostlist"
|
||||
report_hosts
|
||||
when "id"
|
||||
return unless in_tag("detaillist")
|
||||
return unless in_tag("detail")
|
||||
return unless in_tag("cve")
|
||||
collect_vuln_data(name)
|
||||
when "ip"
|
||||
collect_ip
|
||||
when "name"
|
||||
if in_tag("hostlist") && in_tag("host")
|
||||
collect_host_data(name)
|
||||
elsif in_tag("detaillist") && in_tag("detail")
|
||||
collect_vuln_data(name)
|
||||
end
|
||||
when "platform"
|
||||
return unless in_tag("hostlist")
|
||||
return unless in_tag("host")
|
||||
collect_host_data(name)
|
||||
when "portinfo"
|
||||
return unless in_tag("portlist")
|
||||
return unless in_tag("portlist-host")
|
||||
collect_service
|
||||
when "portlist"
|
||||
report_services
|
||||
when "portnumber", "protocol", "service"
|
||||
return unless in_tag("portlist")
|
||||
return unless in_tag("portlist-host")
|
||||
return unless in_tag("portinfo")
|
||||
collect_service_data(name)
|
||||
when "report"
|
||||
collect_product
|
||||
end
|
||||
@state[:current_tag].delete(name)
|
||||
end
|
||||
|
||||
def record_hosts
|
||||
@report_data[:hosts] = []
|
||||
end
|
||||
|
||||
def record_services
|
||||
@report_data[:services] = []
|
||||
end
|
||||
|
||||
def record_vulns
|
||||
@report_data[:vulns] = []
|
||||
end
|
||||
|
||||
def record_host
|
||||
@host = {}
|
||||
end
|
||||
|
||||
def record_service
|
||||
@service = {}
|
||||
end
|
||||
|
||||
def record_vuln
|
||||
@vuln = {}
|
||||
@refs = []
|
||||
end
|
||||
|
||||
def record_text
|
||||
@state[:has_text] = true
|
||||
end
|
||||
|
||||
def collect_host
|
||||
@host[:host] = @state[:host]
|
||||
@host[:name] = @state[:hname]
|
||||
@host[:os_name] = @state[:os_name]
|
||||
@host[:info] = @state[:pinfo]
|
||||
@report_data[:hosts] << @host
|
||||
end
|
||||
|
||||
def collect_service
|
||||
@service[:host] = @state[:host]
|
||||
@service[:port] = @state[:port]
|
||||
@service[:proto] = @state[:proto]
|
||||
@service[:name] = @state[:sname]
|
||||
@service[:info] = @state[:pinfo]
|
||||
@report_data[:services] << @service
|
||||
end
|
||||
|
||||
def collect_vuln
|
||||
@vuln[:host] = @state[:host]
|
||||
@vuln[:name] = @state[:vname]
|
||||
@vuln[:info] = @state[:vinfo]
|
||||
@vuln[:refs] = @refs
|
||||
@report_data[:vulns] << @vuln
|
||||
end
|
||||
|
||||
def collect_product
|
||||
@state[:has_text] = false
|
||||
@state[:pinfo] = @text.strip if @text
|
||||
@text = nil
|
||||
end
|
||||
|
||||
def collect_ip
|
||||
@state[:has_text] = false
|
||||
@state[:host] = @text.strip if @text
|
||||
@text = nil
|
||||
end
|
||||
|
||||
def collect_host_data(name)
|
||||
@state[:has_text] = false
|
||||
if name == "name"
|
||||
@state[:hname] = @text.strip if @text
|
||||
elsif name == "platform"
|
||||
if @text
|
||||
@state[:os_name] = @text.strip
|
||||
else
|
||||
@state[:os_name] = Msf::OperatingSystems::UNKNOWN
|
||||
end
|
||||
end
|
||||
@text = nil
|
||||
end
|
||||
|
||||
def collect_service_data(name)
|
||||
@state[:has_text] = false
|
||||
if name == "portnumber"
|
||||
@state[:port] = @text.strip if @text
|
||||
elsif name == "protocol"
|
||||
@state[:proto] = @text.strip.downcase if @text
|
||||
elsif name == "service"
|
||||
@state[:sname] = @text.strip if @text
|
||||
end
|
||||
@text = nil
|
||||
end
|
||||
|
||||
def collect_vuln_data(name)
|
||||
@state[:has_text] = false
|
||||
if name == "name"
|
||||
@state[:vname] = @text.strip if @text
|
||||
elsif name == "description"
|
||||
@state[:vinfo] = @text.strip if @text
|
||||
elsif name == "information"
|
||||
@state[:vinfo] << " #{@text.strip if @text}"
|
||||
elsif name == "id"
|
||||
@state[:ref] = @text.strip if @text
|
||||
@refs << normalize_ref("CVE", @state[:ref])
|
||||
end
|
||||
@text = nil
|
||||
end
|
||||
|
||||
def report_hosts
|
||||
block = @block
|
||||
@report_data[:hosts].each do |h|
|
||||
db.emit(:address, h[:host], &block) if block
|
||||
db_report(:host, h)
|
||||
end
|
||||
end
|
||||
|
||||
def report_services
|
||||
block = @block
|
||||
@report_data[:services].each do |s|
|
||||
db.emit(:service, "#{s[:host]}:#{s[:port]}/#{s[:proto]}", &block) if block
|
||||
db_report(:service, s)
|
||||
end
|
||||
end
|
||||
|
||||
def report_vulns
|
||||
block = @block
|
||||
@report_data[:vulns].each do |v|
|
||||
db.emit(:vuln, ["#{v[:name]} (#{v[:host]})", 1], &block) if block
|
||||
db_report(:vuln, v)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -34,14 +34,18 @@ class Mimikatz < Extension
|
|||
])
|
||||
end
|
||||
|
||||
def send_custom_command(function, args=[])
|
||||
def send_custom_command_raw(function, args=[])
|
||||
request = Packet.create_request('mimikatz_custom_command')
|
||||
request.add_tlv(TLV_TYPE_MIMIKATZ_FUNCTION, function)
|
||||
args.each do |a|
|
||||
request.add_tlv(TLV_TYPE_MIMIKATZ_ARGUMENT, a)
|
||||
end
|
||||
response = client.send_request(request)
|
||||
return Rex::Text.to_ascii(response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT))
|
||||
return response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT)
|
||||
end
|
||||
|
||||
def send_custom_command(function, args=[])
|
||||
return Rex::Text.to_ascii(send_custom_command_raw(function, args))
|
||||
end
|
||||
|
||||
def parse_creds_result(result)
|
||||
|
|
@ -63,11 +67,18 @@ class Mimikatz < Extension
|
|||
def parse_ssp_result(result)
|
||||
details = CSV.parse(result)
|
||||
accounts = []
|
||||
|
||||
return accounts unless details
|
||||
details.each do |acc|
|
||||
next unless acc.length == 5
|
||||
ssps = acc[4].split(' }')
|
||||
next unless ssps
|
||||
ssps.each do |ssp|
|
||||
next unless ssp
|
||||
s_acc = ssp.split(' ; ')
|
||||
next unless s_acc
|
||||
user = s_acc[0].split('{ ')[1]
|
||||
next unless user
|
||||
account = {
|
||||
:authid => acc[0],
|
||||
:package => acc[1],
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ class Console::CommandDispatcher::Mimikatz
|
|||
)
|
||||
|
||||
accounts.each do |acc|
|
||||
table << [acc[:authid], acc[:package], acc[:domain], acc[:user], acc[:password]]
|
||||
table << [acc[:authid], acc[:package], acc[:domain], acc[:user], acc[:password].gsub("\n","")]
|
||||
end
|
||||
|
||||
print_line table.to_s
|
||||
|
|
|
|||
|
|
@ -236,7 +236,15 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
when /win/
|
||||
path = client.fs.file.expand_path("%COMSPEC%")
|
||||
path = (path and not path.empty?) ? path : "cmd.exe"
|
||||
|
||||
# attempt the shell with thread impersonation
|
||||
begin
|
||||
cmd_execute("-f", path, "-c", "-H", "-i", "-t")
|
||||
rescue
|
||||
# if this fails, then we attempt without impersonation
|
||||
print_error( "Failed to spawn shell with thread impersonation. Retrying without it." )
|
||||
cmd_execute("-f", path, "-c", "-H", "-i")
|
||||
end
|
||||
when /linux/
|
||||
# Don't expand_path() this because it's literal anyway
|
||||
path = "/bin/sh"
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
@ -34,7 +32,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE', '2011-0923' ],
|
||||
[ 'OSVDB', '72526' ],
|
||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-11-055/' ],
|
||||
[ 'ZDI', '11-055' ],
|
||||
[ 'URL', 'http://c4an-dl.blogspot.com/hp-data-protector-vuln.html' ],
|
||||
[ 'URL', 'http://hackarandas.com/blog/2011/08/04/hp-data-protector-remote-shell-for-hpux' ]
|
||||
],
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'uri'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
@ -42,7 +40,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
Opt::RPORT(8080),
|
||||
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
|
||||
File.join(Msf::Config.install_root, "data", "wordlists", "sensitive_files.txt") ]),
|
||||
File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
|
||||
OptInt.new('MAXDIRS', [ true, 'The maximum directory depth to search', 7]),
|
||||
], self.class)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
@ -43,7 +41,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
Opt::RPORT(8443),
|
||||
OptBool.new('SSL', [true, 'Use SSL', true]),
|
||||
OptPath.new('SENSITIVE_FILES', [ true, "File containing senstive files, one per line",
|
||||
File.join(Msf::Config.install_root, "data", "wordlists", "sensitive_files.txt") ]),
|
||||
File.join(Msf::Config.data_directory, "wordlists", "sensitive_files.txt") ]),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
@ -28,7 +26,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE,
|
||||
'References' =>
|
||||
[
|
||||
[ 'URL', 'http://www.net-security.org/secworld.php?id=15743' ],
|
||||
[ 'URL', 'http://blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html'],
|
||||
[ 'OSVDB', '98370' ],
|
||||
[ 'URL', 'http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5']
|
||||
],
|
||||
'DisclosureDate' => 'Oct 09 2013'))
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -8,10 +8,8 @@
|
|||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
@ -657,7 +655,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
FROM sys.user$
|
||||
where password != 'null' and type# = 1
|
||||
|
|
||||
ordfltpss = "#{File.join(Msf::Config.install_root, "data", "wordlists", "oracle_default_hashes.txt")}"
|
||||
ordfltpss = "#{File.join(Msf::Config.data_directory, "wordlists", "oracle_default_hashes.txt")}"
|
||||
returnedstring = prepare_exec(query)
|
||||
accts = {}
|
||||
returnedstring.each do |record|
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
@ -24,7 +22,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[ 'CVE', '2008-5448' ],
|
||||
[ 'OSVDB', '51342' ],
|
||||
[ 'URL', 'http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html' ],
|
||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-003' ],
|
||||
[ 'ZDI', '09-003' ],
|
||||
],
|
||||
'DisclosureDate' => 'Jan 14 2009'))
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
@ -28,8 +26,8 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[ 'OSVDB', '55903' ],
|
||||
[ 'CVE', '2009-1978' ],
|
||||
[ 'OSVDB', '55904' ],
|
||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-058' ],
|
||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-059' ],
|
||||
[ 'ZDI', '09-058' ],
|
||||
[ 'ZDI', '09-059' ],
|
||||
],
|
||||
'DisclosureDate' => 'Aug 18 2009'))
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
@ -26,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
[
|
||||
[ 'CVE', '2010-0904' ],
|
||||
[ 'OSVDB', '66338'],
|
||||
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-118' ],
|
||||
[ 'ZDI', '10-118' ],
|
||||
],
|
||||
'DisclosureDate' => 'Jul 13 2010'))
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue